Stories Archives - Digital Payments, Payment Security and Lending

Mobile Banking Apps in the Middle East: Transforming Customer Expectations and Experience

December 2, 2024 / Chitrajit Chakrabarti

In recent years, the Middle East has emerged as a hotspot for digital banking innovation, driven by rapid smartphone penetration, government-backed digital transformation initiatives, and shifting customer expectations. Mobile banking apps are at the forefront of this revolution, redefining how customers interact with financial institutions. The Landscape of Mobile Banking in the Middle East According to the World Bank, smartphone penetration in the Middle East exceeds 85% in countries like the UAE, Saudi Arabia, and Qatar, providing fertile ground for mobile banking adoption. A 2023 study by Mastercard revealed that over 70% of consumers in the region prefer using mobile apps over visiting bank branches, highlighting a significant shift towards digital-first banking. Key Drivers of Change 1. Evolving Customer Expectations Middle Eastern customers, influenced by global tech giants like Apple and Amazon, now demand seamless, personalized, and secure digital experiences. A report by Deloitte Middle East in 2024 shows that 67% of customers in the GCC region prioritize convenience and personalization in their banking experience. 2. Regulatory Push for Innovation Governments across the Middle East are actively promoting digital banking. The UAE’s Vision 2021 and Saudi Arabia’s Vision 2030 emphasize fintech and digitalization as key pillars. These initiatives have led to the proliferation of digital-only banks like Liv by Emirates NBD and STC Pay in Saudi Arabia. 3. The Rise of Fintech and Open Banking Fintech collaborations are driving innovation in the sector. Open banking regulations, such as those introduced by Bahrain’s Central Bank, are enabling greater data sharing between banks and third-party providers, paving the way for more innovative and customer-centric apps. Transforming Customer Experience through Mobile Apps 1. Personalization at Scale With advanced AI and machine learning, mobile banking apps in the Middle East now offer hyper-personalized experiences. For instance, Emirates NBD’s app uses AI to analyze spending habits and provide tailored financial advice. 2. Enhanced Security Measures Security remains a top concern for customers. Banks are leveraging biometric authentication, such as facial recognition and fingerprint scanning, to enhance app security. A 2023 KPMG report noted that 81% of Middle Eastern banks have adopted advanced security measures to build customer trust. 3. Financial Inclusion Mobile banking apps are playing a crucial role in improving financial inclusion. In regions with limited physical banking infrastructure, such as rural areas of Oman or Jordan, mobile apps provide access to essential banking services. 4. Streamlined Digital Payments Digital payment solutions integrated into mobile banking apps, like Saudi Arabia’s Mada Pay or the UAE’s Apple Pay partnerships, are transforming the payment landscape. Statista forecasts that digital payments in the Middle East will grow by 19.2% annually, reaching $314 billion by 2027. Challenges Ahead Despite significant progress, challenges remain: Cultural Preferences: Some segments of the population, particularly older demographics, still prefer traditional banking methods. Cybersecurity Threats: As digital transactions increase, so do the risks of cyberattacks. Skill Gaps: Banks need to invest in upskilling employees to manage and innovate in a digital-first ecosystem. The Future of Mobile Banking in the Middle East Looking ahead, the future of mobile banking in the Middle East will likely be shaped by: 1. AI-Driven Banking: Predictive analytics and AI-powered chatbots will deliver even more intuitive and responsive banking experiences. 2. Blockchain Integration: Blockchain could enhance security and transparency, particularly for cross-border transactions. 3. Super Apps: Inspired by platforms like China’s WeChat, Middle Eastern banks may develop super apps that integrate banking with lifestyle services, such as travel and e-commerce. Conclusion The Middle East’s mobile banking landscape is undergoing a transformative journey, driven by technological advancements, customer-centric innovation, and regulatory support. Financial institutions that prioritize personalization, security, and seamless experiences will not only meet but exceed the evolving expectations of their customers. As the region continues its march towards a cashless, digital-first economy, mobile banking apps will remain pivotal in reshaping the financial services industry and improving customer experiences across all demographics.

Mobile Banking Apps in the Middle East: Transforming Customer Expectations and Experience Read More »

Online Payment Systems: Understanding Types, Methods, and How They Work

November 11, 2024 / Wibmo

As payments have shifted from physical cash to digital transactions, online payment systems have become essential to our daily routines. From buying groceries to subscribing to streaming services, the ease of online payments is undeniable. This blog will delve into the world of online payment systems, exploring their types, methods, and operational mechanisms. Understanding Online Payment Systems Online payment systems are electronic methods used to transfer money over the internet. They facilitate secure and efficient transactions between buyers and sellers, encompassing various methods such as credit and debit cards, digital wallets, and bank transfers. Types of Online Payment Systems How Online Payment Systems Work Understanding the mechanics of online payment systems involves knowing the key players and steps in processing a transaction: The process starts when a customer initiates a payment on a merchant’s website. The payment gateway encrypts the payment information and sends it to the payment processor. The processor then communicates with the issuing bank to verify the transaction. Once approved, the funds are transferred from the issuing bank to the acquiring bank, completing the transaction. Benefits of Online Payment Systems Security Measures in Online Payment Systems Security is crucial in online payment systems. Common measures include: Future Trends in Online Payment Systems Conclusion Online payment systems have transformed how we conduct transactions, offering unparalleled convenience, speed, and security. As technology advances, we can expect even more innovative and secure payment methods to emerge. Understanding these systems is crucial for both consumers and businesses to navigate the digital economy effectively. By grasping the intricacies of online payment systems, businesses can better meet their customers’ needs, ensuring seamless and secure transactions. Stay tuned to Wibmo for more insights into the world of digital payments!

Online Payment Systems: Understanding Types, Methods, and How They Work Read More »

Securing Digital Transactions During the Festive Season with Wibmo: A Trusted Partner for Seamless and Safe Payments

