Mobile Banking Apps in the Middle East: Transforming Customer Expectations and Experience

In recent years, the Middle East has emerged as a hotspot for digital banking innovation, driven by rapid smartphone penetration, government-backed digital transformation initiatives, and shifting customer expectations. Mobile banking apps are at the forefront of this revolution, redefining how customers interact with financial institutions. The Landscape of Mobile Banking in the Middle East According to the World Bank, smartphone penetration in the Middle East exceeds 85% in countries like the UAE, Saudi Arabia, and Qatar, providing fertile ground for mobile banking adoption. A 2023 study by Mastercard revealed that over 70% of consumers in the region prefer using mobile apps over visiting bank branches, highlighting a significant shift towards digital-first banking. Key Drivers of Change 1. Evolving Customer Expectations Middle Eastern customers, influenced by global tech giants like Apple and Amazon, now demand seamless, personalized, and secure digital experiences. A report by Deloitte Middle East in 2024 shows that 67% of customers in the GCC region prioritize convenience and personalization in their banking experience. 2. Regulatory Push for Innovation Governments across the Middle East are actively promoting digital banking. The UAE’s Vision 2021 and Saudi Arabia’s Vision 2030 emphasize fintech and digitalization as key pillars. These initiatives have led to the proliferation of digital-only banks like Liv by Emirates NBD and STC Pay in Saudi Arabia. 3. The Rise of Fintech and Open Banking Fintech collaborations are driving innovation in the sector. Open banking regulations, such as those introduced by Bahrain’s Central Bank, are enabling greater data sharing between banks and third-party providers, paving the way for more innovative and customer-centric apps. Transforming Customer Experience through Mobile Apps 1. Personalization at Scale With advanced AI and machine learning, mobile banking apps in the Middle East now offer hyper-personalized experiences. For instance, Emirates NBD’s app uses AI to analyze spending habits and provide tailored financial advice. 2. Enhanced Security Measures Security remains a top concern for customers. Banks are leveraging biometric authentication, such as facial recognition and fingerprint scanning, to enhance app security. A 2023 KPMG report noted that 81% of Middle Eastern banks have adopted advanced security measures to build customer trust. 3. Financial Inclusion Mobile banking apps are playing a crucial role in improving financial inclusion. In regions with limited physical banking infrastructure, such as rural areas of Oman or Jordan, mobile apps provide access to essential banking services. 4. Streamlined Digital Payments Digital payment solutions integrated into mobile banking apps, like Saudi Arabia’s Mada Pay or the UAE’s Apple Pay partnerships, are transforming the payment landscape. Statista forecasts that digital payments in the Middle East will grow by 19.2% annually, reaching $314 billion by 2027. Challenges Ahead Despite significant progress, challenges remain: Cultural Preferences: Some segments of the population, particularly older demographics, still prefer traditional banking methods. Cybersecurity Threats: As digital transactions increase, so do the risks of cyberattacks. Skill Gaps: Banks need to invest in upskilling employees to manage and innovate in a digital-first ecosystem. The Future of Mobile Banking in the Middle East Looking ahead, the future of mobile banking in the Middle East will likely be shaped by: 1. AI-Driven Banking: Predictive analytics and AI-powered chatbots will deliver even more intuitive and responsive banking experiences. 2. Blockchain Integration: Blockchain could enhance security and transparency, particularly for cross-border transactions. 3. Super Apps: Inspired by platforms like China’s WeChat, Middle Eastern banks may develop super apps that integrate banking with lifestyle services, such as travel and e-commerce. Conclusion The Middle East’s mobile banking landscape is undergoing a transformative journey, driven by technological advancements, customer-centric innovation, and regulatory support. Financial institutions that prioritize personalization, security, and seamless experiences will not only meet but exceed the evolving expectations of their customers. As the region continues its march towards a cashless, digital-first economy, mobile banking apps will remain pivotal in reshaping the financial services industry and improving customer experiences across all demographics.

Mobile Banking Apps in the Middle East: Transforming Customer Expectations and Experience Read More »

Online Payment Systems: Understanding Types, Methods, and How They Work 

As payments have shifted from physical cash to digital transactions, online payment systems have become essential to our daily routines. From buying groceries to subscribing to streaming services, the ease of online payments is undeniable. This blog will delve into the world of online payment systems, exploring their types, methods, and operational mechanisms. Understanding Online Payment Systems Online payment systems are electronic methods used to transfer money over the internet. They facilitate secure and efficient transactions between buyers and sellers, encompassing various methods such as credit and debit cards, digital wallets, and bank transfers. Types of Online Payment Systems How Online Payment Systems Work Understanding the mechanics of online payment systems involves knowing the key players and steps in processing a transaction: The process starts when a customer initiates a payment on a merchant’s website. The payment gateway encrypts the payment information and sends it to the payment processor. The processor then communicates with the issuing bank to verify the transaction. Once approved, the funds are transferred from the issuing bank to the acquiring bank, completing the transaction. Benefits of Online Payment Systems Security Measures in Online Payment Systems Security is crucial in online payment systems. Common measures include: Future Trends in Online Payment Systems Conclusion Online payment systems have transformed how we conduct transactions, offering unparalleled convenience, speed, and security. As technology advances, we can expect even more innovative and secure payment methods to emerge. Understanding these systems is crucial for both consumers and businesses to navigate the digital economy effectively. By grasping the intricacies of online payment systems, businesses can better meet their customers’ needs, ensuring seamless and secure transactions. Stay tuned to Wibmo for more insights into the world of digital payments!

Online Payment Systems: Understanding Types, Methods, and How They Work  Read More »

The Real Story Behind False Declines and How Wibmo Trident FRM Secures Transactions 

In today’s fast-evolving digital economy, businesses rely heavily on seamless online transactions to drive growth and customer satisfaction. However, false declines — legitimate transactions mistakenly flagged as fraudulent — have become a growing concern. These incidents lead to customer frustration and significant revenue loss. As fraudsters continue to innovate, businesses must deploy advanced security measures that both combat fraud and minimize false declines.  In this blog, we explore the causes and impact of false declines and how Wibmo’s Trident FRM (Fraud Risk Management) system helps businesses reduce these risks while providing secure, frictionless payment experiences.  What Are False Declines?  False declines, also called false positives, occur when valid transactions are incorrectly rejected due to fraud detection systems being overly cautious. These rejections can be triggered by unusual spending patterns, technical errors, or overly strict fraud detection algorithms. While these systems aim to block fraudulent activity, they can sometimes hinder genuine transactions.  In 2023, false declines have been an expensive issue for businesses, costing global eCommerce firms an estimated $81 billion in lost revenue. This highlights the need for more advanced fraud detection systems that balance security with customer convenience.  The Impact on Businesses and Consumers  False declines affect both businesses and consumers alike. For businesses, the immediate loss of revenue from rejected transactions is just the beginning. Customer churn is a serious consequence, as 47% of customers who experience a false decline may not return, leading to long-term revenue loss. Additionally, false declines contribute to operational inefficiencies as businesses deal with disputes and chargebacks, further affecting profitability.  For consumers, having a legitimate transaction rejected can damage trust and loyalty. The frustration caused by a false decline often leads to customers turning to competitors, affecting future engagement.  How Wibmo Trident FRM Reduces False Declines  To address these challenges, Wibmo’s Trident FRM (Fraud Risk Management) provides a sophisticated solution that combines machine learning, real-time data analysis, and behavioural analytics to accurately assess transaction risk.  Key Features of Wibmo Trident FRM:  Trident FRM continuously monitors user behaviour, detecting anomalies and signs of potential fraud. This advanced fraud detection helps block fraudulent transactions while allowing legitimate ones to be processed without interruption.  Unlike traditional fraud detection systems, Wibmo Trident FRM adapts to emerging fraud patterns. It fine-tunes authentication requirements based on transaction risk, ensuring a balance between fraud prevention and customer experience.  Leveraging AI-powered data analytics, Wibmo Trident FRM offers real-time fraud detection, blocking fraudulent transactions as they occur. This ensures that businesses can process legitimate transactions smoothly while preventing unauthorized activities.  Combating Online Fraud  The global rise of eCommerce has seen an increase in online fraud, with $48 billion in eCommerce fraud losses globally in 2023. Businesses must adopt proactive fraud prevention strategies to avoid these significant financial losses. Wibmo Trident FRM provides a robust solution that not only protects businesses but also reduces the frustration caused by false declines.  Best Practices for Fraud Prevention:  Benefits of Wibmo Trident FRM  Wibmo Trident FRM allows businesses to strike the right balance between security and customer experience. By reducing false declines, businesses can protect their revenue and build long-term customer trust and loyalty. Its adaptive approach ensures that customers enjoy a seamless and secure payment journey, even in a high-risk online environment.  Customer Experience Impact:  With fewer interruptions and smoother transactions, Wibmo Trident FRM enhances the overall customer experience, helping businesses maintain customer loyalty while ensuring secure payments.  Conclusion  As online fraud continues to rise, it’s crucial for businesses to adopt advanced fraud management solutions. False declines can cause both financial losses and customer dissatisfaction, making it essential to minimize them through intelligent risk management. Wibmo Trident FRM offers an effective solution that provides real-time, adaptive fraud prevention while ensuring legitimate transactions are processed smoothly. 

