It was quite alarming for the stakeholders when one of the oldest banks of India, the Bank of Maharashtra could not shield itself from a financial fraud that siphoned off Rs 25 Crores from the bank’s accounts due to a bug found in its UPI application. The bank had procured a UPI solution from a vendor which had a bug that resulted in the money moving out of the sender’s account. The number of transactions in the pandemic through Unified Payments Interface (UPI) skyrocketed upto 2.29 billion in February 2021 as per the data provided by the National Payments Corporation of India (NPCI). But with acceleration in e-commerce shopping and online payments, and lack of robust security infrastructures to contain financial frauds, the incidents of such frauds have reached an all-time high. As payments through UPI gradually gain firm in the small business owners belonging to semi-urban and rural cities of India, the lack of digital literacy and less knowledge of online frauds and scams is allowing scammers to take undue advantage to dupe people of their hard-earned money. Transactions through payment gateway as compared to UPI payments are more secured.
4 financial scams doing rounds that MSMEs need to be aware of
Fraudsters in disguise of customers can send the business owners unauthorised payment links through SMS. These fake payment links have a stark resemblance with the original links, without much thinking, they click on the link that directs them to the payment app to select any of the apps for auto-debit. Once we give permission the amounts get debited from the UPI app instantly. Hence, to the business owners, it is advised to never process any transactions through the SMS. Also, by clicking on the payment link, the fraudsters may infect your phone with a virus/malware designed to scoop out the financial details stored in the device.
The number of transactions in the pandemic through Unified Payments Interface (UPI) skyrocketed upto 2.29 billion in February 2021 as per the data provided by the National Payments Corporation of India (NPCI).
Fake Helpline numbers and handles on Social media
Users of UPI at times express their resentment on social media handles on UPI about issues related to redeeming offers, availing cashback, money transfers, refunds by sharing a screenshot of their UPI handle. Little do the users know that every social media page that has the word NPCI or BHIM or any bank name is not authentic. Scamsters create such handles to make you reveal your account details. The fraudsters under the pretext of helping and guising as admin of the fake UPI page keep a track of what is being posted on Facebook or Twitter, where they ask to share card details, OTP details. As soon as vital details are shared the money is deducted from the account.
Fake UPI apps
There are any fake UPI apps available on Google Play stores. In 2016, when PM Narendra Modi encouraged to use online payment apps, NPCI received several complaints about duplicate BHIM apps. Some of them had fake names such as Modi Bhim, Bhim Modi App, BHIM Payment-UPI Guide, BHIM Banking guide, Modi ka Bhim, etc. However, these apps were pulled out but business owners who are new to online payments might be unaware of these fake UPI apps.
Alert to transfer requests
Fraudsters posing as customers dupe the business owners by taking advantage of the ‘request money’ feature in UPI apps. They initially happen to show interest in buying a product and try to engage with the seller on a phone call. Due to the lack of knowledge on digital payments they make the seller transfer the money using UPI apps’ ‘request money’ option.
May I help you
This might seem UPI to be having an excellent customer care service. But, scamsters have set up their fake helpline numbers online. When a user seeks help through the number, pretending to be the company’s technician and advising the complainant to download screen sharing apps such as Teamviewer to resolve the issue instantly. Under the pretext of solving the problem, the fraudster with the help of such third-party apps gains full access over the phone to access all financial details. According to a February 2019 press release from NPCI, five cases were reported with the Reserve Bank of India (RBI) of fraudsters using these third-party screen-sharing apps to control mobile phones for malicious purposes. With third-party screen sharing apps, fraudsters can get complete access to a user’s card number, CVV code, and initiate financial transactions. Hence, MSMEs must be wary of giving their access to their mobile device to anyone.
How Payment Gateways from Razorpay can Help Here?
A payment gateway has a bank working behind the scenes to issue merchant accounts. The primary function of a payment gateway is to provide a secure money transfer through its link between a website and the bank. Once a customer fills in the payment details on the website the gateway receives them and forwards them to the bank for verification. It is a secured tunnel that connects your bank account to the platform where your money is transferred. Payment gateway is a software that is authorised to conduct an online transaction through various payment modes such as net banking, credit card, debit card, UPI, or other many online wallets.
