Many of us are performing online / merchant transactions over the Internet, Mobile and POS terminal as part of eCommerce transaction. Customer do perform general banking transactions which could be of Domestic Payments or International Cross Border Payments
from the Bank / Fintech platform over the internet.
As part of digital banking initiatives provided by Banks, Financial Institutions and Payment Fintech Companies offer various mode of transaction method which can be utilized by their customer. As they develop application supporting various platform like
Android ,Ios & custom built to cater different needs of customer for transaction initiation.
At the same time there are data breaches, fraudulent transactions performed over the network. As Banks would like to ensure the transaction processed over the network are secured as customer financial data are involved as part of processing.
Challenges faced by Banks / FI’s / Fintech on transaction security:
We will quickly analyse some of the key challenges faced by Banks and FI’s over the security of the transaction.
- Online Payment Frauds, As Bank enable multiple ways to initiate payment transaction by the customer over different channel / Platforms. As part of digital banking initiatives customer are allowed to create virtual cards over the primary
card without exposing the original card details and perform the transaction over the network. Cyber hackers target for such virtual card details and hack over the card details and perform the transaction as per their needs. Merchants / Banks find it more
difficult for to verify that it is the actual cardholder who has made the transaction.
- Triangulation, There are fake online portal created to get the card / Bank account details of the customer and store the critical customer data. Through Triangulation facility will have different parties involved such as fake online portal,
customer and dummy payment gateway to capture the customer details. Once customer places the order in the portal, and provides the bank account information / card details, all information are taken by the hackers. Hackers can initiate any payment / purchase
high value items with the card without customer knowledge, until customer realizes the card details are exposed to external ecosystem.
SOFT in Detail:
SOFT (Security over financial transaction) is more about banks / financial institutions having a complete security control over the financial transactions executed by the customer over the network anytime across any platform. (Net Banking,
Mobile, E commerce). SOFT plays a key role ensuring the transaction are initiated by genuine customers and third parties as part of transaction processing.
Customer should be aware they may face potential risks of duplicate transaction, fake website or transaction failure processed over the network between their financial institution and payment aggregators. There could be various reason for
transaction failure, to name few network failure, delayed response from bank network etc.
Banks would like to capture & monitor the following detail as part of every transaction processed by its customer,
- Transaction origination,
- Platform through which transaction is performed,
- Transaction Authentication Mechanism,
- IP address &
- Transaction date and time.
As the above mentioned details will provide the critical information about the transaction nature for further analysis & investigation to identify the activities happened over the network.
SOFT Mitigation plans:
Banks have to overcome the fraudulent transaction which are happening over the network. As frauds can happen any time, when data are readily available to the hackers. So constant monitoring of payment gateways, data export of customer PII data, data security
breaches , customer frequently change of Mobile number / email address for receiving online OTPs and passwords etc.
Things to be implemented by banks and financial institutions to overcome security over financial transaction are,
- Implement system audit checks on various processes and system at regular intervalsincluding Core Banking application, Domestic Payment gateways, SWIFT payment channels Credit Card application and Mobile apps & Internet banking channels
, Networks where transaction are initiated and processed.
- Enable dynamic customer verification mechanism based on the geo-spatial location of the customer & device through which transaction is been initiated. Based on this combination of customer & device system will do dynamic verification of
customer by way of OTP to mobile or email or with secret question to pass through the transactions. Customer verification logic will be decided by system dynamically based on the
transaction origination, mode of transaction, platform used for the transactionwhich even customer will not be aware what will be the algorithm system uses to know the genuine of customer to complete the transaction. This will help Bank / FI’s
to mitigate financial fraud over the network.
- Virtual reality will play key vital role in Banking.
Enabling facial recognition solution to validate the genuine of customer which will be a tamper proof solution. As part of digital banking initiatives bank offer retail customers to perform transaction over smart phones / E commerce portal / mobile
apps and laptops which are camera enabled.
- Implementation of AI / ML solution banks can create various data models to analyse the transaction patter on customer and channel frequently used by the customer. Based on dynamic algorithms prediction,
system can have auto generated IVR calls to customer registered mobile number or send auto-generated email verification link to customer registered email address for validation of customer and process the transaction. This will help to reduce
the fraudulent transactions over the network.
End of the Day Banks / FI's / Fin techs would like to establish security over all financial transaction performed. Ownership of transaction should be accurate and transparency enhances bank governance and regulatory oversight. This allows
bank to focus on core business competencies and generate customer satisfaction, while compliance and control for financial frauds become a differentiating factor, rather than a costly fines.