The Real Story Behind False Declines and How Wibmo Trident FRM Secures Transactions  Read More »

Maximizing Payment Efficiency with Smart Routing

The Digital Payments Roadmap report, recently published by the South African Reserve Bank (SARB), identifies high merchant fees as a significant contributor to the low adoption and use of digital payments by merchants. Additionally, high interchange and merchant card processing fees deter smaller merchants from accepting digital payments, as these fees negatively impact profitability. Achieving optimal performance in digital payments is essential for businesses and for meeting the broader financial inclusion goals set out in the SARB’s Vision 2025 Framework and Strategy. The landscape of digital payments is constantly evolving, with new regulations, network mandates, and issuer preferences emerging regularly. To navigate these changes effectively, companies need a comprehensive toolkit that not only keeps them informed but also helps maintain high acceptance rates and ensures a seamless customer experience. Intelligent payment routing, or smart routing, is a critical component of this toolkit. It automates the process of directing transactions to the Payment Gateway that offers the highest likelihood of acceptance at the low-cost high success rate, addressing the significant issue of Transaction failures How Intelligent Payment Routing Works Intelligent payment routing determines the best path for processing a payment to maximize successful transactions while minimizing costs. This can involve routing through different payment providers (payment orchestration) or networks, considering factors such as efficiency, reliability, and cost. Merchants can set criteria for automated routing based on their specific objectives. Key Benefits of Smart Routing: Smart Payment Routing Through Different PSPs Payment orchestration involves smart routing through various payment service providers (PSPs). The routing software evaluates factors such as customer location, payment currency, transaction amount, and card type to determine the best provider for each transaction. This approach ensures that payments are processed through the provider with the highest Conclusion In conclusion, Smart payment routing is a vital tool for businesses looking to optimize their digital payment processes. By automating the selection of the most efficient and cost-effective payment routes, companies can significantly enhance their revenue, reduce processing costs, and improve overall payment performance. The ability to dynamically route payments, access real-time data, and integrate with multiple payment providers ensures that businesses can adapt to the ever-changing digital payments landscape. As digital transactions continue to grow, the importance of intelligent payment routing will only increase, making it an indispensable part of any comprehensive payment strategy.

Maximizing Payment Efficiency with Smart Routing Read More »

Enhancing Fraud Prevention with Risk-Based Authentication and Method URL

Preventing fraud while maintaining a seamless user experience is crucial for merchants and issuers alike in the rapidly evolving digital payment landscape. A key way to strengthen fraud prevention is by gathering more device and browser characteristics before authentication. This can be achieved through Risk-Based Authentication (RBA), Browser Fingerprinting, and the use of Method URL as part of the EMV 3DS protocol. Let’s explore how these elements work together to improve security and reduce fraud. The Role of Risk-Based Authentication (RBA) Risk-Based Authentication (RBA) dynamically assesses each transaction’s risk level based on multiple factors, such as device characteristics, location, and user behaviour. Instead of applying a blanket security protocol for all transactions, RBA allows issuers to adjust the level of authentication required based on the perceived risk. This improves fraud detection while minimizing friction for low-risk transactions, thereby creating a better user experience. Browser Fingerprinting: A Core Element of Fraud Detection Browser fingerprinting is a technique used to collect unique information from a user’s browser. This includes data like the device’s operating system, browser version, plugins, IP address, screen resolution, and more. By building a unique profile of the user’s environment, issuers can detect anomalies that may indicate fraud, such as sudden changes in the user’s device or location. However, to leverage this information effectively, additional data must be captured early in the transaction flow, which is where Method URL comes into play. Understanding Method URL Method URL is a critical step of the EMV 3DS protocol. It enables issuers to collect additional browser information during the early stages of the authentication process. This step, which occurs before the authentication request is fully processed, provides vital data that can enhance RBA and fraud prevention measures. How Method URL Works: Benefits of Method URL in Fraud Prevention The use of Method URL offers several benefits for both issuers and merchants in combating fraud: Best Practices for Implementing Method URL To maximize the benefits of Method URL, issuers and merchants should follow these best practices: Integrating Wibmo Protect Wibmo Protect is an advanced fraud prevention solution that seamlessly integrates with RBA, Browser Fingerprinting, and Method URL to provide an additional layer of security. By leveraging Wibmo Protect, issuers and merchants can benefit from: Conclusion Method URL, when integrated properly, significantly improves fraud prevention by enabling issuers to gather vital browser and device characteristics early in the authentication process. By leveraging this data for risk-based authentication, both issuers and merchants can reduce fraud, improve authentication success rates, and provide a better user experience for customers. As fraud prevention becomes more complex, using tools like Method URL and Wibmo Protect is essential for staying ahead of emerging threats and ensuring secure, frictionless transactions.

Enhancing Fraud Prevention with Risk-Based Authentication and Method URL Read More »

The Role of AI and ML in Averting Fraud in Real Time 

Fraudsters are becoming increasingly sophisticated, leveraging advanced technologies to exploit vulnerabilities. As a leading provider of secure payment solutions, Wibmo understands the critical role that artificial intelligence (AI) and machine learning (ML) play in averting fraud in real-time. This blog explores how AI and ML are transforming fraud prevention, the benefits of these technologies, and how Wibmo’s innovative products are at the forefront of this battle.  The Growing Threat of Fraud  Fraud is a pervasive issue that affects individuals and organizations worldwide. According to a report by Juniper Research, global losses from online payment fraud are expected to exceed $206 billion between 2021 and 2025. This staggering figure underscores the urgent need for effective fraud prevention measures.  How AI and ML Combat Fraud  AI and ML are revolutionizing the way we detect and prevent fraud. These technologies enable systems to analyse vast amounts of data, identify patterns, and make real-time decisions. Here are some keyways AI and ML are used in fraud prevention:  The Benefits of AI and ML in Fraud Prevention  The integration of AI and ML in fraud prevention offers numerous benefits:  Wibmo’s AI and ML Solutions  At Wibmo, we leverage AI and ML to provide cutting-edge fraud prevention solutions. Our products are designed to protect users and organizations from a wide range of fraudulent activities. Here are some of our key offerings:  Real-World Impact of AI and ML in Fraud Prevention  The impact of AI and ML in fraud prevention is evident in various industries. For instance, banks using AI-powered fraud detection systems have reported a 50% reduction in false positives and a 30% increase in fraud detection rates. Similarly, e-commerce platforms have seen a significant decrease in chargebacks and fraudulent transactions by implementing AI and ML solutions.  The Future of AI and ML in Fraud Prevention  As AI and ML technologies continue to advance, their role in fraud prevention will become even more critical. Here are some trends to watch for:  In the fight against fraud, AI and ML are powerful allies. These technologies enable real-time detection and prevention, ensuring that individuals and organizations can stay one step ahead of fraudsters. At Wibmo, we are committed to leveraging AI and ML to provide innovative fraud prevention solutions that protect our users and enhance their security. By staying informed about the latest trends and continuously improving our systems, we can create a safer digital environment for everyone.  By understanding the role of AI and ML in fraud prevention and adopting advanced solutions like those offered by Wibmo, you can significantly reduce the risk of falling victim to fraud. Stay vigilant, stay informed, and stay secure. 

The Role of AI and ML in Averting Fraud in Real Time  Read More »

Securing Digital Transactions During the Festive Season with Wibmo: A Trusted Partner for Seamless and Safe Payments

The festive season brings an immense surge in online shopping and digital payments. In 2023, Diwali sales alone saw a 49% increase in online transactions, along with a 35% rise in website traffic, making it one of the most lucrative periods for businesses. However, with this rise comes a higher risk of fraud and security breaches. Securing seamless transactions is essential for protecting both revenue and customer trust during this busy season. Wibmo Protect is designed to address these challenges, offering a comprehensive solution that ensures secure and frictionless transactions, even during the peak of the festive rush. How Wibmo Protect Safeguards Festive Transactions 1. Multi-Layered Security with Adaptive AuthenticationWibmo Protect uses dynamic, multi-factor authentication (MFA) to safeguard transactions by adapting security measures based on real-time risk. This reduces the friction for legitimate customers while ensuring robust protection against fraud. Given that the 2023 festive season saw a 72% spike in online sales just two days before Diwali, adaptive authentication is crucial to maintaining a seamless shopping experience without compromising security. 2. Real-Time Fraud Detection & PreventionThe festive season also brings an increase in fraudulent activities. Wibmo Protect’s AI-driven fraud detection engine continuously monitors transactions, instantly identifying suspicious patterns and blocking unauthorized activities in real-time. With eCommerce fraud expected to rise during high-traffic periods like Diwali, proactive fraud detection minimizes losses and protects businesses from financial threats. 3. Seamless Integration with Payment EcosystemsBuilt on industry-standard 3D Secure protocols, Wibmo Protect easily integrates into existing payment ecosystems, ensuring secure transactions without disruption. This is particularly important as conversion rates during the 2023 festive season increased by 22%, emphasizing the need for a frictionless user experience while handling high volumes of transactions. 4. Scalability for High Transaction VolumesThe Indian eCommerce sector recorded significant growth, with over ₹3.75 lakh crore in retail trade during Diwali 2023. Wibmo Protect’s scalable infrastructure is built to handle such high transaction loads, ensuring that businesses can maintain security and efficiency even when managing millions of transactions daily. 5. Compliance with Global and Local RegulationsWibmo Protect adheres to global standards like PCI-DSS and complies with local regulations, such as the RBI’s Additional Factor Authentication (AFA) guidelines. This guarantees that businesses remain secure and compliant, reducing the risk of regulatory fines during peak transaction periods. 6. Advanced Machine Learning for Fraud Pattern RecognitionWibmo Protect leverages machine learning to stay ahead of emerging fraud patterns. During high-traffic periods like the festive season, when fraudulent activities spike, Wibmo Protect’s system identifies and prevents new fraud attempts, ensuring businesses stay protected. Why Businesses Trust Wibmo Protect As businesses gear up for the festive season, securing digital transactions is crucial to providing a seamless shopping experience while protecting against fraud. With Wibmo Protect, businesses can confidently manage high transaction volumes and safeguard their customers from evolving threats during the festive season. Keep your payments secure this festive season with Wibmo Protect, your trusted partner for secure, seamless transactions.

