Subscribe To Newsletter
[newsletter_signup_form id=1]
Connect with us
Totalityre

RealtyGURU

Guide To Secure Online Payments To Avoid Fraudsters

Since rent payment is P2P (peer to peer), strong fraud prevention mechanisms need to be in place.

Published

on

Anand Thakur

The existence of online payments goes as far back as 1994 when Internet Shopping Network and NetMarket pioneered online retail transactions.

And there is no debating the fact that E-commerce today would not be where it is if not for the availability of online payment systems. Internet banking has been the other big beneficiary of the large-scale acceptance of online. As of September 2020, SBI alone has more than 80 million Internet banking users.

However, this journey has not just been a challenge of handling scale via technology. As more and more users adopted online means of payment, this started attracting unwarranted attention from hackers and fraudsters. Fintech companies had to set up elaborate security and anti-fraud frameworks not just for compliance but also to gain customer confidence.

While most standard security frameworks have become commoditised, antifraud frameworks are still evolving and AI will play a huge role in this. 

Web Application Firewalls

WAFs are the first line of defence against any security threat. They shield the origin servers by blocking suspicious traffic. Some WAFs provide an added layer of security by deflecting DDoS attacks.

MFA

While multifactor authentication is mandated by banks, most Fintech portals implement MFA at other places like login, editing account information etc.

Encryption

Encryption of data both in transit and at rest is critically important and should be done using unbreakable public/private key encryption methods. Wherever possible one should use one-way encryptions.

Testing, testing & more testing

Regular vulnerability analysis and penetration testing are important to ensure exploitable vulnerabilities do not creep into the application. White hat hackers / red teams should be engaged to manually attempt break-ins as well.

Compliance standards

Compliance standards like PCI DSS and other standards (like ISO 27001:2013, NIST 800-100) usually cover most of the points mentioned above and are mandatory especially if you store payment instrument details like credit card data.

Fraud detection and mitigation

Fraudsters present a different challenge altogether as opposed to hackers. Fraudsters are typically not blocked using the security protocols above simply because they target the weakest link in the entire chain: the human part i.e. the customer directly. A typical example would be using a stolen credit card to make a transaction and duping the credit card holder by making them reveal the OTP.

Case study:

One of our group company recently forayed into Fintech when they started accepting rent payments on their platform. This presented a unique set of challenges for them as opposed to regular e-commerce transactions:

  1. Since rent payment is P2P (peer to peer), strong fraud prevention mechanisms need to be in place. Especially because the average transaction value is very high as well.
  2. With high value transactions and wafer-thin margins, room for error is zero. One bad day can ruin numbers for the entire year.

To mitigate these risks they put together a ‘risk control engine’ for both proactive & reactive addressal.

Based on various smart algorithms users are divided into green, amber & red risk profiles. Whilereds’ are blocked altogether, ‘ambers’ have to go through a KYC process before making a transaction. Profiles change dynamically depending on historical data and other factors. 

They also developed dynamic monthly thresholds both for value and number of transactions based on mobile numbers, devices, email ids etc.

As reactive measures, they automatically block specific devices, IP addresses, mobile numbers, account numbers, IFSC codes etc whenever they get flagged. These can be only be restored manually after a go-ahead from the risk team. 

These measures led to a drastic drop in suspected fraud transactions.

It is critical that the payments security space keeps on evolving. As cheaper data services lead to deeper Internet penetration in India, the true financial impact of this can be realised only when these Internet users start transacting online. That can happen only by building consumer confidence with secure and fraud-free transactions.

DISCLAIMER: The views expressed are solely of the author and RealtyNXT.com does not necessarily subscribe to it. RealtyNXT.com shall not be responsible for any damage caused to any person/organisation directly or indirectly.

ALSO READ: Panvel To Become A Premium Pin Code Of MMR Region

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending

© 2021 RealtyNXT | All Rights Reserved.