Today, cutting-edge technology has minimised the chances of man-in-the-middle attacks to a virtual rarity.
High-speed transactions are characterised by high-frequency, high volume, user convenient payments. Although online platforms facilitated quick payments, the advent of UPIs has been game changing, redefining the speed of online payments, while further increasing the acceptance of low value of transactions. Real-time payments have been spurred by multiple use cases, such as IPOs, eRupi, contactless payments and buy now, pay later models. The emergence of digital payment intermediaries have disrupted the traditional payment industry, emerging as a preferred choice in both the P2P and P2M segment.
However, due to the high speed and frequency of such payments, there are higher risks attached to such transactions. The shift towards digital payments has been underscored by its utility and positive user experience. In high-speed transactions, the biggest challenge, therefore, is to conduct due diligence without impacting the customer experience. Unauthorised transactions, impersonation, and fraud are some of the most common concerns. Of these, unauthorised transactions are one of our major concerns and the reason for diligent risk management on the debit side. On the credit side, fraud by impersonation is the prime worry.
Need for real time FRM and decisioning
With expectations of fastrack end-to-end transactions in a few seconds, real time fraud scoring and decisioning, velocity checks and validations have to be carried out in milliseconds. For banks, this limitation is further compounded by multiple channels where the data has to be consolidated in near real time. Typically, a bank may handle lakhs of such transactions in a matter of minutes, which translates to lightning fast analysis for each dealing. Legacy FRMs, that handles bank-to-bank transfers, took time as each system has to propagate the data in real time across channels and had to go through proper validation. Today, the end-to-end validation process occurs in a matter of milliseconds.
Technology has helped to scale up real time transactions and it requires to be leveraged in bridging the gap between high speed transactions and risk mitigation. Big Data, machine learning, deep learning and automation are some of the key technologies that enable high-speed real time risk analysis and transactions. Technology has been further supported by operational experience and self learning optimal rules that support velocity checks.
Technology is utilised in three aspects when conducting due diligence. These are:
Device level security: Today, low value online transactions predominantly take place through the mobile. Hence, device security information and geolocation accuracy is critical. Consequently, third-party channels, banks, and Payment Service Providers place high importance on device information. Device security has also emerged as the preferred means for conducting authentication. Biometrics, fast emerging as the preferred authentication tool, also relies on device security.
Online transaction processing (OLTP): In-memory OLTP are software programs that support transaction-based applications. OLTP ensures two key requirements for velocity checks, atomicity and concurrency. While atomicity ensures that the transaction will fail to pass due checks if even one step fails to pass muster, concurrency averts any chance of multiple users making modifications to the data at the same time. Other checks and balances in OLTP, such as atomic statefulness and decentralisation allow the payment application to mitigate risks in high-speed transactions. With increase in merchant payments and capability to settlement in near real time to merchant, merchant transactions can be given a better user experience for validated merchants.
Offline balance storage: With connectivity issues, the government has been pushing for offline transactions where the user can mark or block a specific amount. This amount is then debited for each subsequent transaction with out a need to hit the core bank or reducing the exposure of the entire account to real time low value transactions. This mode offers the most secure manner of high-speed transactions as the risk management occurs at the point of the user blocking/marking for low value payments. It minimises the requirement to carry out checks for every transaction, reducing the burden of analysing each purchase.
Today, cutting-edge technology has minimised the chances of man-in-the-middle attacks to a virtual rarity. The predominant risk that we come across is at base level information or from a flawed interest where the user has compromised the security. Given the rising emergence of digital payments in bringing transparency and easing user experience, we must focus on educating users on security protocols, not sharing the card details, account details, OTPs and method of authenticating each transaction and in updating their device information.
(By Guhan Muthusamy, Co-founder & Software Architect at Mindgate Solutions)