Securing Digital Transactions During the Festive Season with Wibmo: A Trusted Partner for Seamless and Safe Payments Read More »

Wibmo to Showcase Advanced Payment Solutions at Global Fintech Fest 2024

We’re thrilled to announce that Wibmo, a PayU company, a leader in payment security, fraud and risk management, tokenization, payment gateway, prepaid card platform, and digital financial services, will be participating in the Global Fintech Fest 2024 (GFF). The event is scheduled to take place from August 28th to 30th at the Jio World Convention Centre in Mumbai. You’ll find us prominently featured at the PayU booth J1. Why You Should Visit Us at GFF 2024 As the fintech industry rapidly evolves, we at Wibmo are at the forefront of delivering secure, seamless, and innovative payment solutions that cater to the needs of banks, fintechs, and financial institutions. GFF 2024 presents a unique platform for us to showcase our comprehensive suite of offerings, which are designed to enhance security, ensure compliance, and elevate the user experience in digital payments. Explore Our Product Showcases and Launches We are excited to unveil our latest products and innovations, in collaboration with PayU and our strategic partners. These solutions address the unique challenges posed by today’s fintech environment and have the potential to revolutionize how you approach payment security, fraud management, and digital financial services. Engage with Our Leadership and Industry Experts One of the highlights of our participation at GFF 2024 is the opportunity for you to engage directly with our leadership team, including our CEO, Suresh Rajagopalan. Our leader from Wibmo & PayU, will be available to share insights into the latest trends and developments shaping the future of fintech and digital payments. These interactions will provide valuable perspectives on how your business can navigate the complexities of the digital payments landscape. Discover Strategic Partnership Opportunities At Wibmo, we believe in driving the future of digital payments through continuous innovation and strategic collaborations. During GFF 2024, you’ll have the chance to explore potential partnerships with us, leveraging our expertise to create robust, secure, and compliant payment solutions tailored to your specific needs. Shaping the Future of Digital Payments Our presence at GFF 2024 is more than just a showcase of technology; it reflects our commitment to shaping the future of secure digital payments. As businesses across the globe seek to enhance their digital payment infrastructures, we stand out as a leader in providing the innovative, secure, and scalable solutions needed to thrive in the digital age. If you’re attending GFF 2024 and want to stay ahead of the curve in the ever-evolving fintech landscape, a visit to our booth at J1 is essential. The insights, innovations, and opportunities that await you are sure to be a highlight of this year’s Global Fintech Fest. Don’t Miss Out We look forward to meeting you at GFF 2024. For more information or to schedule a meeting with our team, please click here. Let’s shape the future of digital payments together!

Wibmo to Showcase Advanced Payment Solutions at Global Fintech Fest 2024 Read More »

Scams on the Internet: How to Spot Them and Stay Safe

The internet has become an essential component of our everyday life in the current digital era. Almost all facets of our lives, including banking, socializing, and employment, have shifted online. But the ease of using the internet also carries the risk of becoming a victim of fraud. Cybercriminals are continuously coming up with new ways to trick naïve people, and internet scams are becoming more common. The Federal Trade Commission (FTC) documented over 2.2 million fraud cases in 2023 alone, resulting in losses of over $8.8 billion, underscoring the critical need for awareness and prudence. This blog will discuss typical internet scam types, how to identify them, and important online safety advice. Common Types of Internet Scams How to Spot Internet Scams Tips to Stay Safe Online Bottomline Internet scams are an unfortunate reality of the digital age, but by staying vigilant and informed, you can protect yourself from falling prey to cybercriminals. Remember to always verify the source of online communications, use strong passwords, and be cautious of offers that seem too good to be true. By following these tips and educating yourself about common scams, you can enjoy the benefits of the internet while staying safe and secure.

Scams on the Internet: How to Spot Them and Stay Safe Read More »

Transforming India’s Digital Payments: The Rise of AePS and Its Challenges

A Decade of Digital Evolution India’s digital landscape has undergone a remarkable transformation over the past decade. With the advent of digital payment channels such as UPI, IMPS, and net banking, the country has achieved unprecedented growth in digital transactions. Despite these advancements, one specific demographic—rural middle-aged to senior citizens—was not fully utilizing this ecosystem. To address this gap and make basic banking services accessible in areas with limited banks and ATMs, the government launched the Aadhaar Enabled Payment System (AePS). Introduction of AePS The Aadhaar Enabled Payment System, introduced by the NPCI in 2016, is a digital payment method based on the Unique Identification Number (UIN) linked to the Aadhaar card. It allows Aadhaar cardholders to conduct financial transactions via Aadhaar-based authentication without needing to visit a bank. Instead, these transactions are facilitated by business correspondents (Bank Mitras) using micro-ATMs. AePS empowers all sections of society by making financial and banking services accessible to everyone through Aadhaar. It supports seamless fund transfers, cash deposits, withdrawals, balance inquiries, and more. Additionally, AePS facilitates the disbursement of government welfare schemes such as NREGA, social security pensions, and old age/handicapped pensions. Exponential Growth Since its launch, AePS has seen a significant boost in utilization. In 2019, the revenue from AePS transactions was around INR 5 billion. Within five years, this figure skyrocketed to INR 51 billion in 2024, a tenfold increase. By 2025, it is projected to reach INR 67 billion. In 2023 alone, over 370 million customers conducted transactions through AePS, highlighting its widespread adoption and success. Rising fraud concerns However, the rapid growth of AePS has also attracted fraudsters, targeting the predominantly rural, middle-aged, and senior population. Over the past 2–3 years, numerous reports of AePS-related fraud have surfaced. For instance, in Hyderabad, a gang of cybercriminals was arrested for fraudulently withdrawing ₹14.64 lakh from 149 customers. Such incidents underscore the growing risk of cyber-financial scams associated with AePS. According to the Indian Cyber Crime Coordination Centre (I4C), AePS frauds accounted for 11% of cyber financial scams originating in India in 2023. Addressing Fraud: RBI and NPCI Initiatives In response to the increasing fraud cases, the RBI has instructed banks to streamline the onboarding process for AePS touchpoint operators, including mandatory due diligence. Additional fraud risk management requirements are also being considered. The NPCI has released circulars addressing customer withdrawal limits, account statements, and Business Correspondent (BC) onboarding procedures. Strengthening onboarding processes AePS providers must rigorously scrutinize the onboarding processes for business correspondent agents. This involves conducting comprehensive background checks to verify the authenticity and credibility of potential agents. Additionally, a risk-based categorization system should be implemented, where agents are classified based on an assessment of their history, including any previous instances of fraudulent activities or non-compliance. By adopting a detailed and systematic approach to onboarding, AePS providers can ensure that only trustworthy and low-risk agents are integrated into the system. Moreover, continuous monitoring and periodic reassessment of BC agents are crucial to maintaining high standards of integrity and security. Regular training and awareness programs should be conducted to keep agents updated on the latest security protocols and fraud prevention techniques. By strengthening these onboarding and monitoring processes, AePS providers can significantly reduce the risk of fraud and enhance the overall security and reliability of the payment system. This proactive approach not only safeguards the interests of users but also fortifies the reputation and operational efficiency of the AePS ecosystem. Common fraud scenarios One prevalent fraud scenario involves unauthorized cash withdrawals, where users receive no indication of the transaction. Fraudsters often impersonate fingerprints or deceive customers about the success of transactions. In some instances, BC agents have been known to use silica gel to replicate fingerprints, further complicating the detection of fraudulent activities. These sophisticated methods of fraud underscore the necessity for AePS providers to enhance their security measures and address these specific threats comprehensively. To combat these issues effectively, AePS providers need to strengthen their ecosystem and focus on specific patterns to identify and mitigate fraudulent activities. Key Areas of Focus Preparing for Future Challenges Currently, the primary issue revolves around cash withdrawals. However, with the increasing volume of fund transfers, there is a potential risk of anti-money laundering activities. As AePS providers continue to expand their services, they need to be adequately equipped to handle these emerging challenges. This involves not only detecting and preventing fraudulent activities but also complying with stringent regulatory requirements to ensure the integrity of the financial system. Conclusion The AePS industry is booming, and as it grows, fraudsters will seek new ways to exploit the system. To sustain growth and protect users, financial institutions must enhance fraud and risk management systems by investing in advanced technologies like artificial intelligence and machine learning for real-time monitoring and anomaly detection. Continuous education and training for users and service providers on potential risks and best practices are also crucial. By implementing robust security measures, the AePS ecosystem can mitigate fraud risks and continue to flourish, driving financial inclusion and transforming India’s digital payment landscape. Collaboration with regulatory bodies is essential to stay ahead of emerging threats and ensure a secure, seamless payment experience. With a concerted effort towards enhancing security and compliance, the AePS industry can thrive, paving the way for a more inclusive and digitally empowered India.

Transforming India’s Digital Payments: The Rise of AePS and Its Challenges Read More »

Cross Border Payments in India

What are cross-border payments? Payments or transactions done across borders are part and parcel of international trade. So, playing the role of medium between the vendor and customer, cross-border payment is one of the crucial entities that enables cross-border trade. Any export or import is dependent on cross-border payment, and its growth is crucially dependent on smooth and seamless transactions. Why are cross-border payments significant? The significance of cross-border payments is proportional to the significance of cross-border trade. The size of cross-border payments is significant, with export merchandise alone contributing to about 15% of the total GDP. This alone is enough to look into the cross-border payment facilities that we are enabling our traders with to boost our country’s economic growth. India is looking at becoming a $5 trillion economy, and one of the major contributors can be cross-border trade. However, the fact on the ground is that of the 17 states that share their borders with other countries, only nine of them can actively engage in safe trade. Digital India has thrown the doors to cross-border trade wide open to not just the conglomerates but also MSME in India. Talking of MSME contribution, Livemint.com reports that “In FY 2022–23, MSME products accounted for 43.6% of India’s exports.” What are the major challenges to cross-border payments in India? Charges: With different countries come different rules and different financial charges. Many of the charges are informed only at the time of transactions, which either the vendor has to absorb or charge to the customer, irritating them in the least. Cumbersome process: With most local banks dealing with only a few currency options, time is taken for the standard international payouts, and both time and transparency are lost. SWIFT and international wire transfers come with their own set of challenges with regards to cost and time. Risk of fraud: Digitalization has thrown the door open to not just traders but also to cyber criminals. Cybersecurity has been constant and updated with the ability to come up with new solutions for the threats emerging daily. And yet be cost-effective. Compliance changes: Different borders dictate different laws at different points in time. The law of the land is often tweaked to combat raising threats or cementing the loopholes of existing laws. Currency volatility: With VUCA, is it a surprise that every country has a relatively fluid economy when compared to the currency woes that have been an age-old story? Only the present digitization has removed the buffer that the lag of communication offered earlier. How do we provide a solution to one of the pillars of our economy? Fintech India needs its fintech industry to find a one-stop solution for not just an easy and transparent transaction but also a safe one. A solution that authenticates easily but with foolproof scrutiny. Though many start-ups are working on solving individual issues discussed, most of them are working on their expertise, which is limited to one area.  The need of the hour is an aggregator who would collect all this expertise on one platform and provide a holistic solution. The future looks bright with a possible blend or amalgamation of both seamless and secure transactions across borders.

