Home > Finance > View: Stop credit card tricks

View: Stop credit card tricks


The advent of digital payments held the prospect of limitless convenience and incomparable value. In less than a decade, under the aegis and encouragement of the government, payment terminals, online checkout, QR (quick response) codes and P2P (peer-to-peer) mobile payments became ubiquitous in urban and semi-urban India. At the same time, to establish that cashless payments were gifts that kept on giving, banks, mobile wallets and ecommerce platforms fiercely competed to hand out profligate discounts and incentives to convert the bargain hunter when they could not convince the sceptic.Mesmerised by their own hyperbole, however, these champions of convenience and value missed the wood for the trees. This was an unforgivable oversight because the bedrock of payments is, and always has been, security. Without this foundation, digital commerce is neither convenient nor valuable.It should come as no surprise, therefore, that RBI has announced new rules to take care of part of this problem. In the wake of mounting digital fraud and data theft — including January’s 100 million credit and debit cardholders’ data breach at Juspay, which manages payment processing for India’s largest ecommerce merchants like Amazon, Flipkart and Swiggy — the central bank has mandated that, except for banks, card-issuing non-banking financial companies (NBFCs) and payments banks, no online companies or payment aggregators will be allowed to maintain credit or debit card details in their databases for remote transactions.This severely affects one-click checkout and recurring billing, because cardholders would be forced to enter their complete payment credentials every time they initiate a transaction, instead of confirming their three-digit card verification value (CVV) code as they do today. Naturally, the industry is up in arms. It has claimed that this new imposition would cause ‘large-scale interruptions in consumer experience, business operations and digital payments adoption’.But to denounce this new requirement as the single greatest deterrent to the growth and credibility of digital payments is to ignore the many instances of fraud and data compromise that have already made people fearful of their digital vulnerabilities. Similarly, its claim that this ‘deprecated consumer experience would increase the number of grievances and escalations’ is somewhat disingenuous. It presupposes that a large part of these disputes is necessarily linked to stored card payment details.Be that as it may, RBI’s unshakeable resolve to pursue this plan needs to be viewed in light of the events of the past year. The occasional patronage of digital merchants in the early days of the Covid-19 pandemic became habitual, as people’s fears about physical proximity and cash-handling resulted in enhanced online purchases. But along with this digital shift, card fraud — related to shopping, Covid-19 treatment and charity — has grown exponentially. By some estimates, global losses may have crossed $200 billion in 2020.If this appears discomfiting, the future seems even more threatening. Indian ecommerce is expected to grow from $61.1 billion in 2019 to about $96.5 billion by 2023, with credit and debit cards accounting for about 31% of this value.As the total digital payments’ pie is expected to be more than three times this size, and ‘buy now, pay later’ offers gain broader acceptance among both consumers and MSMEs, the uninhibited rise of online fraud is guaranteed.Once smart cards — chip and PIN (personal identification number) cards —became de rigueur for debit and credit cards, identity theft and payment fraud at physical point-of-sale became increasingly more difficult. No such real improvement has occurred in the online space. The argument by larger industry players that they should be let off the hook because they are Payment Card Industry Data Security Standard (PCI-DSS)-compliant is a facile one.Hackers have become increasingly more sophisticated, deploying algorithms that use machine learning (ML) to overcome prescribed security defences and to circumvent rules-based fraud detection systems.It is precisely because data theft and payment fraud at the point of transaction is more difficult than hacking databases that house card data, the future of card security lies in tokenisation.This enables a merchant to share card numbers with the issuing bank, which then exchanges the 16-digit card numbers for randomly generated sets of numbers (tokens), which cannot be decrypted without individual encryption keys.The actual account details are stored by the bank in a token vault. The advantage of this system is that online merchants never store account details, and one-click checkout is absolutely safe.Though RBI’s Master Direction on Digital Payment Security Control (bit.ly/3uqrjHj) reads like a hodgepodge pastiche of the Payment Card Industry Data Security Standard (PCIDSS) website, it clearly outlines its fears around online payment security and the woefully inadequate fraud warning infrastructure that all but the most robust banks maintain. By ensuring that only card-issuing entities are allowed to store payments credential data, they have laid the groundwork — however expensive or time-consuming —that may lead to tokenisation, or some other form of encryption technology.In the end, the comfort of security is worth infinitely more than the pain of spending an extra minute at checkout. If you abandon the shopping cart, your intended purchase was probably irrelevant anyway. Only an online hacker will try to convince you otherwise.The writer is former head, Citi Merchant Services, US

Source link

TAGS , , , ,
Hi guys, this is Kimmy, I started LicensetoBlog to help you with the latest updated news about the world with daily updates from all leading news sources. Beside, I love to write about several niches like health, business, finance, travel, automation, parenting and about other useful topics to keep you find the the original information on any particular topic. Hope you will find LicensetoBlog helpful in various ways. Keep blogging and help us grow as a community for internet lovers.