Reading Time: 4 minutes
As online transactions increase so does cybercrime. Consider this: last year, over 40 billion transactions were conducted in India making it the largest in terms of transaction volumes. The surge in online transactions comes about due to the increasing adoption of new-age technologies that make frictionless and seamless user experience during checkout a possibility.
Taming the fraudulent monster
As per RBI’s Annual Report 2021–22, the volume of frauds reported by financial institutions (FIs) via cards and internet banking showed a 34% increase, i.e. 3,596 incidents in 2021–22 compared to 2,677 frauds in 2019–20. For example, Authorised Push Payment (APP) fraud is a menace that is being increasingly reported by FIs and banks.
The value of fraudulent transactions in 2021–22 swelled to INR 1.55 billion, 20% higher than INR 1.29 billion in 2019–20. Payment frauds as a percentage of total digital payments increased from 0.008 bps in 2019–20 to settle at 0.0089 bps in 2021–22. While the numbers aren’t alarming right now, it’s critical that steps are taken to control the fraud menace, especially as the Indian digital payments ecosystem hurtles towards greater digital maturity.
Data overload and its perils
Multiple factors are behind the increased fraud risk, especially the lack of adequate awareness. Another key reason is the ‘data explosion’. With voluminous data processing- personal, financial and identity-related information of customers, due to fund constraints, certain payments providers make the costly mistake of having minimal server controls, opting for low-cost security protection, overlooking the need to implement encryption tools or worse, store and transfer data through unsecured networks.
All of this can result in compromised fraud detection and prevention measures. Above all, it is important for customers to be well-informed and familiarize themselves with evolving payment technologies to avoid falling prey to fraud manipulation.
Types of fraud
It’s a known fact that understanding the cause and effect is the best way to understand problems. Here are the common types of fraud:
In case of identity theft, fraudsters access confidential user data consisting of KYC details or bank account details and illegally initiate payments or execute transactions without the authorization of the original customer. Through data breaches and hacking, sensitive data of customers is leaked into the dark web, which falls into the wrong hands and leads to financial fraud.
While digital twins bring multiple benefits, these data imposters may pose as bank officials and trusted acquaintances to siphon off funds from bank accounts and avail credit facilities without user permission.
Here, cybercriminals pose as bank personnel and make unsuspecting customers complete their e-KYC in order to avoid interest penalties or account closure. While the customer is completing the process through the malicious link sent by email or text, the fraudsters gain illegal access to account details via the OTP shared and perform illegal transactions.
The customer mistakenly assumes the fake website or fake app to be the actual bank website. It is important to use only original websites with the secure lock symbol. According to reports, there are thousands of fake apps on iOS and Play Store to cheat vulnerable users.
This is a hacking tool whereby hackers install malicious software or trojan apps at the checkout pages of an application to illegally access confidential customer data like card numbers, CVV, etc. This fraud is common where e-commerce websites deploy third-party payment gateways, and the customer is navigated to a third-party server for payments.
Via QR codes
QR codes are popular payment modes in small Kirana shops and corner stores across India. In 2020-21 itself, the number of Bharat Quick Response (QR) codes stood at 49.7 lakh. Under this fraud, cybercriminals resort to sending fake QR codes, whereby the money is wrongly transferred into the fraudster’s bank account.
In this kind of fraud, a group of fraudsters gain access to the network of the payments provider and self-initiated transactions or alter customer instructions.
Fake remote assistance
Under the disguise of technical troubleshooting assistance, cybercriminals take remote control of the device to access confidential data. The unsuspecting customer gets an email or SMS with a link to be clicked to download the remote support app. Once the customer confirms the code, the fraudster debits the money from the bank account.
Unauthorised takeover of Account
Under this, the fraudsters illegally steal login credentials after changing the password of the customer as the first step before carrying out illegal financial transactions.
Attack perpetuated through Botnet
Bots are malicious software that is injected into a network of computers or linked applications to launch a series of attacks on the system as a whole. This is undertaken by overcoming the organizational security guardrails and penetrating individual devices to access sensitive information. The bots are downloaded via pirated software or virus links from email attachments.
Early detection is the panacea for rising fraud
Given the convenience, ease of use and seamlessness in online payments, both end-users and businesses will jump on the digital bandwagon. According to news reports, as more customers ditch cash to pay online, the country’s real-time payment share of global payment volumes will soar to over 70% by 2026.
Unfortunately, the internal control processes and firewall safeguards fail to keep pace with the scale and speed of digital transformation, resulting in exposing the system vulnerabilities to fraudsters. Early warning signs and red flags that indicate fraud should be addressed and resolved promptly to avoid snowballing effects and deeper financial loss.
Walking the fine line to block fraud
While too much regulation can be counterproductive, too little security protection can cause serious financial consequences. Recognizing the importance of data privacy and fraud mitigation, the Indian Government has announced multiple reforms, like the Personal Data Protection Bill 2019. Timely fraud detection and fortifying security infrastructure would aid in further strengthening customer trust in the payments space.
Concluding thoughts on Fraud Detection
To avoid payments-related frauds, it would be prudent for merchants to maintain proper cyber hygiene including changing passwords at a regular frequency, taking insurance and installing a convenient plug-and-play payments software like Simpl that offers an added layer of encryption protection, without the need to enter any kind of confidential financial details. When it comes to matters of fraud, prevention is always better than cure.