Cross Border Payments in India Read More »

The Comprehensive Guide to Secure Digital Transactions with 3D Secure

Have you ever wondered how your online card transactions, whether domestic or international, result in a seamless shopping experience without concerns about merchant credentials, card data security, or delivery issues? The answer lies in EMV 3DS (3D Secure). This protocol is noticeable on the payment checkout pages of online merchants and at Point of Sale (PoS) terminals. What is 3D Secure (3DS)? 3D Secure (3DS) is a payments protocol that facilitates card transactions (credit, debit, prepaid, gift) at PoS or online globally. It ensures that any cardholder from any bank can seamlessly transact with any merchant acquirer worldwide. The three domains involved in a 3D Secure transaction are: 1. Acquirer Domain (Merchant’s Bank) 2. Issuer Domain (Cardholder’s Bank) 3. Card Network Domain How 3D Secure Works? During the checkout process, when you enter your card details online or swipe your card at a PoS terminal, the merchant/acquirer domain resolves the issuing bank. This process links to the cardholder’s account details, prompting the user to enter a one-time passcode (OTP) sent to their registered mobile device or email. This authentication step verifies the transaction’s legitimacy, adding a layer of protection against unauthorized use. The latest version, 3D Secure 2.0, incorporates advanced risk-based authentication and supports multi-factor authentication, including biometrics, enhancing both security and user experience. Why to invest in 3D Secure? While some businesses may view the implementation of 3D Secure as an additional cost, it is a strategic investment with substantial long-term benefits. Implementing 3D Secure can reduce chargeback fees, fraud-related losses, and dispute resolution expenses. Additionally, providing a secure online shopping experience builds customer confidence, leading to increased sales, loyalty, and trust. The Role of 3D Secure in Fraud Prevention Fraud is a significant concern for businesses, prompting the adoption of advanced authentication protocols like 3D Secure. Originally developed by Visa as “Verified by Visa” and later adopted by Mastercard as “Mastercard SecureCode,” 3D Secure adds an extra security layer to online transactions. By incorporating additional authentication steps, 3D Secure reduces the risk of unauthorized transactions, lowers chargeback rates, and enhances customer trust. Wibmo’s Innovative Solutions for Secure Transactions Wibmo addresses secure digital transaction challenges with its EMVCo-approved EMV® 3DS Server and SDK. Designed for Android and iOS platforms, these solutions enhance transaction security and reduce chargeback risks. The EMV® 3DS Server integrates the latest security protocols, while the SDK supports seamless transaction flows and comprehensive device data collection. According to recent surveys, fraud rates have increased by 15% in the past year, with identity theft, fraudulent payment schemes, and unauthorized transactions being common risks. These illicit activities can cause significant financial losses, damage reputations, and disrupt corporate operations. Advanced authentication protocols like 3D Secure, combined with a thorough understanding of fraud’s true impact, enable businesses to strengthen their defenses and protect against evolving digital threats. Understanding the True Cost of Fraud Fraud’s financial impact goes beyond immediate monetary losses. It includes stolen funds, chargeback fees, legal consequences, and reputational damage, which can tarnish a company’s image, lead to customer loss, and generate negative reviews. Addressing fraud effectively requires recognizing these multifaceted repercussions and implementing robust security measures. By understanding and leveraging 3D Secure, businesses can ensure a secure, seamless, and customer-friendly payment experience, fostering trust and driving growth in the digital economy. Key Features of Wibmo’s 3-D Secure solution (SDK, Server) – EMVCo Certification for Security Assurance – Seamless Transaction Flow Support – Versatile UI Support (Native and HTML) – Cutting-Edge Security Protocols – Flexible Hosting Solutions (Cloud or On-Premises) – And More! Benefits of 3DS Server Implementation – Elevated Security Standards through MFA (Multi factor Authentication) support – Effortless Regulatory Compliance – Frictionless Transaction Experience – Comprehensive Device Data Security – Simplified Integration – And More! Investing in 3D Secure is not just a prudent decision; it’s a strategic imperative for businesses aiming to thrive in the digital era. By prioritizing transaction security and customer trust, businesses can lay the foundation for sustained success in the digital realm. Secure your transactions, invest in 3D Secure, and embark on a journey toward a future where digital payments are synonymous with safety, reliability, and seamless experiences. Keep an eye on how Wibmo’s robust 3D Secure can help you achieve everything to fight fraud. To know more about Wibmo’s 3-D Secure solution, you can write to sales@wibmo.com. Author: Ravi Battula, Head of Payment Security & Merchant Acquisition Business Wibmo A PayU/Naspers FinTech Company 3D Secure, Digital Payment, Fraud Prevention, Secure Payment

The Comprehensive Guide to Secure Digital Transactions with 3D Secure Read More »

How Banking-as-a-Service (BaaS) is Transforming the Way Banks Operate

The emergence of digital banking solutions has caused a major upheaval in the financial services sector in recent years. Of these advances, Banking-as-a-Service (BaaS) is one that sticks out as a crucial advancement that is changing the way banks function. Through the utilization of existing banks’ infrastructure and regulatory framework, BaaS allows non-bank businesses to provide financial services. With the help of facts, statistics, and opinions from professionals in the field, this essay investigates how BaaS is transforming banking operations. Understanding Banking-as-a-Service (BaaS) Banking-as-a-Service (BaaS) is a model that allows third-party companies, typically fintech firms, to offer banking services without having to build their own banking infrastructure. Instead, these companies partner with licensed banks that provide the necessary backend services, including regulatory compliance, security, and transaction processing. Key Components of BaaS 1. API Integration: BaaS platforms rely heavily on Application Programming Interfaces (APIs) to enable seamless integration between banks and third-party service providers. 2. Regulatory Compliance: Banks offering BaaS ensure that all transactions and services comply with relevant financial regulations, safeguarding both partners and customers. 3. White-Label Solutions: Many BaaS providers offer white-label banking solutions that fintech companies can brand as their own while leveraging the underlying banking infrastructure. The Impact of BaaS on Traditional Banking Enhanced Customer Experience One of the most significant impacts of BaaS on traditional banking is the enhancement of customer experience. By partnering with fintech companies, banks can offer a broader range of services and a more user-friendly interface. According to a survey by Deloitte, 73% of consumers are likely to use digital banking services offered by non-bank entities if they provide a better experience than traditional banks. Cost Efficiency and Scalability BaaS enables banks to scale their operations more efficiently. By outsourcing certain services to fintech partners, banks can reduce operational costs and focus on core banking activities. A report by Accenture indicates that banks leveraging BaaS can reduce their operational costs by up to 30%. Innovation and Speed to Market The integration of BaaS allows banks to innovate and bring new products to market more quickly. Fintech companies, known for their agility, can develop and deploy new features rapidly, giving banks a competitive edge. This speed to market is crucial in an industry where customer expectations are continually evolving. Access to New Markets BaaS opens up new revenue streams for banks by allowing them to reach previously underserved markets. For instance, digital-only banks and neobanks can offer services in regions where traditional banks have limited presence. This expansion is facilitated by the lower cost and higher flexibility of digital banking models. Data and Statistics Supporting BaaS Growth The growing adoption of BaaS is supported by compelling data and statistics: 1. Market Growth: The global BaaS market size was valued at USD 356 billion in 2020 and is expected to grow at a CAGR of 25% from 2021 to 2028, reaching approximately USD 2.3 trillion by 2028. 2. Consumer Demand: A study by PwC found that 64% of consumers have used one or more fintech platforms, indicating a strong market demand for digital banking services. 3. Banking Partnerships: According to a report by Finextra, 85% of banks worldwide have entered into partnerships with fintech companies to leverage BaaS platforms. Benefits of BaaS for Banks BaaS offers numerous benefits for traditional banks, which can be summarized as follows: – Revenue Diversification: BaaS allows banks to diversify their revenue streams by offering white-label solutions to fintech companies and earning fees from these partnerships. – Enhanced Innovation: By collaborating with fintech firms, banks can leverage cutting-edge technologies and innovative solutions that they might not develop in-house. – Improved Customer Engagement: BaaS enables banks to offer a more personalized and engaging customer experience through digital channels. – Reduced Time to Market: With BaaS, banks can bring new products and services to market faster, responding swiftly to changing consumer demands. – Operational Efficiency: By outsourcing non-core functions, banks can focus on their core competencies and streamline their operations. – Regulatory Compliance: Partnering with fintech companies through BaaS allows banks to ensure that all new services comply with regulatory requirements, reducing the risk of non-compliance. Challenges and Considerations Regulatory Challenges: While BaaS offers numerous benefits, it also presents regulatory challenges. Banks must ensure that their fintech partners comply with stringent regulatory standards. This requires robust oversight and due diligence to avoid potential legal and compliance issues. Data Security and Privacy: Data security and privacy are critical concerns in the BaaS ecosystem. Banks must implement advanced security measures to protect customer data and maintain trust. This includes ensuring that fintech partners adhere to the same high standards of data protection. Integration Complexities: Integrating third-party services through APIs can be complex and require significant technical expertise. Banks need to invest in the necessary infrastructure and talent to manage these integrations effectively. How Wibmo is Revolutionizing BaaS Wibmo, is a leading provider of digital payment solutions, and at the forefront of revolutionizing BaaS. Wibmo’s innovative approach combines advanced technology with deep industry expertise to offer comprehensive BaaS solutions that enhance security, scalability, and user experience. Key Features of Wibmo’s BaaS Platform 1. Advanced Security Protocols: Wibmo employs cutting-edge security measures, including multi-factor authentication and real-time fraud detection, to ensure the highest level of transaction security. 2. Seamless Integration: With robust API support, Wibmo’s BaaS platform allows for easy integration with existing banking systems and third-party applications, ensuring a smooth and efficient implementation process. 3. Regulatory Compliance: Wibmo’s platform is designed to meet stringent regulatory requirements across different regions, providing banks and fintech companies with peace of mind. 4. Customizable Solutions: Wibmo offers white-label solutions that can be tailored to meet the specific needs of banks and their customers, enhancing brand value and customer loyalty. Wibmo’s Impact on the Banking Industry Wibmo has successfully implemented its BaaS platform with several leading banks and fintech companies, demonstrating the transformative potential of its solutions. By providing secure, scalable, and innovative BaaS services, Wibmo is helping banks to navigate the complexities of the digital age and