September 23, 2024 / Dinesh Kumar KN

The festive season brings an immense surge in online shopping and digital payments. In 2023, Diwali sales alone saw a 49% increase in online transactions, along with a 35% rise in website traffic, making it one of the most lucrative periods for businesses. However, with this rise comes a higher risk of fraud and security breaches. Securing seamless transactions is essential for protecting both revenue and customer trust during this busy season. Wibmo Protect is designed to address these challenges, offering a comprehensive solution that ensures secure and frictionless transactions, even during the peak of the festive rush. How Wibmo Protect Safeguards Festive Transactions 1. Multi-Layered Security with Adaptive AuthenticationWibmo Protect uses dynamic, multi-factor authentication (MFA) to safeguard transactions by adapting security measures based on real-time risk. This reduces the friction for legitimate customers while ensuring robust protection against fraud. Given that the 2023 festive season saw a 72% spike in online sales just two days before Diwali, adaptive authentication is crucial to maintaining a seamless shopping experience without compromising security. 2. Real-Time Fraud Detection & PreventionThe festive season also brings an increase in fraudulent activities. Wibmo Protect’s AI-driven fraud detection engine continuously monitors transactions, instantly identifying suspicious patterns and blocking unauthorized activities in real-time. With eCommerce fraud expected to rise during high-traffic periods like Diwali, proactive fraud detection minimizes losses and protects businesses from financial threats. 3. Seamless Integration with Payment EcosystemsBuilt on industry-standard 3D Secure protocols, Wibmo Protect easily integrates into existing payment ecosystems, ensuring secure transactions without disruption. This is particularly important as conversion rates during the 2023 festive season increased by 22%, emphasizing the need for a frictionless user experience while handling high volumes of transactions. 4. Scalability for High Transaction VolumesThe Indian eCommerce sector recorded significant growth, with over ₹3.75 lakh crore in retail trade during Diwali 2023. Wibmo Protect’s scalable infrastructure is built to handle such high transaction loads, ensuring that businesses can maintain security and efficiency even when managing millions of transactions daily. 5. Compliance with Global and Local RegulationsWibmo Protect adheres to global standards like PCI-DSS and complies with local regulations, such as the RBI’s Additional Factor Authentication (AFA) guidelines. This guarantees that businesses remain secure and compliant, reducing the risk of regulatory fines during peak transaction periods. 6. Advanced Machine Learning for Fraud Pattern RecognitionWibmo Protect leverages machine learning to stay ahead of emerging fraud patterns. During high-traffic periods like the festive season, when fraudulent activities spike, Wibmo Protect’s system identifies and prevents new fraud attempts, ensuring businesses stay protected. Why Businesses Trust Wibmo Protect As businesses gear up for the festive season, securing digital transactions is crucial to providing a seamless shopping experience while protecting against fraud. With Wibmo Protect, businesses can confidently manage high transaction volumes and safeguard their customers from evolving threats during the festive season. Keep your payments secure this festive season with Wibmo Protect, your trusted partner for secure, seamless transactions.

Securing Digital Transactions During the Festive Season with Wibmo: A Trusted Partner for Seamless and Safe Payments Read More »

Scams on the Internet: How to Spot Them and Stay Safe

July 9, 2024 / Ravi Bhushan

The internet has become an essential component of our everyday life in the current digital era. Almost all facets of our lives, including banking, socializing, and employment, have shifted online. But the ease of using the internet also carries the risk of becoming a victim of fraud. Cybercriminals are continuously coming up with new ways to trick naïve people, and internet scams are becoming more common. The Federal Trade Commission (FTC) documented over 2.2 million fraud cases in 2023 alone, resulting in losses of over $8.8 billion, underscoring the critical need for awareness and prudence. This blog will discuss typical internet scam types, how to identify them, and important online safety advice. Common Types of Internet Scams How to Spot Internet Scams Tips to Stay Safe Online Bottomline Internet scams are an unfortunate reality of the digital age, but by staying vigilant and informed, you can protect yourself from falling prey to cybercriminals. Remember to always verify the source of online communications, use strong passwords, and be cautious of offers that seem too good to be true. By following these tips and educating yourself about common scams, you can enjoy the benefits of the internet while staying safe and secure.

Scams on the Internet: How to Spot Them and Stay Safe Read More »

Unveiling the Future: Fintech Innovations Redefining Finance in 2024

January 23, 2024 / Wibmo

As we navigate the intricate landscape of finance, the year 2024 unfolds with a myriad of fintech innovations that promise to reshape the industry fundamentally. Fintech, a portmanteau of “financial technology,” has become synonymous with innovation and disruption, revolutionizing how we manage, invest, and transact in the digital era. In this comprehensive blog, we’ll explore the groundbreaking fintech trends that are set to dominate the stage in 2024. Decentralized Finance (DeFi): Decentralized Finance, or DeFi, stands at the forefront of fintech innovation in 2024. This paradigm shift involves leveraging blockchain technology to create a decentralized financial ecosystem that operates outside traditional banking systems. DeFi platforms facilitate peer-to-peer lending, borrowing, and trading without the need for intermediaries. Smart contracts on blockchain networks ensure transparency, security, and efficiency in financial transactions. As we move forward, the DeFi space is expected to mature, offering more sophisticated financial services while challenging the conventional norms of the finance industry. Central Bank Digital Currencies (CBDCs): Central Bank Digital Currencies are gaining prominence as central banks worldwide explore the digitization of national currencies. In 2024, CBDCs are not just theoretical concepts but tangible initiatives that aim to provide a secure and regulated digital alternative to physical cash. Countries like China have made significant strides in piloting CBDCs, aiming to enhance the efficiency of financial transactions, reduce costs, and ensure greater financial inclusion. The widespread adoption of CBDCs holds the potential to redefine the global monetary landscape. AI-Powered Personalization: Artificial Intelligence (AI) continues to be a driving force in fintech, particularly in the realm of personalization. In 2024, AI is set to transform the user experience by providing hyper-personalized financial services. Machine learning algorithms analyze vast datasets to understand user behaviors, preferences, and financial patterns. Fintech platforms leverage this data to offer tailored investment advice, customized budgeting tools, and personalized recommendations. AI-driven personalization not only enhances user satisfaction but also fosters a deeper connection between users and their financial platforms. Embedded Finance: Embedded finance is revolutionizing the way financial services are delivered by seamlessly integrating them into non-financial platforms. In 2024, we witness the expansion of embedded finance into various sectors, allowing users to access financial services without the need to switch between different applications. E-commerce websites, social media platforms, and even ride-sharing apps now offer embedded financial services such as payments, loans, and investments. This trend is breaking down traditional silos, creating a more interconnected digital ecosystem. Green Fintech: Sustainability takes center stage in 2024, and fintech is not exempt from this global shift towards environmental responsibility. Green fintech initiatives are emerging to address climate concerns and promote eco-friendly financial practices. This includes the development of digital currencies with lower carbon footprints, sustainable investment platforms that prioritize environmental, social, and governance (ESG) factors, and tools that encourage responsible spending and consumption. Fintech is becoming a driving force for positive environmental change, aligning financial activities with broader sustainability goals. Biometric Authentication: The quest for enhanced security in financial transactions has led to the widespread adoption of biometric authentication methods. In 2024, we see a surge in the use of biometrics, such as facial recognition, fingerprint scans, and voice recognition, to verify user identities. These advanced authentication methods provide an extra layer of security against fraud and unauthorized access. As fintech platforms prioritize user safety, biometric authentication is becoming integral to ensuring secure and convenient financial transactions. The year 2024 marks an important turning point in the growth of fintech when creativity and technology combine to reshape the financial environment. From the decentralized revolution of DeFi to the digitization of national currencies via CBDCs, the fintech industry is undergoing transformational change. AI-powered personalization, embedded finance, green fintech efforts, and biometric authentication all work towards a future in which financial services are not just technologically advanced but also sustainable, secure, and seamlessly interwoven into our daily lives. As we welcome the advancements in fintech, it’s crucial to acknowledge their profound impact on money management. Heading into 2024, the future of financial technology promises ongoing empowerment, bridging financial divides, and fostering a more inclusive and sustainable global economy. Leading this transformative journey is Wibmo, a key player in fintech, utilizing innovative technologies. With our robust payment security and digital payment services, we play a pivotal role in seamlessly integrating financial services, ensuring heightened security and transaction efficiency. In this era of significant shifts in the financial industry, we are happy to be able help banks and fintech firms in reshaping the landscape of finance. 2024 Trends, 2024 Trens, Digital Finance, Financial Services, Fintech, Fintech Trend