How a Payment Gateway is secured?
A payment gateway ensures the security of the data in the following manner:
- The payment transaction in the payment gateway is carried out through an HTTPS (Hypertext Transfer Protocol Secure) web address. The S in HTTPS guarantees security. MSMEs should make sure that a padlock symbol in the browser window frame is present whenever you visit a payment site.
- It uses the hash function. A hash function is a mathematical function that turns a numerical input value into another compressed numerical value. It is because of the hash function that the system uses a signed request from the business owner for validating the request transaction. The signed request is a secret word that is only known by the business owner and the payment gateway.
- The IP ( internet protocol) of the requesting server is verified to identify malicious activity to ensure the security of the payment page result.
- The payment gateways are secured with Virtual Payer Authentication (VPA). The VPA implementation under 3-D secure protocol adds a layer of security that allows the online sellers and customers to authenticate with each other with ease.
Benefits of using a payment gateway
A seamless and convenient payment process gives users a better experience. Below are the benefits of using a payment gateway for MSMEs.
Payment gateway is powered with PCI-DSS (Payment Card Industry Data Security Standard) compliance. The PCI-DSS compliance defines policies and for payment procedure and security. The compliances are ensuring security to store user’s data in the portal or gateway for recurring payments. For example- if a customer is regular to your business, then it can save your bank or card details in your website or app and will remain secured from any cybersecurity threat.
Enables users to extract money from their bank account to the mobile wallet app that can be further used to make payments on various websites or apps.
Fraud Screening Tools
Payment gateways have the advantage of fraud screening tools that minimises the risk of losing information. These tools protect the Card Code Value (CCV), Card Verification Value (CVV), or even the Address Verification Service (AVS) and ensure that there is no fraudulent transaction.
According to a February 2019 press release from NPCI, five cases were reported with the Reserve Bank of India (RBI) of fraudsters using these third-party screen-sharing apps to control mobile phones for malicious purposes.
Why Razorpay’s payment gateway should be chosen by MSMEs
Below are some of the security protocols and processes that power Razorpay’s payment gateway :
TLS (Transport Layer Security ) encryption
The payment gateway from Razorpay uses the highest assurance SSL certificate i.e. EV SSL (Extended Validity SSL) certificate in its website the TLS certificate ensures that the data exchanged between the web server and the browser is secured. Without a TLS certificate, the data exchanged over the internet is unencrypted and is easily available to the scamsters for intercepting.
The PCI-DSS Compliance
Razorpay’s payment gateways follow PCI-DSS compliance which is a set of policies that safeguards sensitive cardholder information for all e-commerce websites and online payment systems. For a payment gateway to be PCI-DSS compliant they have to follow certain directives such as maintaining a secure network for processing payments that involve robust firewalls countering security threats and encryption of all information a user exchanges while checkout through TLS preventing the interception of data when payments are done from user’s system to Razorpay. Razorpay never stores sensitive information like CVV numbers, PINs, etc.
Another directive includes keeping updated with the new PCI-DSS mandates using updated software and spyware to strengthen itself to counter new software vulnerabilities for maximising data protection.
Tokenisation is the payment gateway that replaces a 16-digit card number with a digital identifier known as a token. Tokenisation ensures the safety of the original data meanwhile allowing the payment gateway to securely access the cardholder data and initiate secure payment. It works like this: Say, if an e-commerce website is hacked and one gets the tokens, it will be immensely difficult for the hacker to retrieve the actual card number from the token. To retrieve the details, any hacker would require the logic for tokenization which is not available publicly.
Besides these mandatory protocols, big data analytics and machine learning in Razorpay’s payment gateways have their fraud and risk prevention systems by diving deeper into customer’s data and analysing patterns which they classify either normal or suspicious transactions with utmost accuracy.
Thus, Razorpay’s payment gateway has all the above-mentioned security processes that will help the MSMEs to accept online payments securely for their e-commerce business. So, without much wait let us begin using the payment gateway from Razorpay.