© The Indian Express Pvt Ltd
Tags:
Journalism of Courage
Banks and payment operators have reported online payment frauds of Rs 1,750 crore in the seven months ended March 2023 even as online transactions picked up substantially in the last several months.
According to data available from the Reserve Bank of India, the fourth quarter ended March 2023 itself witnessed payment frauds of over Rs 800 crore under the new format of fraud reporting. While the month of March saw 2.25 lakh transactions involving Rs 333 crore payment frauds, comparable data for the same period in the previous year is not available. However, when compared to the volume of transactions involving internet and mobile apps, the fraud amount is not very significant but it shows the vulnerability in the system, payment sector officials said.
“The new format captures e-commerce transactions, transactions using FASTags, digital bill payments and card-to-card transfer through ATMs,” the RBI said. The data from November 2019 onwards for card payments (Debit and credit cards) and prepaid payment instruments (PPIs) may not be comparable with earlier months or periods, as more granular data is being published along with revision in data definitions, the RBI said.
Card and internet frauds were just Rs 87 crore involving 2,321 frauds during the April-September period of 2022-23, according to the RBI’s Report on Trend and Progress in Banking.
Transactions involving mobile apps were Rs 233 lakh crore during the year ended March 2023. Net banking transactions were worth Rs 915 lakh crore and ATM cash withdrawals were Rs 33.04 lakh crore during the fiscal, according to RBI data.
With payment frauds remaining a concern, the RBI migrated fraud reporting module to DAKSH – Reserve Bank’s Advanced Supervisory Monitoring System with effect from January 1, 2023. Due to the interconnectedness of different payment instruments, acquiring bank operations and payment gateways, vulnerability of paytech processes of any counterparty to cyber risk and fraud risk at entity level adds and magnifies the exposure to systemic risk, said Krishnan Chari, Chief Risk Officer, Worldline India.
“While policy makers lay out guidelines for paytech institutions for compliance on fraud and cyber risk management, it is also essential that a systemic risk management framework for payment and settlement systems is also developed on similar lines as Basel committee systemic risk framework,” Chari said. The payment systems risk framework at a national level should be formulated taking into account the interconnectedness of banks, non-bank payment gateways, payment aggregators and retail payment clearing platforms such as NPCI.
Fraudsters have been using innovative methods to defraud the common and gullible people of their hard-earned money, especially the new entrants in the use of digital platforms who are not entirely familiar with the techno financial ecosystem. Punjab National Bank recently warned customers about a new form of fraud attempt by scamsters. “This is to inform the general public that a fraudulent message stating “PNB’s 130th Anniversary Government Financial Subsidy” is being circulated across digital platforms. These are fake messages and PNB brand name is being used to perpetuate different forms of fraud. In some cases, these frauds are attempts at identity theft and financial scams,” PNB said.
Another modus operandi of scamsters is to create a third-party phishing website which looks like an existing genuine website, such as a bank’s website or an e-commerce website or a search engine. Links to these websites are circulated by fraudsters through SMS, social media, email and instant Messenger. Many customers click on the link without checking the bonafides and enter secure credentials such as PIN, OTP and password which are captured and used by the fraudsters.
Fraudsters often contact customers under various pretexts and trick them into scanning Quick Response (QR) codes using the apps on the customers’ phone. By scanning such QR codes, customers may unknowingly authorise the fraudsters to withdraw money from their account. They install skimming devices in ATM machines and steal data from the customer’s card. Fraudsters also install a dummy keypad or a small, pinhole camera, well-hidden from plain sight to capture ATM PIN.
ASM Subramanian, Chief Risk Officer, NTT DATA Payment Services India, said, “the rise in digital transactions through various payment methods and channels has been significant in the past few years. The popularity of mobile apps with major transaction volumes continues to grow but some apps do not meet security standards, which poses potential risks to customers.”
Fraud has significant impacts on not just financial costs but also customer loyalty, reputation loss, and liabilities for financial institutions. “Given the rising fraud trends, financial institutions must focus on developing alternative authentication mechanisms for payment transactions. Additionally, stringent security controls such as cybersecurity and the implementation of security and monitoring controls as per payment aggregator guidelines by payment system operators can play a crucial role in mitigating and reducing fraud,” Subramanian said.
The Additional Factor of Authentication (AFA) mandated for online card transactions in India has reduced payment frauds and enhanced confidence of customers in card transactions.
