When Prime Minister Modi announced his demonetization policy on November 8, 2016, suddenly eliminating 86% of the currency in circulation, it was a sudden shock to the Indian economy, a country where an estimated 98% of all transactions are in cash. It shouldn't
be too surprising that Indians started to embrace mobile wallets and digital banking almost overnight.
Take for instance PayTM, India's largest mobile payment company. Their user base, which was growing steadily by tens of thousands a day before the rupee note shortage, shot up afterwards to half a million a day. Just one month after demonetization was announced,
they added an additional 10 million users, according to PayTM's founder and CEO Vijay Shekhar Sharma, growing their customer base by 7% in less than a month to 160 million.
India is a country where only 17% of the population have smartphones and just over half have bank accounts.
It has an average of 6.7 electronic payments transactions occur per person compared to 249 in Australia, 201 in the UK, and 14 in China. Future growth of mobile payments seems imminent.
But this increase in mobile wallet adoption will be followed by a surge in mobile payment fraud, whose vulnerabilities make it easier for fraudsters to fly under the radar. Fraudsters have already proved themselves to be quite capable of online fraud: as
many as 3.2 million debit cards were compromised this past October as one of the biggest financial breaches ever in India. The breach was thought to originate from malware introduced into the payment systems, which enabled fraudsters to steal consumers' payment
If India is to prepare itself for a mobile payment future, it will need to have a proactive plan for combating mobile payment fraud and protecting its citizens.
In this post, we offer a few suggestions for the Indian banking industry to combat mobile payment fraud and best prepare themselves for a cashless economy.
Banks and mobile wallet providers that wish to integrate into the mobile wallet ecosystem for the long-term must offer a simple yet secure mobile payment experience.
Many banks and mobile wallet providers currently have fraud detection systems in place, which include a combination of authentication, tokenization, and legacy backend fraud detection systems. Others rely solely on rule-based transactions with basic fraud
While mandatory, the existing fraud detection process contributes to increased costs, friction, and a poor customer experience, all of which must be improved upon for mobile payments to thrive in Prime Minister Modi's vision of a cashless economy.
Instead of indiscriminate authentication which negatively impacts the user experience, banks and mobile wallets should embrace robust risk-based authentication for all transaction amounts on mobile devices in the pre-transaction phase. With better visibility
into the payment activity of the user through in-depth behavioral mapping, they can accurately identify fraudulent attempts and trigger authentication only upon these suspicious and risky transactions.
This type of risk-based fraud detection would decrease the associated risk and the cost of antifraud detection systems currently in place. In addition, it will decrease the number of false positives, which will significantly contribute to a more positive
Banks and mobile wallets must have better visibility during the pre-transaction phase to build trust in the mobile wallet payment experience.
If the Indian government truly wishes to transform into a digital economy, it will have to do their utmost not only to create a good experience for the user, but to build a good reputation for mobile wallets. In a country where less than half of the population
have bank accounts, this will be a challenge.
"There are millions of users who have poor awareness of security features in their devices. Attackers can easily target them to carry out frauds - these will be low value per individual, but the volume will be high. This will reduce the level of trust that
people have in online transactions," says Rajat Mohanty, CEO, Paladion Networks, a global cybersecurity company.
That’s even more true for mobile transactions, and incidents such as last year's October breach don't help matters.
"Survivors will be those who provide merchant and user protection. Trusted payment partners are important," says Megha Tyagi, director, large merchant business, PayPal India, the operator of a global online payment system.
Current mobile payment controls still rely on legacy systems that don't allow for the visibility that banks and mobile wallets need. The ability to detect fraud on the mobile device itself in the pre-transaction phase would, for example, allow banks and
mobile wallets to verify that a payment device is connected to the consumer using it for that particular transaction. This would have significant impact on fraud prevention in a country where the government has reported 175 mobile phones stolen every day in
January and February of this year in the capital alone. It would also significantly
decrease the friction and cost involved in traditional fraud detection systems (call centers, OTP, KBA) that involve contacting the consumer directly to validate the transaction.
Towards a Secure Digital Future with Mobile Payments
Demonetization was a huge government reform that will continue to impact the Indian economy and digital banking in years to come. The Indian government has already done a lot to encourage this growth, including setting up millions of citizens with bank
accounts and promoting its own digital mobile payment technologies (e.g. BHIM, AEPS and UPI).
In addition to encouraging the growth of digital technology, however, banks and mobile wallets must have the visibility that they need to ensure a simple and secure mobile payment experience to build consumer's trust. Otherwise, President Modi's vision of
transformation into a digital economy may remain a pipe dream.