In India, especially, with the after-effects of demonetisation leading to a significant increase in online transactions, this space has become a hotbed for fraudsters

Photo Credit : Shutterstock,

Payments industry stakeholders are adopting newer and a more robust security measures. Mahesh Patel, President and CTO, AGS Transact Technologies talks about trends shaping the fraud prevention technology. Excerpts from the interview:

BW: What are the global trends shaping fraud prevention technology and its impact in India

Mahesh Patel: The entire outlook and operation of financial transactions across the globe have undergone a massive transformation. Globally, transactions done within the privacy of a bank are now being done over a click of a button either on a smartphone or computer at any location.

In India, especially, with the after-effects of demonetisation leading to a significant increase in online transactions, this space has become a hotbed for fraudsters.

Therefore, payments industry stakeholders across the globe are adopting newer and a more robust security measures like EMV chip technology, tokenization and encryption security technologies in conjunction, to safeguard their businesses and customers against new and evolving fraud threats.

Digital transactions require banks and Fintech companies to handle sensitive payment information of merchants and customers. This involves high risk as the tactics used by fraudsters is also evolving along with the payments landscape.  

Almost every day, we see increasing cyber-attack incidents as one of the key headlines. The trend of fraud monitoring solutions being deployed will move towards AI induced technologies which track customer behaviour and draw a pattern to assign the risk level for prevention of frauds.

According to a report by Research & Markets, the demand for fraud detection and prevention solutions is expected to witness CAGR of 16.62 percent over the forecast period, to reach a total market value of $19.92 billion by end of 2020.

BW: Elaborate on the comparative analysis between India and global/emerging countries fraud cases/fraud readiness framework.

Mahesh Patel: Even though companies are adhering to PCI compliance with built-in fraud tools to mitigate risk, there will always be a possibility for a data breach as customer awareness plays an important role in the prevention of frauds.

Some of the major frauds that are seen across the world are Vishing, SmiShing, SIM Swap, ATM/Card frauds, Dark Net, Friendly frauds and 1st Party fraud.

ATM and Card frauds are amongst the most common and continuously increasing cases globally. Card skimming one of the oldest tricks is still very much prevalent in India. Hackers have also moved on to using sophisticated technologies to target ATM switches and payment gateways to infect the systems with malware.

Vishing or voice phishing is one of the types of cyber-attacks that have just started to hit India. Another type of cyber scan that is huge in certain parts of Europe, Middle-East, and Africa regions and yet to hit India is SIM Swap.  

What we are also now seeing are more sophisticated attacks on ATMs, where it is infected with malware. The dark-net has a lot of fraud forums, and you can actually buy fraud solutions by the scamsters.

India has taken leapfrog in some of the security measures such as EMV mandate and two factor authentication which is mostly at the cost of customer convenience. Robust and advanced fraud-monitoring platforms that are being used in some of the advanced markets are still missing in Indian market barring a few banks who have implemented it.

In addition to adopting these fraud-monitoring solutions it is also important to manage and maintain it actively with right expertise and by sharing the information sharing across multiple channels and banks.

One of the most important practices being followed in some countries is participation in fraud monitoring forum through which information on frauds occurred recently is shared with other participants in a structured manner to help them prevent similar frauds on their own networks. Such practices are not very popular in India, which is a serious concern.

Furthermore, security and fraud prevention has a cost attached to it. The Indian market needs to be ready for making this investment, especially the public sector entities that are largely driven by the lowest bid factor.

BW: What are the Hitachi Data theft: learnings from this cyber theft? How do the banks need all financial Institutions to adopt and offer cutting-edge/ futuristic/ ultra-secure, seamless transactions experience?

Mahesh Patel: There are various steps.

* Upgrade business technology on a regular basis: Even though companies utilize software and security solutions, they don’t necessarily upgrade the software on a regular basis. It is important to understand that with every update, security firms and software providers enhance their solutions and put in place a better solution to fight the evolving security risks

* Protect data on devices with encryption and maintain data back-ups: Since many companies offer mobility solutions to their employees to give greater work flexibility, it is important that they have remote access to these devices to completely wipe out the data in case of any data breach or stolen device

* Educate: Educate customers as well as employees on safe practises for making digital transactions.  They need to be aware about the red flags and how to take precautions to avoid such incidents

* Put in place a weekly risk analysis practice and operationalize the company’s incident risk assessment and breach response processes

* Act quickly and protect the vulnerable systems: in case of any malware attack, a company needs to be quick to react and immediately protect the systems that haven’t yet been affected by the malware

* Set guidelines for level of security with third-party vendors: Align your business associates or third-party vendors into applying the security best practices into their business. It’s crucial that your vendor maintains the same level of security as your company to ensure that your data with third party is protected as well.

BW: What is the need of the hour for fraud prevention?

Mahesh Patel: In the light of the recent cyber-attacks, including world’s largest data breach at a leading payments services provider, and the recent WannaCrypt ransomware attack, there is no doubt that fraud detection and prevention is one of the key concerns for companies across the globe.

Cyber criminals are using innovative techniques and solutions to target firms and to a very large extent succeeding in their methods of data theft, laundering, etc.  

To encourage customers to continue with digital transactions and online payments, it is a must to provide them with secure and safe transactions. Effective security and elimination of fraud is the key to maintaining stability and viability of many businesses.

Fraud prevention has different layers such as physical security, network security, application security, staff scanning, customer behaviour and transaction monitoring. Most companies follow security best practices as per PCI guideline for the first 4 layers but miss out on driving the customer behaviour as well as transaction monitoring.

Transaction monitoring is important for issuers as well as acquirers since frauds can occur on both ends of the transactions. Staff monitoring is another important aspect that many banks miss out and it is important since most of the large scale frauds have insider involvements.  

These days, Fintech firms are constantly providing innovative and advanced solutions to address the global challenges pertaining to transaction security on a real time basis.