Digital payment

How to unlock the power of digital payments through security?

Kartik Shinde

EY India Cybersecurity Consulting Partner

4 minute read 21 Dec 2022
Related topics
Cybersecurity
Technology
Consulting
Emerging technology

Strong regulatory focus and multiple governmental headways are enabling payment players to have tides flow in their favor.

In brief

  • Security and convenience are two important customer agendas. 
  • Organizations undergoing digital transformation should have a robust and scalable payment infrastructure.

The payments’ function, along with its operations and technology capabilities, is at the heart of any financial system supporting transactions processing payments for individuals, businesses, and governments. The growth of digital payments in India has piggybacked upon demonetization and the advent of the COVID-19 pandemic. 

Over the last decade, the Indian payments environment has become much more dynamic, creating even greater challenges for financial institutions. Complex regulatory requirements, outdated and poorly integrated legacy systems, pandemic-induced urgency and an increasingly competitive marketplace have all pushed traditional financial institutions to evaluate innovative opportunities for payments transformation. Phenomenal growth in the consumer, SME digital credit access and mounting participation of the retail investors in the stock market are testimonials to it being one of the best digital payments ecosystems of the world in terms of value and volume.

However, the rising trend of digital adoption is being surmounted by the mounting charts of payment frauds such as multiple phishing, malware, fake UPI links and OTP linked frauds is making it a situation of flux. Rise in cybercrime is a menace to the global economy, leading to pernicious effects on businesses and communities. Disruptions in the processing of payment flows is additional threat to the payment systems. As organizations innovate and undergo digital transformation, it is imperative for them to have a robust and scalable payment infrastructure.

Keys risks in payment lifecycle

A firm grasp on the payment life cycle, including points of filure and areas prone to attack, and key payment risks and controls is critical in preventing/detecting a payment fraud. The below are the key risks that need to be addresed throughout a payment lifecycle.

risks-in-payments

How EY can help

The pressure on payments players is real, but the times are exciting. The introduction of newer and quirkier payment methods, industry collaborations, tech advancements and regulatory support are making space for a lot of innovation and best practices in two important customer agendas - security and convenience. Winners shall be the ones who are quicker in finding the delicate balance between the two. With a strong regulatory focus and multiple governmental headways into it, payment players have tides flowing in their favor. Some of these critical drivers include:
 

  • Adoption of PCI DSS 4.0: Developed with a zero-trust philosophy, allowing firms to create their own distinctive, pluggable authentication systems to satisfy the legal requirements for data protection.
  • Introduction of RBI’s digital lending guidelines: Leading to an increase in adoption by Micro, Small & Medium Enterprises (MSMEs). Online lending platforms have gained massive popularity among MSMEs post the pandemic as they could not secure finance through traditional lending institutions and thus had to switch to digital loans.
  • Security layer of tokenization: Credit and debit card tokenization is the procedure of substituting sensitive data with a token, which is randomly generated, one-of-a-kind placeholder, known as a ‘token’.
  • Proposed use of data localization: Data localization may improve India’s governance of payment-related data significantly and is focused on protecting the customer’s interests and data.
     

Government of India on the personal data protection bill
 

The Government of India has released a draft of the Digital Personal Data Protection Bill for public consultation in November 2022. This bill is applicable to processing of digital personal data within the territory of India collected online or collected offline and later digitized. Indian payment security’s growth is driven by a bunch of nurturing initiatives undertaken by the government and regulators for a buoyed funding environment. These aim to offer an ecosystem that is geared up for strengthening the security and compliance design, enhance enterprise security, and proactively monitor and predict fraud monitoring. Organizations, on the other hand, need to play their role as well and invest in effective security measures to enhance growth and underpin their trust in the system.
 

Key recommendations for the industry to up their game in maintaining security and driving customer confidence:
 

Move security beyond the server room and into the boardroom:
 

With the growing number of channels for digital payments and the anticipated exponential rise in customer adoption of these products, the challenge of securing them will only continue to get more complex. The diversity in security maturity across the ecosystem participants only compounds the issue. Real-time payments need real-time security and enhanced fraud detection abilities for organizations. Following are some key areas that organizations across the board must prioritize as a part of their business strategies.

Download the full pdf

PDF (3 MB)

Summary

India has an opportunity to advance the development of its payment system and achieve important national goals, including driving innovation and digitalization, and improving financial inclusion. Digital payments will play a key role in realizing the vision of Digital India and promoting financial inclusion.

About this article

Kartik Shinde

EY India Cybersecurity Consulting Partner

Kartik has over 20 years of experience and is a leading voice for cyber in the financial services segment.
Related topics
Cybersecurity
Technology
Consulting
Emerging technology

Related articles

How can GCCs build operational resilience to stand firm on shifting sands?

EY has identified the key areas for GCC leaders to focus on to strengthen operational resilience. Learn more about the operational resilience strategy.

Kunal Ghatak

How India could become a global higher education hub

Discover how five core strategic pillars would help create a world-class higher education system in India. Learn more about education in India.

Dr. Avantika Tomar

EY Tech Trends chapter VI: how technology is improving speed, access, and efficiency in healthcare

Discover how digital healthcare is driving the future of large-scale public programs. Learn more about the latest trends in healthcare.

Srimayee Chakraborty

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.