BANKS RELY ON AI AS DIGITAL TRANSACTIONS GROW, AND METHODOLOGY OF FRAUDS EVOLVES
India’s digital transactions continue to see rapid growth, and that translates to big volumes. Alongside, methods of frauds to draw some money out of you are becoming smarter. The numbers give us a sense of the volumes of digital payments India does, for shopping and money transfers. Official figures peg 131 billion UPI transactions in financial year 2024, amounting to ₹199.89 trillion in value. In the same period, credit card transactions totalled ₹18.26 trillion in value.
Don’t click a link sent in a message, is a very on-point advice by Manish Agrawal, the head of credit intelligence and control at HDFC Bank. It is easy to fall prey to bad actors eyeing your money. An unknown sender’s message with a malicious link, inviting you to invest for high returns. Avoid, since its designed to drain your bank account. The age-old advice of not sharing one-time passwords or OTPs and not downloading unofficial banking apps too still holds relevance in an age of digital transactions.
A question then arises, how do banks, card networks and payment platforms keep every online or offline transaction secure, from when a buyer taps their credit card or UPI pin, till the money reaches a merchant?
Big volumes mean big risks too, and not all are equal. On April 24, the Reserve Bank of India (RBI) barred Kotak Bank from issuing new credit cards for now, due to “the absence of a robust IT infrastructure and IT Risk Management framework.” It draws on a mix of factors, including reliability of the bank’s infrastructure alongside a resilience to the growing needs of digital payments.
Other banks too, have faced similar action over the years.
“Our general observation across the BFSI industry is that many process controls are done in letter (and not in spirit) for maintaining timely rollout of new products or features. However, periodic follow-ups and closures are required to be conducted by all players in the ecosystem to ensure vulnerabilities are sealed,” points out Anil Tadimeti, strategy lead at Bureau, a fraud and identity decisioning platform.
Agrawal explains there are multiple methods of authorisation and authentication for digital payments, and those “A’s” form a core. For UPI, authentication is a user’s phone and SIM which a bank can identify from the time of setting up a UPI account; while authentication is ticked off with a correct PIN to complete the transfer of funds. “RBI have comprehended India’s payments infrastructure very well, relying on three principles – speed, safety and seamlessness,” he notes.
Once a payment is set in motion, encryption is needed. Card networks have worked with banks and payment platforms, to build card tokenisation. This simply means, for any credit or debit card used for online payments, actual card details are replaced by a unique code called token. It will not reveal a user’s actual card details.
Visa Secure, Mastercard SecureCode, Diners ProtectBuy and American Express SafeKey are additional two-factor authentications for online transactions using cards.
“At Visa, we have invested over $10 billion over five years to address the threat of digital payments scams. Each transaction on the Visa network activates multiple layers of security to safeguard the money and privacy of our consumers,” says Vipin Surelia, Vice President and Head of Risk Services, Visa India and South Asia. He says new measures helped block $40 billion worth of fraudulent transactions globally, in FY2023.
Increased threat of frauds
RBI is watching India’s digital payments system actively, and with good reason. To be able to detect all attempts at fraud isn’t easy for any digital payments user, something Joy Sekhri, who is Vice President for Cyber & Intelligence Solutions for South Asia at Mastercard, illustrates.
“Domestic payment frauds increased by 70.64% to ₹2,604 crore during the six-month period ending March 2024, from ₹1,526 crore in the same period last year. In fact, India is ranked among the top 10 nations affected by cybercrime,” he says.
A new favorite for scamsters, is to send links to vulnerable users via an SMS, asking them to enter their UPI pin or card CVV codes, to receive money from someone who owes them. Neither detail is required to receive money.
Payment platforms and apps are building additional layers of security, as a collective effort of the payments ecosystem. Shankey Poddar, Product Manager for Safety at Google Pay in India says, “App security and risk checks kick in the moment you initiate onboarding. There are checks and balances in place, whether you are trying to receive money or send money.”
It is not just an increase in volume, but methods of fraud are evolving rapidly, which is worrying. Card network Visa’s latest report, “Fraudulese: The Language of Fraud” notes nearly 75% of consumers are likely to miss red flags about malicious links or shady payment platforms, including suspicious messages, wonky webpage formatting or missing contact info.
Scams now target a human more than a payment method, to build their attack. “Most of these scams follow a template of taking advantage of a user’s emotional vulnerability and technological awareness. A promise of a pay-off, a threat of account suspension, or a sense of urgency are generally emotions on which dupes are based,” says Rohit Taneja, founder and CEO of Decentro, a banking infrastructure company.
Can AI be useful?
With a diverse medley of ransomware attacks, identity theft, romance scams, fictitious online deals, investment promises and lottery, cybercriminals are working with an increased level of sophistication. Digital payments now rely on artificial intelligence (AI) to counter threats.
Agrawal tells us every credit card transaction is monitored by AI and any varying patterns or swipes at known dodgy merchants are flagged for human intervention. These include blocking transactions and contacting the card holder.
Card networks are building measures too. For example, Mastercard’s Brighterion network agnostic transaction fraud monitoring solution uses AI for early detection of signs of fraud in a payment flow. Google Pay’s Poddar confirms the platform uses AI expensively to detect potential frauds.
The problem is, bad actors are using these tools too. “The integration of AI and machine learning has further increased the complexity of cyberattacks. Cybercriminals can now leverage these technologies to automate tasks, enhance their evasion techniques, and develop customized malware,” warns Mastercard’s Sekhri.
Yet, as research firm Accenture in its latest report titled “The age of AI: Banking’s new reality” warns, “With insufficient controls, generative AI could facilitate unauthorized access to and use of confidential information which is used to train LLMs.” That’ll mean increased vulnerabilities and data leakage.
A balancing act is in progress, one that wouldn’t be easy to achieve.
Read more news like this on HindustanTimes.com
2024-05-07T05:30:10Z dg43tfdfdgfd