Digital payment providers to fix firewalls
Nishant Arora and Sourabh Kulesh speak to major players in the digital payments game to ascertain how they seek to strengthen their security architecture as transactions swell
At a time when the cyber vulnerability in the payment gateways of e-wallet companies are becoming visible as they witness a rise in usage and popularity, upgraded security is the only way to safeguard millions of first-time users.
In December, the Central Bureau of Investigation (CBI) registered a case against 15 Paytm customers for allegedly cheating the digital wallet of Rs 6.15 lakh ($9,000). This was done on a complaint by Paytm's parent company One97, which is backed by China's Alibaba Group.
The case was registered under various sections dealing with criminal conspiracy, forgery, etc. -- and under provisions of the Information Technology (IT) Act.
According to top company executives, wallet security has been a prime concern for them post-demonetisation as transactions have grown manifold.
"No one can actually hack into our servers and steal data or money because there are different levels of security," Deepak Abbot, Senior Vice President at Paytm, said, adding that they have intrusion-detection programmes by third-party security experts that regularly check the systems for any vulnerability.
Paytm claims to have over 177 million users (as of December 2016) and has handled nearly one billion transactions last year.
According to Abbot, the number of transactions at Paytm is up three times as compared to the figures recorded before demonetisation and the volume has grown 3.5 times.
"Paytm saw 14-15% growth monthon-month even before demonetisation. When the cash situation improves in the country, we may not see a 100% growth, but we will settle for a much higher percentage of growth," Abbot said.
Abbot pointed out that the Paytm wallet is PCI-DSS certified which a proprietary information security standard for organisations is dealing with online transactions.
"As per the RBI guidelines, every wallet needs to keep the users' money in an escrow account. So even if the escrow account is of Paytm, the company cannot access it. Also, on a daily basis, the company has to share the transaction data with RBI. We are as transparent as can be because of the rules and regulations," Abbot noted.
According to Rohan Khara, Director of Product, Mobikwik, their user base has crossed 45 million, and they are witnessing five million transactions daily.
"Mobikwik takes security very seriously. It is PCI-DSS and ISO27001 certified, takes care of the various information security measures to ensure the security of the application and protects its business from emerging threats and frauds," Khara said.
"We are soon launching a PIN with which users can access their account through an alternate number in case of a lost phone," Khara added. Digital payments platform Freecharge recently announced India's first e-wallet protection plan for its users. Under this, the underlying wallet balance of all the customers will be insured up to a limit of Rs 20,000 as long as the user is transacting at least once a month.
"The facility, in partnership with Reliance General Insurance Company Limited, will be offered free-of-cost to all users. This move by Freecharge is another step in safeguarding the money in the event of theft or loss of phone," Govind Rajan, Chief Executive Officer, Freecharge, said.
The number of cards and addresses saved on digital payments platform Freecharge has now crossed 70 million.
Since demonetisation, Freecharge saw frequent users jump from about five times a month to more than 15 times a month. It has also seen a fourfold surge in web traffic and a threefold surge in app downloads.
Freecharge saw a 15% monthon-month growth (average daily) on consumer acquisition pre-demonetisation, and now it has grown to 200%.
Security experts emphasise that as the numbers grow, newer forms of vulnerabilities will be exposed in the payment gateways, suggesting that upgraded security is the only way to safeguard small and medium businesses from losing their hard-earned money.
According to Abbot, first-time users are more exposed to digital frauds.
"Just like customers reveal their passwords or OTPS in the banking system to unidentified people, they are doing it in the case of mobile wallets as well. Fraudsters are calling people saying they are from Paytm and extracting money from the users," Abbot pointed out.
Citing the main reason why bank apps have not fared well till date, Abott said banks have the consumers, but they do not have the merchant base.
"With Paytm having nearly 65% market share, we are absolutely not worried about the competition because it takes time to build a base. In fact, we will be happy if a worthy competitor comes up," Abbot said. (The views expressed are strictly
personal.)
Security experts emphasise that as the numbers grow, newer forms of vulnerabilities will be exposed in the payment gateways, suggesting that upgraded security is the only way to safeguard small and medium businesses from losing their hardearned money