Globally, fraud accounted for a massive $16 billion in 2014, which is about the same as the GDP of Iceland. Of this, card issuers lose around 62%. It is also estimated by The Nilson Report that for the five years from 2015 to 2020 global card fraud will total $183.29 billion. In the end, banks and consumers worldwide are the ones footing the bill.
While the system is evolving to make transactions more secure, so are scamsters upgrading their tactics to cheat cardholders, issuers and acquirers. Take a look at Mumbai, the country’s financial hub, and its battle with such offenses. Cybercrime is a large threat with the number of reported cases having shot up by more than 6 times in the past 2 years. Of these, card fraud tops the list. However, it is not even the tip of the iceberg as only 1-2% of actual cybercrime incidents get registered. Even states like Kerala have faced large scale fraud like the recent siphoning of INR 130 cr.
There are simple and not-so-simple ways to tackle fraud. Banks have all but yelled from rooftops to tell customers never to divulge card information, whether on the phone or in person. Yet, it is common for people to scribble the PIN on bills or text them to others to make payments on their behalf. Some fraudsters pose as bank executives and gain access to sensitive information over the phone (vishing). Sharing the card number and CVV over the phone or paying on websites without HTTPS in the address bar is a big no-no. Phishing is commonly used online to get hold of card information while skimmers are used at POS terminals and ATMs. Cardholders must be careful when sharing any such sensitive information and must immediately report it to their bank if they suspect foul play.
RBI has been working on reducing the vulnerability of India’s banking and payment infrastructure by adding layers of security to card present and card not present (CNP) transactions. It has recently instructed banks to migrate to chip-based cards completely to minimize fraud. It has also mandated that by September 2017, all ATMs must accept only chip-based cards. India is one of the countries, even ahead of the US, to adopt EMV cards early and upgrade its acceptance infrastructure. Two factor authentication (2FA) has ensured there are 2 steps to validating transactions, both online and offline. Added layers like OTP, 3D secure code, SMS confirmation etc. help put a cardholder’s doubts to rest.
Payment processors, banks and third party service providers are developing solutions to manage and mitigate risk for banks and merchants. Real time solutions that help monitor each transaction and assess its risk are being implemented by banks. Host Card Emulation (HCE) is another innovation that will become mainstream over the next year. HCE is an on-device technology by which card data is stored on the cloud rather than on the smartphone. With HCE and tokenization, consumers can make payments through their mobile phones without risking card compromise, even if the mobile phone is lost or stolen.
The payments industry is evolving continuously and so must the checks and safeguards that support it. Service providers are working incessantly to bring sophisticated solutions and technology to the changing environment. The payments ecosystem is healthy and trustworthy and, as it grows and adopts new technologies, it needs to continue taking proactive steps to remain so. This is where financial services companies, payment processors and banks need to work jointly in step with the RBI and co-opt consumers through information sharing and education.
The author, Deepak Chandnani is CEO of Worldline South Asia and Middle East.