How Banking-as-a-Service (BaaS) is Transforming the Way Banks Operate Read More »

Harnessing Digital Payments for a Greener Earth

As we celebrate Earth Day this year, it’s crucial to reflect on innovative solutions that contribute to environmental sustainability. One such solution gaining traction worldwide is the revolution in digital and mobile payments, particularly Unified Payments Interface (UPI) and Quick Response (QR) code payments. This technological advancement not only streamlines financial transactions but also plays a significant role in saving forests, reducing paper usage, and mitigating environmental degradation. Embracing Mobile Payments Mobile payment solutions are rapidly gaining popularity worldwide, with an estimated 2.1 billion people expected to use mobile wallets by 2025, according to Statista. By encouraging the use of mobile payments, fintech companies are reducing reliance on physical cards and cash, leading to fewer resources being used in the production and distribution of these materials. The Rise of UPI and QR Payments The emergence of UPI and QR payments has transformed the way individuals and businesses conduct transactions. With the convenience of mobile phones, users can transfer money, pay bills, and make purchases seamlessly, eliminating the need for physical cash and paper receipts. This transition to digital transactions has been accelerated by government initiatives and technological innovations, making financial inclusion a reality for millions. Saving Trees, Reducing Paper Usage One of the most significant environmental benefits of UPI and QR payments is the drastic reduction in paper usage. Traditional payment methods, such as cash and checks, rely heavily on paper-based documentation, including currency notes, receipts, and invoices. According to the World Bank, the global paper consumption for currency notes alone amounts to billions of tons annually. By shifting towards digital payments, we can significantly decrease the demand for paper currency and receipts. A study by the United Nations Environment Programme (UNEP) estimates that transitioning to digital payments could save millions of trees each year, mitigating deforestation and preserving vital ecosystems. Mitigating Carbon Footprint In addition to saving trees, the widespread adoption of UPI and QR payments contributes to reducing carbon emissions associated with traditional banking and payment processes. Printing, transporting, and disposing of paper currency and receipts require significant energy resources and emit greenhouse gases throughout their lifecycle. A report by the Global e-Sustainability Initiative (GeSI) suggests that digital payments have the potential to reduce carbon emissions by millions of metric tons annually. By minimizing the need for physical infrastructure and transportation, digital transactions offer a more environmentally friendly alternative to traditional banking methods. Encouraging Green Investments The global investment in renewable energy surged to $378.9 billion in 2023, as reported by the International Renewable Energy Agency (IRENA). Fintech platforms have increasingly become pivotal in driving these investments, offering sophisticated financial instruments and seamless integration with sustainable investment portfolios. These platforms empower both individuals and institutions to efficiently allocate capital towards a diverse array of renewable energy projects, sustainable infrastructure developments, and innovative environmental initiatives. Advancing Blockchain Technology Blockchain technology offers a decentralized and transparent platform for conducting financial transactions and verifying information. According to a report by Deloitte, blockchain technology has the potential to reduce the carbon footprint of financial transactions by eliminating intermediaries and streamlining processes. Moreover, blockchain can be used to create digital identities and track supply chains, ensuring the authenticity and sustainability of products. Promoting Sustainability and Financial Inclusion The shift towards digital payments aligns with broader sustainability goals, promoting financial inclusion and economic empowerment. By enabling individuals and businesses to access banking services through their smartphones, UPI and QR payments bridge the gap between the unbanked population and formal financial systems. According to the World Bank, expanding access to digital financial services can enhance economic opportunities for underserved communities while reducing their reliance on cash-based transactions. By empowering individuals to participate in the digital economy, we foster inclusive growth and sustainable development. As we commemorate Earth Day, let us recognize the transformative potential of UPI and QR payments in fostering a greener and more sustainable planet. By embracing digital financial technologies, we can conserve natural resources, mitigate climate change, and promote economic empowerment for all. As individuals and communities, let’s continue to harness the power of innovation to build a brighter future for generations to come. BaaS, Digital Payment, Earth Day, Fintech, Mobile Payments, Sustainability

Harnessing Digital Payments for a Greener Earth Read More »

Navigating the Digital Fraud Landscape: How Wibmo’s Trident FRM Empowers Merchants to Combat Fraud and Enhance Customer Trust

The Evolving Landscape of Digital FraudFrom phishing scams to elaborate whaling tactics, digital fraud has become increasingly sophisticated, posing significant threats to both consumers and merchants. Fraudsters adeptly exploit vulnerabilities and leverage stolen data to infiltrate webstores, perpetrating fraudulent activities with alarming ease. The Merchant DilemmaFor merchants, the prevalence of digital fraud presents a formidable challenge. Distinguishing genuine customers from fraudulent ones requires meticulous scrutiny, potentially introducing friction into the checkout process. However, striking the right balance between security and user experience is paramount, as excessive checks can deter consumers accustomed to seamless, one-click purchasing. Trident Fraud Risk Management (FRM) by WibmoIn response to the escalating threat landscape, Wibmo presents Trident FRM, a groundbreaking solution poised to revolutionize digital identity validation and verification. With real-time payments gaining prominence, the ability to swiftly discern between legitimate customers and bad actors has become indispensable. The Multilayered Approach of Trident FRMTrident FRM adopts a multilayered approach to fraud orchestration, leveraging cutting-edge technology and advanced analytics to accurately ascertain digital identities while maintaining efficiency and security. By seamlessly integrating with existing systems, Trident FRM establishes a framework of trust and security, empowering merchants to embrace real-time payments with confidence. Comprehensive Insights Across the Customer JourneyBeyond transactional validation, Trident FRM offers insights that span the entire customer journey. From initial discovery to final delivery, Trident FRM provides comprehensive coverage, mitigating risks and enhancing trust at every touchpoint. Empowering Merchants in a Fraught LandscapeIn a landscape fraught with fraudulent activities, Trident FRM emerges as a beacon of resilience and reliability, equipping merchants with the tools needed to navigate digital commerce with confidence. With Trident FRM, merchants can unlock new possibilities, safeguarding their businesses against fraud while fostering seamless, secure shopper experiences. Key Considerations for MerchantsAs merchants navigate the complex realm of fraud prevention solutions, several key considerations must be taken into account: — Accessibility to a robust ecosystem of security partners and technologies. — Enhanced visibility and access to industry-wide intelligence. — Flexibility and scalability to align with evolving business needs. — Option for a trial period to evaluate efficacy before commitment. — Complementarity with existing anti-fraud investments and optimization of ROI. — Provision of performance guarantees and benchmarks for reliability and efficacy. — Adaptive machine learning capabilities responsive to evolving fraud tactics. — Evaluation of true costs and benefits, including potential revenue loss from false declines. — Complementarity with authentication efforts, particularly in the era of 3D Secure. Merchant Fraud Facts and StatisticsAccording to the 2023 MRC Global Payments and Fraud Report, merchant fraud continues to pose significant challenges, with 71% of merchants experiencing an increase in fraud attempts over the past year. Additionally, the report highlights that false declines cost merchants an estimated $443 billion in potential sales annually, underscoring the importance of striking the right balance between fraud prevention and user experience. Furthermore, research by Juniper Research forecasts that global online payment fraud losses will exceed $20 billion by 2024, highlighting the urgent need for robust fraud prevention measures in the digital commerce landscape. In this context, solutions like Trident FRM play a crucial role in mitigating fraud risks and safeguarding merchants against financial losses. With digital commerce continuing to expand rapidly, merchants must prioritize fraud prevention strategies that not only protect their businesses but also enhance the overall shopping experience for consumers. Through innovative solutions like Trident FRM, merchants can navigate the complexities of digital fraud with confidence, ensuring the integrity and security of their online transactions. Author: Animesh Jha, Vice President — Fraud & Risk Management Wibmo A PayU/Naspers FinTech Company 'Ecommerce'], 'Fraud Detection'], 'Fraud Prevention', 'Merchant Services', ['Digital Frauds'

Navigating the Digital Fraud Landscape: How Wibmo’s Trident FRM Empowers Merchants to Combat Fraud and Enhance Customer Trust Read More »

Exploring the Foundation of Modern Banking: 9 Essential Core Banking Modules for Comprehensive Insight