Unveiling the Future: Fintech Innovations Redefining Finance in 2024 Read More »

Unveiling the Unseen: eCommerce Fraud Prevention Secrets You Need to Know

December 14, 2023 / Animesh Jha

As the popularity of eCommerce grows, so does the risk of fraud targeting online firms. The digital sphere offers enormous prospects for expansion, but it also attracts clever fraudsters looking to exploit flaws in payment systems and transactions. In this blog article, we’ll delve into the lesser-known parts of eCommerce fraud prevention, revealing the methods, technologies, and best practices that may protect your business and foster client trust. The Evolving Landscape of eCommerce Fraud eCommerce fraud comes in various forms, from stolen credit card information and account takeovers to sophisticated phishing attacks. As businesses adapt to new technologies and consumer preferences, fraudsters adjust their tactics accordingly. Understanding the dynamic nature of eCommerce fraud is the first step toward building a resilient prevention strategy. Account Takeovers (ATO): ATO occurs when fraudsters gain unauthorized access to customer accounts. This can lead to unauthorized purchases, misuse of stored payment information, and identity theft. Preventing ATO requires robust authentication mechanisms, including multi-factor authentication and behavioural analytics. Card-Not-Present (CNP) Fraud: With the rise of online shopping, CNP fraud has become a significant concern. Fraudsters use stolen card details to make online purchases where the physical card is not required. Address Verification System (AVS), 3D Secure, and machine learning algorithms are essential tools for preventing CNP fraud. Friendly Fraud: Contrary to its name, friendly fraud is far from friendly. It occurs when a legitimate cardholder disputes a transaction, often claiming they didn’t make the purchase. Friendly fraud can be mitigated by clear communication, transparent billing descriptors, and comprehensive transaction records. Synthetic Identity Fraud: Synthetic identity fraud involves creating fake identities using a combination of real and fictitious information. These synthetic identities are then used to open accounts and make fraudulent transactions. Advanced identity verification methods and data analysis are crucial for detecting synthetic identity fraud. eCommerce Fraud Prevention Strategies Multi-Factor Authentication (MFA): Implementing MFA adds an extra layer of security by requiring users to provide multiple forms of identification. This could include passwords, biometric data, or one-time passcodes, significantly reducing the risk of unauthorized access. Machine Learning and Artificial Intelligence (AI): Leveraging machine learning and AI enables real-time analysis of vast datasets to identify patterns and anomalies indicative of fraudulent activities. These technologies continually learn and adapt to new fraud tactics, staying one step ahead of cybercriminals. Geolocation and Device Fingerprinting: Examining the geolocation of transactions and creating unique device fingerprints help in detecting suspicious activities. Unusual transaction locations or device behaviors can trigger alerts for further investigation. Behavioral Analytics: Analyzing user behavior helps create a baseline for normal activity. Deviations from this baseline, such as sudden changes in spending patterns or the use of unfamiliar devices, can be indicative of fraudulent behavior. Real-Time Transaction Monitoring: Implementing real-time monitoring systems allows businesses to spot and respond to suspicious transactions instantly. Automated alerts can be set up to trigger when certain criteria associated with fraud risk are met. 3D Secure Authentication: 3D Secure is an additional layer of security for online credit and debit card transactions. It adds an extra step of authentication, often requiring a one-time passcode sent to the cardholder’s mobile device, enhancing the security of online transactions. Fraud Scoring Systems: Employing fraud scoring systems assigns a risk score to each transaction based on various parameters. Transactions with high-risk scores can be subjected to additional scrutiny or declined altogether. Customer Education: Educating customers about safe online practices, secure password management, and recognizing phishing attempts can significantly reduce the risk of account takeovers and fraud. Clear communication builds a sense of security and trust. Best Practices for eCommerce Fraud Prevention Regularly Update Security Protocols: Stay ahead of evolving fraud tactics by regularly updating and enhancing your security protocols. This includes adopting the latest encryption standards, security patches, and fraud prevention technologies. Secure Payment Gateways: Choose reputable and secure payment gateways that prioritize the protection of sensitive customer data. Secure Sockets Layer (SSL) encryption is fundamental for securing online transactions. Monitor Chargeback Rates: High chargeback rates can be indicative of fraud or customer dissatisfaction. Monitoring chargeback rates allows businesses to identify and address issues promptly. Data Encryption: Implement end-to-end encryption to safeguard customer data throughout the entire transaction process. This ensures that even if intercepted, sensitive information remains unreadable. Regularly Train Staff: Educate your staff on the latest fraud trends, prevention techniques, and the importance of adhering to security protocols. An informed and vigilant team is an essential component of your fraud prevention strategy. Implement Device Authentication: Device authentication ensures that transactions are initiated from trusted and recognized devices. Unfamiliar devices may trigger additional verification steps to confirm the legitimacy of the transaction. Bottomline As eCommerce continues to thrive, so does the need for robust fraud prevention measures. By understanding the evolving landscape of eCommerce fraud, implementing cutting-edge technologies, and adopting best practices, businesses can significantly reduce the risk of falling victim to cybercriminals. A comprehensive fraud prevention strategy not only protects the business but also fosters trust and confidence among customers, contributing to long-term success in the dynamic world of online commerce. Stay informed, stay secure, and empower your eCommerce venture to flourish in the digital age. Author: Animesh Jha, Vice President, Engineering — Fraud & Risk Management Wibmo A PayU/Naspers FinTech Company Ecommerce, Fraud Prevention, Online Fraud, Online Fraud Detection, Online Payment Fraud

Unveiling the Unseen: eCommerce Fraud Prevention Secrets You Need to Know Read More »

Empowering the Unbanked: Offline Digital Payments and Financial Inclusion in India

