Digital payment providers to fix firewalls as transactions swell

At a time when the cyber vulnerability in the payment gateways of e-wallet companies are becoming visible as they witness a rise in usage and popularity, upgraded security is the only way to safeguard millions of first-time users.

In December, the Central Bureau of Investigation (CBI) registered a case against 15 Paytm customers for allegedly cheating the digital wallet of Rs 6.15 lakh ($9,000). This was done on a complaint by Paytm's parent company One97, which is backed by China's Alibaba Group.

The case was registered under various sections dealing with criminal conspiracy, forgery, etc. -- and under provisions of the Information Technology (IT) Act.

According to top company executives, wallet security has been a prime concern for them post-demonetisation as transactions have grown manifold.

"No one can actually hack into our servers and steal data or money because there are different levels of security," Deepak Abbot, Senior Vice President at Paytm, told IANS, adding that they have intrusion-detection programmes by third-party security experts that regularly check the systems for any vulnerability.

Paytm claims to have over 177 million users (as of December 2016) and have handled nearly one billion transactions last year.

According to Abbot, the number of transactions at Paytm is up three times as compared to the numbers recorded before demonetisation and the volume has grown 3.5 times.

"Paytm saw 14-15 per cent growth month-on-month even before demonetisation. When the cash situation improves in the country, we may not see a 100 per cent growth, but we will settle for a much higher percentage of growth," Abbot told IANS.

Abbot pointed out that the Paytm wallet is PCI-DSS certified which is a proprietary information security standard for organisations dealing with online transactions.

"As per the RBI guidelines, every wallet needs to keep the users' money in an escrow account. So even if the escrow account is of Paytm, the company cannot access it. Also, on a daily basis, the company has to share the transaction data with RBI. We are as transparent as can be because of the rules and regulations," Abbot noted.

According to Rohan Khara, Director of Product, MobiKwik, their user base has crossed 45 million and they are witnessing five million transactions daily.

"MobiKwik takes security very seriously. It is PCI-DSS and ISO27001 certified, takes care of the various information security measures to ensure the security of application and protects its business from emerging threats and frauds," Khara told IANS.

"We are soon launching a PIN with which users can access their account through an alternate number in case of a lost phone," Khara added.

Digital payments platform FreeCharge recently announced India's first e-wallet protection plan for its users. Under this, the underlying wallet balance of all the customers will be insured up to a limit of Rs 20,000 as long as the user is transacting at least once a month.

"The facility, in partnership with Reliance General Insurance Company Limited, will be offered free-of-cost to all users. This move by FreeCharge is another step in safeguarding the money in the event of theft or loss of phone," Govind Rajan, Chief Executive Officer, FreeCharge, told IANS.

The number of cards and addresses saved on digital payments platform FreeCharge has now crossed 70 million.

Since demonetisation, FreeCharge saw frequent users jump from about five times a month to more than 15 times a month. It has also seen a fourfold surge in web traffic and a threefold surge in app downloads.

FreeCharge was seeing a 15 per cent month-on-month growth (average daily) on consumer acquisition pre-demonetisation, and now it has grown to 200 per cent.

Security experts emphasise that as the numbers grow, newer forms of vulnerabilities will be exposed in the payment gateways, suggesting that upgraded security is the only way to safeguard small and medium businesses from losing their hard-earned money.

According to Abbot, first-time users are more exposed to digital frauds.

"Just like customers reveal their passwords or OTPs in the banking system to unidentified people, they are doing it in the case of mobile wallets as well. Fraudsters are calling people saying they are from Paytm and extracting money from the users," Abbot pointed out.

Citing the main reason why bank apps have not fared well till date, Abott said banks have the consumers but they do not have the merchant base.

"With Paytm having nearly 65 per cent market share, we are absolutely not worried about the competition because it takes time to build a base. In fact, we will be happy if a worthy competitor comes up," Abbot told IANS.