India Markets closed

To protect digital payments from frauds, PCI aims to make your card data valueless

Amitava Chakrabarty
digital payments, data security, data breach, PCI Security Standards Council Forum, PCI SSC, demonetisation, UPI payments, mobile banking, mobile wallets, prepaid payment instruments, PPI, debit cards, credit cards

As India takes a quantum jump towards a cashless or less-cash society, especially after demonetisation, the instances of digital payment both online and card frauds are on the rise.

According to the Reserve Bank of India (RBI) and India Macro Advisor (IMA) data, there was 330 per cent rise in UPI payments in 2018 over 2017, about 388 per cent increase in mobile banking, about 244 per cent increase in mobile wallets and over 569 per cent increase in prepaid payment instruments (PPI) over the same period.

Acknowledging the growth, Infosys Co-Founder and Chairman Nandan Nilekani, who is also the Chairman RBI Committee on Digital Payments, in an interview with PCI Security Standards Council, said, I think a lot of very interesting and exciting things have already happened in the payments space and in the last couple of years, there has been a dramatic expansion of people having cards or other forms of payment, more retail points accepting cards, POS devices and so on.

However, the growth rates in debit and credit card payments in 2018 were relatively steady over 2017 at 23.57 per cent and 27.91 per cent respectively, reveled the RBI and IMA data.

While addressing the PCI Security Standards Council (PCI SSC) Forum on payment data security in New Delhi on Wednesday, PCI SSC Associate Director in India, Nitin Bhatnagar said, As there has been a steady increase in the number of cashless transactions in India, chances of cyber attacks have also increased. The 2019 India Forum is the latest of several initiatives by the PCI SSC to increase awareness and adoption of PCI Security Standards in the country.

Not only in India, but according to a Nielson report, fraudsters have siphoned off $32.96 billion worldwide from customers’ pockets by stealing digital payment data.

What’s more frightening is that according to a WEF report, the instances of data breach is highest in India due to lax cyber security even as the number of digital payment transactions in India touched 244.81 crore in August 2018, more than three-fold rise from October 2016, underlining the massive adoption of digital payment modes over the last two years.

For all of us working in the digital payments network, the real challenge is to create a robust ecosystem that consumers can trust. While we need innovations to continue our march towards a cashless economy, we cannot afford to fall back on security. As the volume of transactions continues to grow in India, payment data security must be a top priority, stressed Bhatnagar.

Founded in 2006 by American Express, Discover, JCB International, MasterCard and Visa Inc, PCI SSC maintains, evolves and promotes Payment Card Industry standards for the safety of cardholder data across the globe.

At the time of completing a digital payment either by punching PIN or OTP, only the amount appears on screen of POS machine, while and vendor’s name along with the amount appears on mobile screen. So, a customer can’t figure out if the code is punched at a secured platform or not. When asked if the PCI logo along with the amount would ensure more authenticity Logo can be copied by anyone, said PCI SSC International Director Europe Jeremy King, adding, The role of PCI SSC is to lay out security standards for digital payment process and to ensure that all the stakeholders of the process including banks, vendors, payment gateways, merchants etc comply with the standards to prevent any frauds and make customers tension free.

However, digital payment fraudsters have become more organised and often outsmart the developers of security systems, resulting in data breaches and losses for customers.

So, what would be the ultimate solution to stop data breach instances to wipe out the menace?

As fraudsters use the stolen data for monetary gains, PCI SSC Executive Director Lance J. Johnson said, Our goal is to devaluing data, so that stolen data can’t be monetised for fraudulent gains.