November 30, 2023 / Wibmo

India, with its vast and diverse population, has made significant strides in the realm of digital payments in recent years. However, a considerable segment of the population still remains unbanked or underbanked, primarily due to limited access to financial services. Offline digital payments have emerged as a promising solution to bridge this gap, fostering financial inclusion and empowering individuals who have been on the fringes of the formal financial system. Understanding Financial Inclusion Financial inclusion is a multifaceted concept that goes beyond merely having a bank account. It encompasses access to a range of financial services, including savings, credit, insurance, and payment services. The goal is to provide individuals and businesses, particularly those in underserved and remote areas, with the tools and resources needed to participate fully in the economy. Challenges to Financial Inclusion in India Several challenges have historically hindered financial inclusion in India: 1. Limited Access to Banking Infrastructure: Many rural areas lack physical banking infrastructure, making it challenging for individuals to access basic financial services. The cost and effort required to establish brick-and-mortar branches in these areas have been significant barriers. 2. Low Financial Literacy: A significant portion of the population, particularly in rural and remote areas, lacks financial literacy. Understanding the nuances of traditional banking services can be a barrier to entry into the formal financial system. 3. Documentation Requirements: The documentation required to open a bank account can be a hurdle, especially for those who may not have the necessary identification papers. This often excludes a substantial portion of the population from mainstream financial services. 4. Technological Barriers: While the penetration of smartphones has increased, a considerable number of individuals still use feature phones or have limited access to the internet. This poses a challenge to the adoption of traditional digital payment solutions. Offline Digital Payments: A Catalyst for Inclusion Offline digital payments have emerged as a transformative force, overcoming many of the barriers to financial inclusion in India. These solutions leverage technology to enable transactions without the need for a continuous internet connection, making them particularly relevant in areas with intermittent connectivity. Let’s delve into the ways in which offline digital payments are contributing to financial inclusion. 1. Access Anytime, Anywhere: Offline digital payment solutions empower users to conduct transactions regardless of their location or the availability of internet connectivity. This is especially crucial in remote and rural areas where traditional banking infrastructure is limited. 2. Reduced Reliance on Physical Infrastructure: By eliminating the need for physical branches or ATMs, offline digital payments reduce the cost and logistical challenges associated with building and maintaining banking infrastructure. This is a game-changer for reaching unbanked populations in geographically dispersed regions. 3. Simplified User Experience: Offline payment methods are designed to be user-friendly, requiring minimal technical know-how. This simplicity is key in overcoming the barrier of low financial literacy, enabling individuals with varying levels of education to participate in the formal financial system. 4. Biometric Authentication: Leveraging biometric authentication methods, such as fingerprints or iris scans, offline digital payment solutions offer a secure and convenient way for individuals to access their financial accounts. This is particularly beneficial in areas where traditional identification documents may be scarce. 5. Financial Inclusion for Merchants: Offline digital payments extend beyond individual users, providing opportunities for small businesses and merchants. By accepting offline digital transactions, even in areas with intermittent internet connectivity, merchants can expand their customer base and participate more actively in the digital economy. 6. Government Initiatives: Recognizing the potential of digital payments to drive financial inclusion, the Indian government has launched initiatives like Aadhaar Pay and UPI (Unified Payments Interface). These initiatives leverage biometrics and mobile numbers to facilitate secure offline digital transactions. 7. Financial Products and Services: Offline digital payments pave the way for the delivery of a range of financial products and services to previously underserved populations. This includes access to credit, insurance, and savings products tailored to the unique needs of different segments of the population. Challenges and Considerations While offline digital payments hold immense promise for financial inclusion, certain challenges and considerations need to be addressed: 1. Security Concerns: Ensuring the security of offline transactions, especially in areas with limited connectivity, is paramount. Robust security measures, including encryption and biometric authentication, are essential to protect users from potential risks. 2. Infrastructure Development: While offline digital payments reduce the reliance on physical banking infrastructure, there is still a need for ongoing efforts to enhance digital infrastructure, including the development of reliable networks and the availability of affordable smartphones. 3. Regulatory Framework: A conducive regulatory framework is crucial for the widespread adoption of offline digital payments. Clear guidelines and policies that foster innovation while ensuring consumer protection will play a pivotal role in shaping the future of these solutions. 4. Collaboration Among Stakeholders: Successful implementation of offline digital payment solutions requires collaboration among various stakeholders, including government agencies, financial institutions, technology providers, and local communities. A coordinated effort is essential to address the multifaceted challenges of financial inclusion. Bottom line: Offline digital payments represent a transformative force in the journey towards financial inclusion in India. By addressing the challenges of limited access to banking infrastructure, low financial literacy, and intermittent connectivity, these solutions empower individuals and businesses to participate fully in the formal financial system. As we move forward, it is imperative to continue innovating, address security concerns, and foster a collaborative environment that embraces the diverse needs of the population. The vision of a financially inclusive India can be realized through the thoughtful integration of offline digital payment solutions, ensuring that no one is left behind in the digital era. BaaS

Empowering the Unbanked: Offline Digital Payments and Financial Inclusion in India Read More »

BIN Attack Fraud

June 1, 2023 / Ajit Nair

Card not present (CNP) transactions are those where the purchase is made without presenting the physical card to the merchant at the point of sale. As more and more physical stores are using EMV-compliant terminals, Javelin Strategy & Research credit card fraud statistics report that card-not-present fraud is now 81% more likely to happen than card-present fraud. Card-not-present transactions can be done via online merchants, telephone orders, or mail. There are various modus operandi to commit CNP fraud, such as account takeover using phishing scams, malware infection to capture keystrokes, or friendly fraud. In such scenarios, the cardholder is involved in the fraud, and it is kind of a personalised attack. However, today we will talk about an impersonal attack where a fraudster exploits a BIN (bank identification number) and uses distributed computing power to automatically generate the remaining numbers and test these combinations to see which card numbers are correct and if the cards are active. This kind of attack is called BIN attack fraud. The subtlety of BIN Attack fraud is that it does not involve any data breach or ID theft; it is just a pure random coincidence that a victim’s card number is chosen. The compromised cards can have a significant impact on issuing banks in terms of chargebacks, call c entre volume spikes, and re-issuance expenses. Furthermore, any cardholder disruption or friction during this tenure leads to a loss of interchange revenues. The damage to the bank’s reputation could lead to cardholders switching the bank’s services to another, more secure bank. A merchant involved in BIN attack fraud faces increased disputes or chargebacks, additional fees, and regulatory fines. Depending on the nature of the attack and risk profile, the acquiring bank may choose to suspend support for the merchant’s site. The cardholder’s bank may restrict purchases from your site, resulting in further financial losses. Refunding any fraudulent transactions is an operational challenge, not to mention the reputational loss. Thus, BIN attack fraud is a problem both for issuers and merchants. Preventing a BIN Attack Fraud To prevent BIN attack fraud, the merchant or the issuing bank can deploy a few techniques: Enable 3D security. The latest version of EMV 3DS 2.x is an additional security layer for online credit and debit card transactions that aims to achieve a balance between security and user convenience. As a merchant, enable a CAPTCHA test to tell humans and bots apart. While this may create friction for genuine customers, it’s an effective deterrent against BOT scripts. Deploy an anti-fraud solution that can look at many aspects and block transactions or alert your fraud analyst. A good anti-fraud solution should have: Ability to spot multiple low-value transactions (unusually low for the merchant’s business). Multiple declines within a short period The timing of transactions may be unusual for the merchant, business, or cardholder. A large number of transactions from the same BIN were attempted in a short period of time (a few seconds apart). IP Velocity Checks: Even though these days, through proxy and spoofing, fraudsters can make it seem that the transactions are coming from different IPs, Use an anti-fraud solution that deploys good device fingerprinting techniques to solve this issue, as fingerprinting is impervious to IP proxies. Unusually large volume of international transactions for a given merchant or for a cardholder. Look for patterns, cards with sequential numbers, the same card number but different expiration dates, or CVV codes. Ability to create a profile for the merchant and cardholder and alert in case of any significant deviations. There are a few additional measures that the industry could take, such as creating advisory, actionable intelligence, and a listing of sites that anti-fraud tools can take advantage of. EMV 3DS 2.x allows merchants and acquirers to do a risk assessment prior to making an EMV 3DS authentication call to the issuer. A combined risk assessment from both the acquiring and issuing sides acts as a strong deterrent to fraudsters. Both issuers and acquirers can pool their intelligence and create a shared intelligence pool of fraud markings to identify common points of fraud. Information on declines on the switch side during authorization when fed into 3DS authentication ACS gives actionable intelligence to anti-fraud tools. BIN attack fraud is still a crude brute-force attack vector that is detectable, and preventive measures can be taken to interrupt it. A well-informed merchant and bank implementing a defensive anti-fraud solution that keeps itself abreast of the latest advisories combined with continuous monitoring of anomalous behaviour can stay a step ahead of this kind of fraudulent attack. Author: Ajit Nair, Director Product Management Wibmo A PayU/Naspers FinTech Company Cnp, Fraud, Fraud Prevention, Payment Fraud, Payments