Core Banking Systems (CBS) are the bedrock of modern financial institutions (FIs), serving as the linchpin for delivering accessible, flexible, and scalable banking services. With FIs allocating significant investments towards upgrading their legacy CBS, it’s paramount to grasp the pivotal modules embedded within these systems to maximize their capabilities. Recent industry data underscores the critical role of CBS in shaping the banking landscape. According to a report by BankingTech, investments in CBS upgrades have surged by 25% over the past two years, reflecting the industry’s commitment to modernization and innovation. This substantial increase underscores the growing importance of understanding the core modules that drive CBS functionality. As financial institutions navigate the complex terrain of modern banking, insights from a study conducted by Deloitte reveal that institutions leveraging comprehensive CBS solutions witness up to 30% improvement in operational efficiency and a 20% increase in customer satisfaction. These statistics underscore the transformative impact of CBS modules on enhancing banking operations and customer experiences. In light of these trends, delving into the intricacies of CBS modules becomes imperative for financial professionals seeking to stay ahead in the competitive landscape. By gaining a deeper understanding of these modules, banks can unlock new opportunities for innovation, efficiency, and customer-centricity, driving sustainable growth and success in the digital era. Let’s delve into the core modules that underpin the functionality of modern Core Banking Systems: Payment Processing Module: · Precision and efficiency characterize the Payment Processing module, managing diverse transactions with finesse. · According to recent industry reports, the adoption of contactless payments has witnessed a staggering growth of over 40% globally in the past year alone, emphasizing the critical role of payment processing modules in facilitating seamless transactions. Customer Relationship Management (CRM) Module: · Personalization takes center stage with the CRM module, enriching user interactions beyond mere data storage. · Recent data suggests that banks utilizing advanced CRM capabilities experience up to a 20% increase in customer satisfaction and retention rates, highlighting the significance of personalized experiences in today’s competitive landscape. General Ledger Module: · The General Ledger (GL) Module serves as the centralized repository for recording all financial transactions systematically. · Studies indicate that organizations leveraging advanced GL modules witness up to 30% improvement in financial reporting accuracy, enabling informed decision-making and regulatory compliance. LMS and LOS Module: · The Loan Management System (LMS) and Loan Origination System (LOS) streamline the loan lifecycle, from application to repayment. · Recent market analysis indicates that FIs adopting comprehensive LMS and LOS solutions achieve up to a 25% reduction in loan processing time, enhancing operational efficiency and customer satisfaction. Digital Banking Module: · The Digital Banking Module revolutionizes customer interactions by offering seamless online and mobile banking experiences. · Recent market analysis indicates that banks embracing digital banking solutions witness up to a 25% increase in customer engagement and retention rates, as customers increasingly prefer digital channels for their banking needs. Data Analytics Module: · The Data Analytics Module harnesses the power of data to drive informed decision-making and personalized customer experiences. · According to industry insights, organizations leveraging advanced data analytics modules experience up to a 30% improvement in cross-selling effectiveness and revenue generation, as data-driven insights enable targeted product recommendations and marketing campaigns. Fraud Detection Module: · Proactive fraud prevention defines the Fraud Detection Module, leveraging data analytics and machine learning to identify suspicious behaviour. · According to industry research, organizations with robust fraud detection systems experience up to a 40% decrease in fraud-related losses, safeguarding both financial assets and customer trust. Expense Management Module: · Methodical oversight characterizes the Expense Management Module, ensuring strict adherence to budgets and optimal resource utilization. · Recent surveys indicate that businesses implementing advanced expense management solutions witness up to a 35% reduction in administrative costs, driving bottom-line savings and operational efficiency. Tax Module: · Automated tax management simplifies tax-related responsibilities for FIs and customers alike, ensuring financial integrity from income to corporate taxes. · Market trends reveal that organizations leveraging integrated tax modules achieve up to a 30% reduction in tax compliance costs, streamlining processes and mitigating risks. These core banking modules operate seamlessly behind the scenes, ensuring a smooth and secure banking experience for customers. As FIs embrace the evolution of their legacy systems, the integration of these modules not only streamlines transactions but also enhances customer experiences, fortifies security measures, and drives operational excellence. Curious to learn more about Core Banking Systems and their transformative impact? Stay tuned for deeper insights and innovative solutions! You can also visit www.wibmo.co Banking Platform, Banking Tech, Banking Technology, Core Banking Solutions, Modern Banking

Exploring the Foundation of Modern Banking: 9 Essential Core Banking Modules for Comprehensive Insight Read More »

Wibmo Protect — Adaptive Multi-Factor Authentication Solution

The Reserve Bank of India (RBI) has embarked on a transformative journey by proposing a Principle-Based Framework for the authentication of digital transactions. This pioneering initiative underscores the RBI’s commitment to fostering a secure, seamless, and customer-centric digital payments ecosystem. The primary objective of this framework is to propel the adoption of alternative authentication mechanisms, transcending the traditional SMS OTP paradigm. By embracing innovative authentication solutions, the RBI seeks to elevate the customer experience while fortifying the security infrastructure of digital payments. Furthermore, this strategic move is poised to empower businesses to embark on a journey of innovation, enabling them to explore cutting-edge solutions while upholding the highest standards of security and integrity. In essence, the Principle-Based Authentication Framework heralds a new era of digital transactions, characterized by enhanced security, heightened user experience, and unparalleled innovation. Challenges with OTP Authentication: Traditional SMS OTPs, while prevalent, present significant limitations and risks. They heavily rely on mobile service providers, are susceptible to interception, and contribute to transaction delays and failures, leading to user frustration and financial losses. Limitations of Traditional SMS-Based OTP Authentication: – Reliance on Mobile Service Providers: SMS OTPs are entirely dependent on mobile service providers, making them susceptible to network coverage issues and unable to support offline mode. – Inadequate Support for Cross-Border Transactions: Due to network dependencies, SMS OTPs face challenges in facilitating cross-border transactions and international access. – High Transaction Authentication Failure Rate: In the current scenario, the authentication failure rate for card transactions using SMS OTPs averages between 5% to 8%, primarily due to network dependencies. – Vulnerability to Cyber Threats: SMS OTPs are prone to interception, phishing, MITM attacks, and sim swapping, lacking robust protection for authorized access. – Rising Instances of Fraud: Cybercrimes, including fraud cases involving SMS OTPs, have surged, with approximately 1.1 million fraud cases registered in 2023, amounting to Rs 7,488.6 crore. Additionally, UPI fraud cases reached over 95,000 in the 2022–23 fiscal year. – User Experience Disruptions: Delays or delivery failures in SMS OTPs disrupt the user experience, leading to frustration and contributing to merchant conversion losses. – Increased Operational Costs: Constant intervention is required to manage authentication experiences across various channels, leading to additional costs. The average SMS cost per transaction is 12 paise, which escalates based on the chosen channels. Wibmo Protect: A Revolutionary Solution: Wibmo Protect, a cutting-edge platform, aligns seamlessly with the RBI’s framework. Utilizing a risk-based contextual authentication approach, it leverages machine learning and deep data analytics to detect and prevent fraudulent transactions in real-time. Contextual authentication further enhances security, enabling swift and secure payments without OTPs. Key Benefits of Wibmo Protect: Wibmo Protect offers a multitude of benefits, including: – Fraud Detection & Prevention – Dynamic Risk-based Authentication – Preference-based authentication with multiple modes – Multi-channel support for various transaction types – Reduced chargebacks and increased revenue growth – Merchant opt-out feature – Enhanced consumer authentication experience Wibmo Protect combines three powerful modules: 1. Access Control Server (Accosa ACS): A holistic payment authentication platform integrated with an intelligent risk engine. 2. Enterprise Trident FRM: A comprehensive cross-channel, self-learning risk assessment engine. 3. Tridentity: A multifactor out-of-band authentication solution offering secure, password less authentication. Wibmo Protect emerges as a game-changer in digital transaction security. By embracing innovative technologies and adaptive authentication methods, it sets new standards for security, efficiency, and customer satisfaction. With its comprehensive suite of modules, Wibmo Protect stands as a beacon of trust and reliability in the evolving landscape of digital transactions. Through continuous innovation and commitment to security, Wibmo paves the way for a secure and seamless digital future. Author: Anand K Khanna, Product Manager — Fraud & Risk Management Wibmo A PayU/Naspers FinTech Company Digital Payment, Fraud Detection, Multi-Factor Authentication, Payment Security, RBI

Wibmo Protect — Adaptive Multi-Factor Authentication Solution Read More »

Unveiling the Future: Fintech Innovations Redefining Finance in 2024

As we navigate the intricate landscape of finance, the year 2024 unfolds with a myriad of fintech innovations that promise to reshape the industry fundamentally. Fintech, a portmanteau of “financial technology,” has become synonymous with innovation and disruption, revolutionizing how we manage, invest, and transact in the digital era. In this comprehensive blog, we’ll explore the groundbreaking fintech trends that are set to dominate the stage in 2024. Decentralized Finance (DeFi): Decentralized Finance, or DeFi, stands at the forefront of fintech innovation in 2024. This paradigm shift involves leveraging blockchain technology to create a decentralized financial ecosystem that operates outside traditional banking systems. DeFi platforms facilitate peer-to-peer lending, borrowing, and trading without the need for intermediaries. Smart contracts on blockchain networks ensure transparency, security, and efficiency in financial transactions. As we move forward, the DeFi space is expected to mature, offering more sophisticated financial services while challenging the conventional norms of the finance industry. Central Bank Digital Currencies (CBDCs): Central Bank Digital Currencies are gaining prominence as central banks worldwide explore the digitization of national currencies. In 2024, CBDCs are not just theoretical concepts but tangible initiatives that aim to provide a secure and regulated digital alternative to physical cash. Countries like China have made significant strides in piloting CBDCs, aiming to enhance the efficiency of financial transactions, reduce costs, and ensure greater financial inclusion. The widespread adoption of CBDCs holds the potential to redefine the global monetary landscape. AI-Powered Personalization: Artificial Intelligence (AI) continues to be a driving force in fintech, particularly in the realm of personalization. In 2024, AI is set to transform the user experience by providing hyper-personalized financial services. Machine learning algorithms analyze vast datasets to understand user behaviors, preferences, and financial patterns. Fintech platforms leverage this data to offer tailored investment advice, customized budgeting tools, and personalized recommendations. AI-driven personalization not only enhances user satisfaction but also fosters a deeper connection between users and their financial platforms. Embedded Finance: Embedded finance is revolutionizing the way financial services are delivered by seamlessly integrating them into non-financial platforms. In 2024, we witness the expansion of embedded finance into various sectors, allowing users to access financial services without the need to switch between different applications. E-commerce websites, social media platforms, and even ride-sharing apps now offer embedded financial services such as payments, loans, and investments. This trend is breaking down traditional silos, creating a more interconnected digital ecosystem. Green Fintech: Sustainability takes center stage in 2024, and fintech is not exempt from this global shift towards environmental responsibility. Green fintech initiatives are emerging to address climate concerns and promote eco-friendly financial practices. This includes the development of digital currencies with lower carbon footprints, sustainable investment platforms that prioritize environmental, social, and governance (ESG) factors, and tools that encourage responsible spending and consumption. Fintech is becoming a driving force for positive environmental change, aligning financial activities with broader sustainability goals. Biometric Authentication: The quest for enhanced security in financial transactions has led to the widespread adoption of biometric authentication methods. In 2024, we see a surge in the use of biometrics, such as facial recognition, fingerprint scans, and voice recognition, to verify user identities. These advanced authentication methods provide an extra layer of security against fraud and unauthorized access. As fintech platforms prioritize user safety, biometric authentication is becoming integral to ensuring secure and convenient financial transactions. The year 2024 marks an important turning point in the growth of fintech when creativity and technology combine to reshape the financial environment. From the decentralized revolution of DeFi to the digitization of national currencies via CBDCs, the fintech industry is undergoing transformational change. AI-powered personalization, embedded finance, green fintech efforts, and biometric authentication all work towards a future in which financial services are not just technologically advanced but also sustainable, secure, and seamlessly interwoven into our daily lives. As we welcome the advancements in fintech, it’s crucial to acknowledge their profound impact on money management. Heading into 2024, the future of financial technology promises ongoing empowerment, bridging financial divides, and fostering a more inclusive and sustainable global economy. Leading this transformative journey is Wibmo, a key player in fintech, utilizing innovative technologies. With our robust payment security and digital payment services, we play a pivotal role in seamlessly integrating financial services, ensuring heightened security and transaction efficiency. In this era of significant shifts in the financial industry, we are happy to be able help banks and fintech firms in reshaping the landscape of finance. 2024 Trends, 2024 Trens, Digital Finance, Financial Services, Fintech, Fintech Trend

