EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
How EY can help
The pressure on payments players is real, but the times are exciting. The introduction of newer and quirkier payment methods, industry collaborations, tech advancements and regulatory support are making space for a lot of innovation and best practices in two important customer agendas - security and convenience. Winners shall be the ones who are quicker in finding the delicate balance between the two. With a strong regulatory focus and multiple governmental headways into it, payment players have tides flowing in their favor. Some of these critical drivers include:
- Adoption of PCI DSS 4.0: Developed with a zero-trust philosophy, allowing firms to create their own distinctive, pluggable authentication systems to satisfy the legal requirements for data protection.
- Introduction of RBI’s digital lending guidelines: Leading to an increase in adoption by Micro, Small & Medium Enterprises (MSMEs). Online lending platforms have gained massive popularity among MSMEs post the pandemic as they could not secure finance through traditional lending institutions and thus had to switch to digital loans.
- Security layer of tokenization: Credit and debit card tokenization is the procedure of substituting sensitive data with a token, which is randomly generated, one-of-a-kind placeholder, known as a ‘token’.
- Proposed use of data localization: Data localization may improve India’s governance of payment-related data significantly and is focused on protecting the customer’s interests and data.
Government of India on the personal data protection bill
The Government of India has released a draft of the Digital Personal Data Protection Bill for public consultation in November 2022. This bill is applicable to processing of digital personal data within the territory of India collected online or collected offline and later digitized. Indian payment security’s growth is driven by a bunch of nurturing initiatives undertaken by the government and regulators for a buoyed funding environment. These aim to offer an ecosystem that is geared up for strengthening the security and compliance design, enhance enterprise security, and proactively monitor and predict fraud monitoring. Organizations, on the other hand, need to play their role as well and invest in effective security measures to enhance growth and underpin their trust in the system.
Key recommendations for the industry to up their game in maintaining security and driving customer confidence:
Move security beyond the server room and into the boardroom:
With the growing number of channels for digital payments and the anticipated exponential rise in customer adoption of these products, the challenge of securing them will only continue to get more complex. The diversity in security maturity across the ecosystem participants only compounds the issue. Real-time payments need real-time security and enhanced fraud detection abilities for organizations. Following are some key areas that organizations across the board must prioritize as a part of their business strategies.