BIN Attack Fraud Read More »

True Cost of Combating Payment Frauds

September 14, 2022 / Sujit Kumar Mahato

A quick recap of major players involved in payment transactions : 1. Customer 2. Issuer Bank — holding the customer’s bank account 3. Payment Networks — Visa, Mastercard, NPCI, etc 4. Merchant 5. Acquirer Bank — holding the merchant’s bank account In simple terms, Payments Fraud is the one where someone made unauthorized payments/purchases. Though the liability of fraud differs(customer/merchant/banks etc) on a case-to-case basis, someone in the payment system has to finally bare the brunt and mark the money as lost in their respective books. Fraud is a global issue that affects not only individuals but also organizations — merchants, banks, insurance companies, and who so ever is dealing with payments. Payments frauds have been crippling every country across the globe and according to recent studies, the epidemic of payment fraud has been growing over the recent years. When it comes to payments, there are 2 major elements – 1. FALSE NEGATIVE — when an act of fraud goes undetected and through the payment system 2. FALSE POSITIVE — when a faulty fraud detection system blocks a legitimate transaction. Anti-fraud solutions and fraudsters are caught in a cat-and-mouse game. Both have been leveraging technological innovations to meet their underlying need and eventually adding to the cost of combating fraud. Whenever we come across the term COST, our first thought is that it’s a mere cumulation of expenses incurred in producing or building a product or service. However, in financial terms, the cost is segregated into — Direct Cost and Indirect Cost. The majority of the time, indirect costs are neglected when it comes to deriving the actual cost of a project due to the difficulty associated with deriving a cost-effective methodology for the assignment of indirect costs. When it comes to defining the cost associated with fraud, organizations generally tend to consider the amount lost in the fraud process. These numbers are a significant percentage of the topline revenue. Moreover, it’s a concerning fact that even less than 20% of businesses are able to fully recover the amount from unauthorized transactions and other fraudulent activities. Apart from the obvious Direct Cost — fraud amount value — associated with the transaction, the Indirect Cost often goes unnoticed. Cost of Combating Fraud: Huge infrastructure and resources — manual as well as technological are deployed by organizations in payment authentication and authorization. The cumulative loss arising from both False Positive and False negative scenarios burn a larger hole in terms of operational efficiency. Cost to Reputation: Businesses incurs huge cost when it comes to building a reputation of trust through the marketing function which employs varied techniques to increase the perceived value of a product or service over time. Undetected frauds and consequent delays in grievance redressal often leave the customer/merchant with a bad experience with their respective banks and also with the payment entities involved in the process. Cost of declining Genuine transactions: High False positive rates can leave the customers/merchants frustrated. Organizations leave no stone unturned through sales and marketing and customer support to acquire and retain a customer. In the era of fierce competition, if one thinks Customer acquisition is hard, think about the retention of a frustrated customer. It is somewhat now possible to measure fraud and error losses but one needs to surely factor in the Indirect Costs in order to make a proper judgment about a proportionate level of investment to be made in reducing them through the deployment of anti-fraud tools. Direct costs associated with fraud are just the tip of the iceberg and give even less than half a picture of the menace lying underneath. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Anti Fraud Management, Digital Payment, Fraud Detection, Fraud Prevention, Online Payments

True Cost of Combating Payment Frauds Read More »

Account Takeover Frauds- Adaptive Protection Approach

August 31, 2022 / Sujit Kumar Mahato

Once a fraudster has gained access to an account, they eventually end with either or combination of the following : – Make fraudulent orders – Reload digital wallets – Use loyalty points – Sell the confirmed account – Extract customer data to sell The process of gaining access to a victim’s login credentials to steal funds or information is referred to as Account Takeover Fraud (ATO). Fraudsters can take over any account type — bank, e-commerce, etc and have multiple ways at their disposal to trick gullible victims. Account takeover fraud is not new, but it is becoming more common. In 2018, account takeover fraud losses totaled around $4 billion. By 2021, this figure had increased by more than 200%. (PaymentsJournal) Fraudsters are finding innovative ways to carry out their trade. Screen-sharing apps are one of the newest additions to their arsenal as more and more individuals adopted digital payments during the pandemic for daily transactions. These screen-sharing apps were developed with the intention to provide tech support using the screen-sharing feature. However, these apps are now being used by fraudsters to access the mobile devices of their targets and make transactions without waiting for victims to share OTPs. Often gullible consumers fall prey to fraudsters pretending as bank officials who create urgency on the pretext of account/card block and ask users to download screen-sharing apps for account retrieval. Once installed, fraudsters have a clear view of not only the account credentials but also the OTP messages received over the phone, and consumers eventually end up with debit messages of their hard-earned money. One of the growing concerns is that ATO frauds are happening through screen-sharing apps despite the constant efforts from government agencies and banks to educate consumers not to share sensitive financial information or download apps from suspicious sources. Apart from the recent Screen Sharing Apps, a few of the other methods deployed by fraudsters to conduct Account Takeover Fraud (ATO) are : – Phishing: Impersonating as representatives of well-known brands/ businesses, the fraudster persuades the individual to click on links that redirect to spoof websites or install malware that does the credential harvesting. – Credential Stuffing ( Brute-Force): Dark web provides bank account/card details at a cost as low as USD 15. Once the fraudster has sourced a list of stolen credentials from the Dark Web, bots are used to run automated scripts to guess the correct account password by making multiple login attempts with a different password each time Account takeovers can significantly damage customer trust and brand reputation. Often, businesses introduce tighter security measures and add verification steps, but too much of either can harm the user experience. The need of offering an experience that is welcoming to consumers and hostile to fraudsters can be addressed through an adaptive protection approach. Billions of transactions take place across the globe generating valuable data points which are utilized in the concept of adaptive protection and the ability to run through layers of controls in real-time — including consumer behaviors and network anomalies — to determine whether a user should be pushed through with no friction, declined or given an alternative experience. Differentiating between good users and fraudsters helps in avoiding account takeover fraud. Wibmo’s TRIDENT FRM, an enterprise fraud, and risk management solution, evaluate diverse data points across channels and devices for the risk associated with each transaction. Learning and adapting to evolving consumer behavior as well as fraud patterns, TRIDENT FRM helps to detect and predict fraud while ensuring a delightful user experience. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Account Takeover, Fraud Detection, Fraud Prevention, Online Payments