Unveiling the Future: Fintech Innovations Redefining Finance in 2024 Read More »

Empowering Digital Transactions: A Comprehensive Guide to Payment Gateways and Wibmo Areion’s Innovation

The dynamic landscape of digital payments has posed challenges and opportunities for stakeholders across the financial ecosystem. From merchants and payment facilitators to issuers and payment gateways, each entity grapples with considerations of customer convenience, operational costs, compliance, security, and value-added services. This comprehensive guide explores the critical decision of selecting the right payment gateway, emphasizing the importance of compliance, security, transparent costing, and value-added services. Additionally, we delve into the innovative features of Wibmo Areion, a cutting-edge payment gateway that redefines the digital payment experience. Understanding the Landscape: The payment ecosystem operates as a connected network of platforms, where the considerations for selecting a payment gateway vary based on the role of the player. The two primary providers of payment gateway services to merchants are acquiring banks or intermediaries such as Payment Aggregators, Payment Facilitators, or PSPs. Table Stakes and Prerequisites: Before embarking on the payment gateway journey, certain prerequisites must be addressed. Compliance with supported payment schemes and robust technological infrastructure, complying with standards like PCI DSS and NPCI for UPI, is crucial for a seamless and secure digital payment experience. Key Business Considerations: Cost per Transaction (MDR): Derived from the Merchant Discount Rate (MDR), transparent costing is complex and varies based on factors like merchant category code, payment limit, and payment instrument type. Transaction Success Rate (SR): Paramount for all stakeholders, payment gateways strive to offer the highest success rate through innovative payment flows and partnerships. Fraud Management: A robust fraud management platform is essential to minimize chargebacks and secure payments, especially in online transactions. Billing, Reporting, and Dashboards: Transparent billing and reporting are crucial for stakeholders to gain clear insights into transactions through simple and informative dashboards. Differentiators and Value-Added Services: Beyond core capabilities, payment gateways seek to differentiate themselves through value-added services: Frictionless Check-Out: Using biometrics for seamless authentication. Loyalty Programs: Allowing customers to earn and redeem loyalty points at checkout. EMI Options: Providing affordable instalment options at checkout. Diverse Payment Methods: Supporting additional payment methods such as wallets, net banking, and local payment methods. Unveiling the Future: Exploring Wibmo Areion Payment Gateway In the rapidly evolving landscape of digital payments, having a robust and versatile payment gateway is crucial for businesses seeking seamless transactions and enhanced customer experiences. Wibmo, a leading player in the fintech industry, introduces its cutting-edge payment gateway — Wibmo Areion. Let’s delve into the features, benefits, and potential impact of this innovative solution. The Rise of Wibmo Areion: Wibmo Areion represents a significant leap forward in the world of payment gateways, offering advanced features and capabilities designed to meet the dynamic needs of modern businesses. From security enhancements to a user-friendly interface, Wibmo Areion aims to redefine the digital payment experience. Key Features: Enhanced Security Protocols: Prioritizing transaction security with state-of-the-art protocols and compliance with PCI DSS standards. Seamless User Experience: Commitment to a smooth and seamless user experience for quick and hassle-free transactions. Adaptive Fraud Management: Employing adaptive fraud management tools to stay ahead of evolving fraud tactics and minimize chargebacks. Multi-Channel Support: Recognizing the diverse nature of modern transactions, Wibmo Areion offers support for various channels, including e-commerce, mobile payments, and in-app transactions. Flexible Integration Options: Providing businesses with flexible integration options through Rest-based APIs, ensuring a hassle-free implementation process. Benefits for Businesses: Enhanced Security: Instilling trust among customers by providing a secure and reliable payment environment. Improved Customer Experience: Contributing to an enhanced customer experience, leading to higher satisfaction and retention rates. Reduced Fraud-related Costs: Minimizing the financial impact of fraudulent activities, reducing operational compliance costs. Scalability and Multi-Channel Reach: Scaling with businesses as they grow and ensuring support for various platforms and channels. Efficient Integration: The flexible integration options make the onboarding process smoother, allowing businesses to quickly adopt and benefit from advanced features. The selection of a payment gateway is a nuanced decision that traverses various dimensions based on the role of the payment player. As stakeholders navigate this landscape, the emphasis on compliance, security, transparent costing, and value-added services will play a pivotal role in shaping the future of digital transactions. Let us work together and ensure that we, as one family, soar to new heights in the coming year. None of this would have been possible without each one of you. Your dedication and hard work have been the driving force behind our success. As we bid farewell to this incredible year, we express our deepest gratitude. We look forward to seeing you grow with us in the coming years. Author: Ravi Battula, Vice President- Merchant Acquiring Business Wibmo A PayU/Naspers FinTech Company Card Payment, Online Payments, Payment Gateway, Payment Processing, Payments Technology

Empowering Digital Transactions: A Comprehensive Guide to Payment Gateways and Wibmo Areion’s Innovation Read More »

Transforming Online Payments: The Evolution and Impact of Facial Recognition on Identity Verification and Authentication

The digital era has witnessed remarkable advancements in technology, especially in the realm of online payments. One such transformative innovation that has reshaped the landscape of identity verification and authentication is facial recognition. This blog delves into the evolution, applications, benefits, challenges, and the profound impact of facial recognition on the world of online payments. Evolution of Facial Recognition in Online Payments: The journey of facial recognition in online payments traces back to its early stages as a biometric authentication method. Traditionally, online transactions relied on conventional methods like passwords and PINs, which presented challenges such as security vulnerabilities, user inconvenience, and the risk of unauthorized access. Facial recognition emerged as a solution to these challenges, offering a unique and secure way to verify identities. In its nascent phase, facial recognition technology focused on basic facial feature detection. However, rapid advancements in artificial intelligence (AI) and deep learning revolutionized facial recognition algorithms. These sophisticated algorithms could now analyze intricate facial contours, landmarks, and unique patterns, making facial recognition a reliable and efficient method for identity verification in online payments. Applications of Facial Recognition in Online Payments: Biometric Authentication: Facial recognition serves as a robust biometric authentication method for online payments. Users can securely authenticate transactions by simply looking at their device’s camera, eliminating the need for passwords or PINs. Secure Login and Transaction Authorization: Online banking and payment applications leverage facial recognition to enhance security during login and transaction authorization. Users can seamlessly access their accounts and authorize payments through a quick facial scan. E-commerce Verification: Facial recognition is integrated into e-commerce platforms for user authentication during the checkout process. This ensures that only authorized users can make purchases, reducing the risk of fraudulent transactions. Mobile Wallets and Digital Payments: Mobile wallets and digital payment apps incorporate facial recognition to facilitate secure transactions. Users can link their facial biometrics to their payment accounts, adding an extra layer of security to mobile-based payments. Fraud Prevention: Facial recognition contributes to fraud prevention by adding a layer of identity verification that is difficult to replicate. This is particularly valuable in mitigating the risks associated with unauthorized access and fraudulent transactions. Benefits of Facial Recognition in Online Payments: Enhanced Security: Facial recognition significantly enhances the security of online payments by providing a unique and biometrically secure method of identity verification. This reduces the risk of unauthorized access and identity fraud. User-Friendly Authentication: Compared to traditional authentication methods, facial recognition offers a user-friendly experience. Users can complete transactions with a simple facial scan, eliminating the need to remember complex passwords. Convenience and Speed: The speed at which facial recognition systems operate contributes to the overall convenience of online payments. Quick and non-intrusive, the technology streamlines the authentication process for users. Reduced Dependency on Passwords: Facial recognition reduces the dependency on passwords or PINs, addressing the challenges of password fatigue and the potential for security breaches due to weak passwords. Seamless Integration: Facial recognition seamlessly integrates into existing online payment platforms and applications. Its compatibility with mobile devices and web interfaces ensures a smooth and consistent user experience. Challenges and Considerations: Privacy Concerns: The widespread adoption of facial recognition in online payments raises concerns about privacy. Users may worry about the collection and storage of facial data, emphasizing the need for transparent policies and ethical practices. Accuracy and Bias: Ensuring the accuracy of facial recognition systems, especially across diverse demographics, remains a challenge. Developers must continuously address biases in algorithms to ensure fair and reliable authentication. Security Vulnerabilities: Facial recognition systems are not immune to security vulnerabilities. Safeguarding against hacking attempts and unauthorized access to facial data is crucial to maintaining the integrity of online payment security. Regulatory Compliance: The evolving regulatory landscape surrounding facial recognition technology requires adherence to ethical and legal standards. Striking a balance between innovation and compliance is essential for responsible deployment. Impact on User Experience and Security: Enhancing Trust and Confidence: Facial recognition contributes to building trust and confidence among users by providing a secure and user-friendly authentication method. This is particularly crucial in the competitive online payment market. Reducing Friction in Transactions: The seamless and quick nature of facial recognition reduces friction in the transaction process. Users can complete payments effortlessly, contributing to a positive and efficient online shopping experience. Addressing Security Concerns: By offering a biometrically secure method of identity verification, facial recognition addresses security concerns associated with traditional authentication methods. This reassures users about the safety of their financial transactions. Adapting to Changing Consumer Behavior: As consumers increasingly seek convenient and secure payment methods, facial recognition aligns with changing preferences. Its integration into various devices and platforms caters to the evolving needs of tech-savvy consumers. Future Trends and Innovations: Multimodal Biometrics: The future of facial recognition in online payments may witness the integration of multimodal biometrics, combining facial recognition with other biometric methods for enhanced security. Continuous Authentication: Innovations in continuous authentication using facial recognition may become more prevalent. This involves ongoing verification during a session, adding an extra layer of security. Blockchain Integration: Blockchain technology may be integrated with facial recognition for enhanced data security. Decentralized identity verification could mitigate concerns related to centralized storage of facial data. Augmented Reality (AR) Enhancements: Augmented reality features may enhance facial recognition experiences, providing interactive and engaging authentication methods for users. Facial recognition has undergone a remarkable evolution in the world of online payments, revolutionizing identity verification and authentication. Its applications span across various sectors, from biometric authentication to secure login processes and fraud prevention. The benefits, including enhanced security, user-friendly authentication, and reduced dependency on passwords, have positioned facial recognition as a key player in the future of online payments. However, challenges such as privacy concerns, accuracy, security vulnerabilities, and regulatory compliance must be continually addressed to ensure responsible and ethical deployment. As facial recognition technology continues to advance, its impact on user experience and security remains profound, contributing to a safer, more convenient, and efficient online payment ecosystem. BaaS