Account Takeover Frauds- Adaptive Protection Approach Read More »

RETURN FRAUD- The e-commerce way of Shop-Lifting

August 24, 2022 / Sujit Kumar Mahato

The pandemic changed the way consumers shopped. A black swan event changed consumer behavior and Online shopping is one of the segments to reap benefits. The pandemic and the exponential growth in e-commerce forced traditional brick-and-mortar shops to adapt to the evolution. Pre-pandemic brick-and-mortar shops kept a cautious eye on shoplifters but the e-commerce boom came up with its own shoplifting nemesis, say Hello to RETURN FRAUD. Fraudsters abuse the retailer’s fraud policy which was actually created for customer delight and it’s the smaller e-retailers who bear the brunt of Refund Fraud. The modus operandi of Refund Frauds differs from traditional frauds as it takes place post transaction — once the goods have exchanged ownership from the merchant to the consumer. A thriving ecosystem, Fraud-as-a-Service (Professional Refunders) has come into place to support those who wish to take advantage of lax return policies without actually having to go through the process. Reddit and Discord channels are leveraged as promotional grounds for these Illegal Life Pro Tips (ILPT) Modus Operandi 1. Everything is legitimate during the online transaction. Fraud is initiated once the good is received by the consumer. 2. Consumer goes to a Professional Refunder who charges a percentage cut on the refund value. 3. Refunder impersonates the Consumer 4. Refunder initiates the escalation with the merchant and uses the PERFECTED METHODS to get a refund without returning the product. A few of the Perfected Methods : a) Substance Leak — With doctored images/videos refunders report hazardous breakage such as monitor capacitor leakage, or battery acid leakage, thus making the product legally un-shippable. b) Partially Empty Box — Generally used for tracked shipping where the package is claimed to have arrived but has missing components. c) Fake ID Tracking Numbers — A properly weighed package is returned back without the actual goods. The shipping address is doctored to a new but incorrect address. Refunder then initiates a return claim with the merchant — to whose naked eye the package appears to be shipped and delivered back. d) Blood or Maggots — Claiming of finding questionable substances (again, doctored images/videos) in the product received and thus a reason for why one can’t possibly handle the opened package. Refund Fraud not only is a concern to merchants but also runs a risk of putting consumers’ virtual assets at risk such as email, passwords, card details, etc — as refunders offer Fraud-as-a-Service, access to the buyer account. Apart from the complicated methods listed above employed by professional refund fraudsters, consumers, with a Robin Hood mentality, too are learning about refund fraud and executing Refund Fraud as : a) Bricking: A working item ( generally electronic items) is purchased with the intention to be returned after stripping down the valuable component and rendering the item eventually unusable. b) Wardrobing: Majorly observed with expensive clothing. An item is purchased, used, and eventually returned. c) Switch Fraud: Returning a previously owned defective or damaged identical item with the aim of cashing on to the refund. Be it the retailers or the e-retailers have a return policy in place but a fine balance needs to be maintained — neither overly complex nor overly relaxed. The process of refund dents a blow to the bottom line not only in terms of labor involved in the process but also in refurbishing the returned items. Trying to avoid Return Fraud by adding manual resources will be a mountain task in this era of data where organizations are sitting on a mountain of data as well as leveraging data from other sources. Multiple data enrichment tools provide services as quick reverse checks on multiple data points for instance email addresses. Current innovations in fraud detection software over the recent years have made it possible to curb the menace of fraud even with very little technical knowledge. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Fraud, Fraud Detection, Fraud Prevention, Return Fraud, Risk Management

RETURN FRAUD- The e-commerce way of Shop-Lifting Read More »

Identification, Authentication, Authorisation — Know the Difference

February 21, 2022 / Sujit Kumar Mahato

We undergo the process of Identification, Authentication, and Authorization every day in both physical and digital worlds. Let’s first start with the physical world. You have been planning for a weekend vacation for a long time but have been stalling because of the busy work schedule. After months of long hours of work, you finally find a weekend for a getaway. After work hours you meticulously plan the vacation — the place to visit, the hotel to stay, the to-do activities, and whatnot. Finally, the getaway weekend has arrived and the first thing that you do after reaching your destination: is Check-in into the hotel 1. Identification — You walk to the hotel reception and mention that you have a prior booking at the hotel. The first thing the receptionist asks is for your name. The receptionist then checks through the register to confirm of your booking. By providing your name, you claimed your identity. Your name, more or less, is unique and used for identification. 2. Authentication — Once the receptionist has got your name in the booking register, you are asked to present an ID card. The ID card verifies that you are the person whose name is on the reservation Here, the ID card facilitates the process of authentication and verifies your identity. 3. Authorisation — After the receptionist has done the necessary authentication process/paperwork, you receive a guest keycard. The guest’s keycard grants you access to your room, the guest elevators, and the pool — but not other guests’ rooms or the service elevator. Hotel employees have a service keycard, authorized to access more areas of the hotel than guests are. You enjoy the next few days to the fullest and finally be well-rested and rejuvenated. It’s time to go back to your work and give your best. It’s time to check out and walk to the reception desk. You hand over your card to the receptionist to pay the bill. At this moment you have jumped into the digital world of identification, authentication, and authorization. 1. Identification — The receptionist puts your card through a POS terminal. The information stored on your magnetic strip/EMV chip enables the banking systems to identify your valid account details — a bank that has your account, your account details, etc. Here the information on your card’s magnetic strip/EMV chip is analogous to your name which you used during check-in. 2. Authentication — You are then requested to enter your card PIN. Your card PIN is confidential to you — only you know it (an ideal case). By providing the PIN, you establish the validity of you being the owner of the card, associated with the bank account. The PIN authenticates that you are the owner of the bank account, from which money would be transferred to the hotel for its services. 3. Authorisation — There are multiple stakeholders involved when you are making transactions through your card. The bank in which you have your account, the card networks — Visa/Mastercard/Amex/Diners, the bank which has the hotel account, the software provider for the POS terminal, etc. Each stakeholder has a specific role to play. For example, the bank — which has your account- confirms that your account has enough balance amount. It then authorizes the deduction of the bill amount from your bank account. It may seem that all three steps — identification, authentication, and authorization are inseparable. But that’s not true. Remember the last time you uploaded a file on your Google Drive/One Drive and shared a public link. Here, you have authorized anyone with the link to access that file without any prior identification or authentication. Probably, the value of the file is far less than the value of the money in your bank account. Hence, the banking world uses cutting-edge solutions to predict, prevent and detect fraudulent transaction attempts on your card. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Authentication, Authorization, Digital Payment, Identity Management, Security

Identification, Authentication, Authorisation — Know the Difference Read More »

What is Risk-Based Authentication and why banks should implement it?

November 18, 2021 / Ajit Nair

Driven by the trifecta of smartphone penetration, low-cost data rates, and higher incomes, the Indian e-commerce market was expected to grow to US$ 200 billion by 2026. Covid-19 has caused an inflection point for the e-commerce market in India. A Bain & Company-PRICE survey of 3000 households across income groups and geographies which was conducted between April and June, revealed about 13% of respondents buying online for the first time, while about 40% buying more online. An NRF survey showed that nearly 6 in 10 consumers say they are worried about going to the store due to fear of being infected. Figure 1: Growth of credit cards in India (Source: RBI database, Bank-wise ATM/POS/Card Statistics various years) The majority of the growth is from online shoppers in Tier 2 tier 3 cities. The pandemic has also seen a surge in UPI transactions. While credit cards did a total of 185 million transactions delivering a value of INR 805K million, UPI delivered a staggering 3654 million transactions with a value of INR 6543K million as per RBI and NPCI statistics for Sep 2021. Key Challenges and Solutions: With the spectacular growth in the eCommerce market sophisticated online payment frauds and threats have mushroomed too. An e-commerce transaction involves multiple entities at various stages, such as the marketplace, merchants, payment gateways, financial institutions, apart from the end consumers, and each of them can act as a vulnerability or attack point for malicious actors. For example: The end customer fraud making fraudulent claims, chargebacks, fake buyer accounts, promotion/coupon abuse. Malicious fraudsters involved in account takeover, identity theft, card detail theft, etc. Data leaks compromise millions of consumer details every year contributing to digital fraud through impersonation globally. Fraudulent merchants who could deploy “bust out” merchant fraud and transaction laundering mechanisms to defraud acquirers. However, transactional and identity security is not the only concern of financial institutions. This must be balanced with customer experience. Customer loyalties now lie with merchants and banks that offer the best experience in terms of convenience, speed, and security. With the myriad of devices, payment authentication options, and processes every digital bank faces the ultimate challenge of balancing optimal security and a seamless customer payment experience. This is where Wibmo’s Trident FRM makes a difference. Trident FRM is a comprehensive, omni-channel, risk-based authentication (RBA) solution that identifies and manages fraud in real time. It does so by building a holistic customer profile from diverse data points. Figure 2: Risk-Based Authentication A customer’s transaction journey begins on a checkout page or a bill payment action or when a customer does a fund transfer (wire transfer). These actions result in the customer connecting to the bank’s server and the bank’s server is an integration point for Trident to evaluate the risk of every transaction done by the user in real-time. Trident uses the data it receives from multiple channels and devices. Data comes in various forms, like: Transactional data: Card number/account number/phone number, amount, currency, merchant or payee information, billing, and shipping addresses. Location data: Terminal id, IP address, approximate latitude and longitude, ISP data. Device data: (SDK App ID, Browser information, proprietary device-fingerprinting) User information: Time of the day for this transaction and any deviations from past customer behavior using historical data. With more than 100 data points (in the case of online e-commerce), and a powerful set of operators Trident can write rules for almost every fraud scenario using an intuitive rule builder screen. In addition, Trident employs advanced analytics and machine learning algorithms to generate a real-time score and decisions for every transaction. The decision can be one of the following: Low Risk: These are transactions that can be ALLOWED to proceed without challenging for OTP thereby delivering a seamless customer experience. In Wibmo’s experience, more than 90% of the transactions fall under this category. Medium Risk: Transactions that are suspected are risky enough to challenge using a multi-factor authentication method. High Risk: Transactions that are suspected to be very high risk and suggested to be declined. Any suspected fraudulent transaction is marked as a case for automated action or manual investigation and closure in the Case Management portal. An efficient case management portal drives both proactive and reactive fraud cases using consolidated data across channels. It also generates various reports that are required for regulatory and compliance purposes. Benefits of RBA are: Reduced financial losses due to fraud. Customer delight due to seamless payment experience. Improved compliance with local and global regulatory requirements. Reduced total cost of operations by managing fraud cases efficiently and limiting the number of cases routed for manual review. Impact Analysis: So, a frequently asked question is: What is the impact of doing risk-based authentication? For a credit card online purchase (card not present) scenario, RBA using Trident delivers almost 6–8% improvement in success rates for banks and almost 40% reduction in latency for completing the transaction for the end customers. To put this in perspective, as of Dec 2020 with an average ticket size of credit cards was Rs 3,653 and with 20 lakhs transactions per month for online transactions, for a given bank and assuming a 1% MDR, this is an additional uptick of 43 lakhs every month. Wibmo processes cards not present transactions for many of India’s largest banks. For a large bank with more than 150 lakh transactions, we were able to save close to Rs 5 lakhs in a month. Conclusion: As transaction volumes are set to grow in double digits year on year, and as customers expect to transact from anywhere using multiple devices, the threat of increased online fraud becomes more real. Customers want speed and convenience balanced with security, therefore, banks that deliver the most optimized services will win customer loyalty. Hence, it becomes imperative for issuers to be integrated with robust, omnichannel fraud detection and prevention risk engines. RBA solutions such as TRIDENT FRM is a cost-effective solution that empowers banks to stay one step ahead of fraudsters and deliver delightful customer experiences which they have come to expect in today’s digital world. Author: Ajit Nair, Director Product, and Programs Wibmo A

What is Risk-Based Authentication and why banks should implement it? Read More »

Faster and Convenient Authentication

October 29, 2021 / Sujit Kumar Mahato

Before the invention of the steam-driven railways in the 1800s, mankind was dependent on animal pulled wagons to transfer goods. The Tanfield Wagonway in England, the first large-scale railway, used horses to haul coal-filled wagons from the mining village of Tanfield. On the lookout for faster and more convenient forms of transportation, evolved from horses driven wagons to steam engines, from steam to diesel, and from diesel-driven to engines driven on electricity. Fast forward to the 21st century, the world is experimenting with hydrogen-powered trains. Consider the banking industry. Though there is no trace of the word ‘banking’ before the 1600s, the practice of safekeeping, saving, and transacting money can be traced back to the temples of Babylon. The Arthsashthra, written by Chanakya around 300 BC, has mentions of ‘hundis’ or letter of transfer. Had the banking industry failed to ride the technological horse, money transfer initiated through hundis would have taken days or at least hours, to reach the designated payee through the fastest railroad. Thankfully, the banking industry learned to ride the technological horse and today with the help of electronic transfer can facilitate the process of money transfer. Electronic transfer not only made money transactions faster but also convenient for the people, who were saved from the age-old hassle of going to a nearby branch and waiting for their turn in the long queues at the bank teller. Can money transactions be made faster and more convenient for the customers? The movement of the electrons, involved in the electronic transfer, cannot be made faster with current feasible resources nor the customers can have a more convenient experience in making transactions from the comfort of their homes. The only way to provide a better — faster and convenient- banking service could be through optimization of steps involved in internet transactions. A large part of the processes involved in electronic money transfer is dominated by Authentication or security — ensuring the money transfer takes place from the genuine customer. The introduction of OTP has been a major advancement in the banking industry. However, it is the one step that may be loved by the banks but hated by customers, especially when the OTP fails to arrive on time or when the user makes a mistake. Removing OTP altogether poses a serious threat to security and thus banks still rely on OTP services for user authentication. This brings us to the question — How authentication can be made faster and more convenient? Is it possible to have convenient security? The answer lies in DATA. Let’s consider a simple case of house-rent transfer. A genuine user would be transferring the same house-rent amount month after month to the same account, using mostly the same wifi connection (ISP), the same laptop/mobile, and may be even on the same day of the month. A fraudster, for sure, wouldn’t be so generous to take the pain of paying rent on the user’s behalf. All the parameters above can be easily tracked and monitored with data. The answer to a “Faster & More Convenient Authentication/Security” lies in identifying the right set of data and formulating them into risk assessment. Higher risk should demand stricter authentication whereas lower risk should lead to faster and convenient -frictionless transactions, paving way for customer delight. The pandemic has accelerated the adoption of cashless transactions across the globe and is forcing the bank, more than ever, to evolve in order to meet the demands of smartphone-led online shopping culture, with cards and digital wallets rising in prominence. Banks need to leverage data and segregate high and low-risk transactions in order to provide ‘faster and convenient authentication to their customers. The demand for a fast, reliable, secure, and frictionless payment experience by customers requires banks to adopt fraud detection systems, which leverage the power of data through advanced machine learning technologies. When it comes to detecting subtle patterns which help in the identification of fraud transactions, machines are more effective than humans. Today, irrespective of the field, the power to leverage data, to provide ‘faster and convenient service, is one of the biggest assets for any organization. The faster and higher the convenience, the greater is the customer delight. The greater the customer delight, the higher is the customer loyalty. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Authentication, Digital Payment, Fraud Detection, Payments, Paytech

Faster and Convenient Authentication Read More »

How did we make Wibmo GDPR ready in 6 months?

October 2, 2021 / Pravin Kumar

A brief about GDPR GDPR is the world’s most strictly enforced set of data protection rules, enhancing how people can access information about themselves and limiting what organizations can do with personal data. GDPR’s full text is a cumbersome beast with 99 individual articles. The regulation in the EU, which replaced the previous 1995 data protection directive, serves as a framework for laws across the continent. After more than four years of debate and negotiations, the GDPR’s final form was adopted by both the European Parliament and the European Council in April 2016. At the end of that month, the underlying regulation and directives were published. GDPR went into effect on May 25, 2018. Countries in Europe were given the ability to make minor changes to better suit their own needs. This adaptability resulted in the creation of the Data Protection Act (2018) in the United Kingdom, which replaced the previous Data Protection Act of 1998. Driver for GDPR Wibmo currently has a large presence in India, Asia, Middle East, and Africa. And we aspire to enter the European market with our flagship service offering such as Authentication solutions and Fraud Risk Management solutions. We foresee that with increasing dependency on technology and digital products, we can offer seamless services to the European market. Moreover, with the expansion of the European Union, the EU market seems to be more lucrative to capture a large clientele base with a common regulatory framework and processes. Journey to GDPR readiness We performed initial due diligence with regards to GDPR articles and realized that it falls under the category of “Data Processor” as the majority of Personally Identifiable Information (PII) are not captured by themselves. These PII are shared with us by our customers/banks (controller) to whom we provide services. Then we defined “Security and Privacy by Design” principles and implemented them across the organization. To make everyone aware of these principles, we also provided mandatory training to all our employees on this subject through the “OneTrust” training tool. We performed a check for applicability of GDPR Articles and prepared a Statement of Applicability (SOA) which listed the set of GDPR Articles applicable to it. As a next logical step, we engaged with a Big4 consulting firm to perform gap assessment vis-à-vis processor control requirements. The gap assessment covered below domains: 1. Governance and Operating Model 2. Legal and Regulatory 3. Data Privacy Policy 4. Data Management 5. Privacy by Design 6. Security for Privacy 7. Third-Party Management 8. Data Subject Access and Requests 9. Consent Management 10. Training and Awareness 11. Breach and Incident Management 12. Business Unit Processing Activity (BUPA) 13. Data Privacy Impact Assessment (DPIA) The identified gaps were categorized in the areas of People, Process, and Technology. Then we created several policies and processes with the help of the global privacy team to comply with GDPR articles. To name a few policies and processes — Cyber Security and Privacy Incident Process, Data Subject Request Handling process. We also defined Business Unit Processing Activity (BUPA) and Data Privacy Impact Assessment (DPIA) for applicable business processes. We also enhanced our systems following a robust Change Management process to address some of the technology-specific gaps. We organized several awareness sessions and training on Privacy and Security controls requirements to ensure that the entire company stands in unison with regards to GDPR expectations. We are very pleased to share that the identified gaps have been successfully remediated. The remediation evidence has been shared with consulting partners for independent verification and closure confirmation thereafter. In addition, we have established a dedicated team for enforcement, implementation, and ongoing support of the GDPR compliances. Finally, we got a much expected and long-awaited tagline that “Wibmo is a GDPR-ready organization”. This compliance would help our business team to attract customers based out of the EU region which will make us globally the number one authentication service provider. Lastly, we would like to extend a big thanks to all our customers, employees, vendors for their seamless support in this journey. Author: Pravin Kumar, CISO Wibmo A PayU/Naspers FinTech Company GDPR, GDPR Compliance, GDPR Training, Security

How did we make Wibmo GDPR ready in 6 months? Read More »