Transforming Online Payments: The Evolution and Impact of Facial Recognition on Identity Verification and Authentication Read More »

Unveiling the Unseen: eCommerce Fraud Prevention Secrets You Need to Know

As the popularity of eCommerce grows, so does the risk of fraud targeting online firms. The digital sphere offers enormous prospects for expansion, but it also attracts clever fraudsters looking to exploit flaws in payment systems and transactions. In this blog article, we’ll delve into the lesser-known parts of eCommerce fraud prevention, revealing the methods, technologies, and best practices that may protect your business and foster client trust. The Evolving Landscape of eCommerce Fraud eCommerce fraud comes in various forms, from stolen credit card information and account takeovers to sophisticated phishing attacks. As businesses adapt to new technologies and consumer preferences, fraudsters adjust their tactics accordingly. Understanding the dynamic nature of eCommerce fraud is the first step toward building a resilient prevention strategy. Account Takeovers (ATO): ATO occurs when fraudsters gain unauthorized access to customer accounts. This can lead to unauthorized purchases, misuse of stored payment information, and identity theft. Preventing ATO requires robust authentication mechanisms, including multi-factor authentication and behavioural analytics. Card-Not-Present (CNP) Fraud: With the rise of online shopping, CNP fraud has become a significant concern. Fraudsters use stolen card details to make online purchases where the physical card is not required. Address Verification System (AVS), 3D Secure, and machine learning algorithms are essential tools for preventing CNP fraud. Friendly Fraud: Contrary to its name, friendly fraud is far from friendly. It occurs when a legitimate cardholder disputes a transaction, often claiming they didn’t make the purchase. Friendly fraud can be mitigated by clear communication, transparent billing descriptors, and comprehensive transaction records. Synthetic Identity Fraud: Synthetic identity fraud involves creating fake identities using a combination of real and fictitious information. These synthetic identities are then used to open accounts and make fraudulent transactions. Advanced identity verification methods and data analysis are crucial for detecting synthetic identity fraud. eCommerce Fraud Prevention Strategies Multi-Factor Authentication (MFA): Implementing MFA adds an extra layer of security by requiring users to provide multiple forms of identification. This could include passwords, biometric data, or one-time passcodes, significantly reducing the risk of unauthorized access. Machine Learning and Artificial Intelligence (AI): Leveraging machine learning and AI enables real-time analysis of vast datasets to identify patterns and anomalies indicative of fraudulent activities. These technologies continually learn and adapt to new fraud tactics, staying one step ahead of cybercriminals. Geolocation and Device Fingerprinting: Examining the geolocation of transactions and creating unique device fingerprints help in detecting suspicious activities. Unusual transaction locations or device behaviors can trigger alerts for further investigation. Behavioral Analytics: Analyzing user behavior helps create a baseline for normal activity. Deviations from this baseline, such as sudden changes in spending patterns or the use of unfamiliar devices, can be indicative of fraudulent behavior. Real-Time Transaction Monitoring: Implementing real-time monitoring systems allows businesses to spot and respond to suspicious transactions instantly. Automated alerts can be set up to trigger when certain criteria associated with fraud risk are met. 3D Secure Authentication: 3D Secure is an additional layer of security for online credit and debit card transactions. It adds an extra step of authentication, often requiring a one-time passcode sent to the cardholder’s mobile device, enhancing the security of online transactions. Fraud Scoring Systems: Employing fraud scoring systems assigns a risk score to each transaction based on various parameters. Transactions with high-risk scores can be subjected to additional scrutiny or declined altogether. Customer Education: Educating customers about safe online practices, secure password management, and recognizing phishing attempts can significantly reduce the risk of account takeovers and fraud. Clear communication builds a sense of security and trust. Best Practices for eCommerce Fraud Prevention Regularly Update Security Protocols: Stay ahead of evolving fraud tactics by regularly updating and enhancing your security protocols. This includes adopting the latest encryption standards, security patches, and fraud prevention technologies. Secure Payment Gateways: Choose reputable and secure payment gateways that prioritize the protection of sensitive customer data. Secure Sockets Layer (SSL) encryption is fundamental for securing online transactions. Monitor Chargeback Rates: High chargeback rates can be indicative of fraud or customer dissatisfaction. Monitoring chargeback rates allows businesses to identify and address issues promptly. Data Encryption: Implement end-to-end encryption to safeguard customer data throughout the entire transaction process. This ensures that even if intercepted, sensitive information remains unreadable. Regularly Train Staff: Educate your staff on the latest fraud trends, prevention techniques, and the importance of adhering to security protocols. An informed and vigilant team is an essential component of your fraud prevention strategy. Implement Device Authentication: Device authentication ensures that transactions are initiated from trusted and recognized devices. Unfamiliar devices may trigger additional verification steps to confirm the legitimacy of the transaction. Bottomline As eCommerce continues to thrive, so does the need for robust fraud prevention measures. By understanding the evolving landscape of eCommerce fraud, implementing cutting-edge technologies, and adopting best practices, businesses can significantly reduce the risk of falling victim to cybercriminals. A comprehensive fraud prevention strategy not only protects the business but also fosters trust and confidence among customers, contributing to long-term success in the dynamic world of online commerce. Stay informed, stay secure, and empower your eCommerce venture to flourish in the digital age. Author: Animesh Jha, Vice President, Engineering — Fraud & Risk Management Wibmo A PayU/Naspers FinTech Company Ecommerce, Fraud Prevention, Online Fraud, Online Fraud Detection, Online Payment Fraud

Unveiling the Unseen: eCommerce Fraud Prevention Secrets You Need to Know Read More »

Empowering the Unbanked: Offline Digital Payments and Financial Inclusion in India

India, with its vast and diverse population, has made significant strides in the realm of digital payments in recent years. However, a considerable segment of the population still remains unbanked or underbanked, primarily due to limited access to financial services. Offline digital payments have emerged as a promising solution to bridge this gap, fostering financial inclusion and empowering individuals who have been on the fringes of the formal financial system. Understanding Financial Inclusion Financial inclusion is a multifaceted concept that goes beyond merely having a bank account. It encompasses access to a range of financial services, including savings, credit, insurance, and payment services. The goal is to provide individuals and businesses, particularly those in underserved and remote areas, with the tools and resources needed to participate fully in the economy. Challenges to Financial Inclusion in India Several challenges have historically hindered financial inclusion in India: 1. Limited Access to Banking Infrastructure: Many rural areas lack physical banking infrastructure, making it challenging for individuals to access basic financial services. The cost and effort required to establish brick-and-mortar branches in these areas have been significant barriers. 2. Low Financial Literacy: A significant portion of the population, particularly in rural and remote areas, lacks financial literacy. Understanding the nuances of traditional banking services can be a barrier to entry into the formal financial system. 3. Documentation Requirements: The documentation required to open a bank account can be a hurdle, especially for those who may not have the necessary identification papers. This often excludes a substantial portion of the population from mainstream financial services. 4. Technological Barriers: While the penetration of smartphones has increased, a considerable number of individuals still use feature phones or have limited access to the internet. This poses a challenge to the adoption of traditional digital payment solutions. Offline Digital Payments: A Catalyst for Inclusion Offline digital payments have emerged as a transformative force, overcoming many of the barriers to financial inclusion in India. These solutions leverage technology to enable transactions without the need for a continuous internet connection, making them particularly relevant in areas with intermittent connectivity. Let’s delve into the ways in which offline digital payments are contributing to financial inclusion. 1. Access Anytime, Anywhere: Offline digital payment solutions empower users to conduct transactions regardless of their location or the availability of internet connectivity. This is especially crucial in remote and rural areas where traditional banking infrastructure is limited. 2. Reduced Reliance on Physical Infrastructure: By eliminating the need for physical branches or ATMs, offline digital payments reduce the cost and logistical challenges associated with building and maintaining banking infrastructure. This is a game-changer for reaching unbanked populations in geographically dispersed regions. 3. Simplified User Experience: Offline payment methods are designed to be user-friendly, requiring minimal technical know-how. This simplicity is key in overcoming the barrier of low financial literacy, enabling individuals with varying levels of education to participate in the formal financial system. 4. Biometric Authentication: Leveraging biometric authentication methods, such as fingerprints or iris scans, offline digital payment solutions offer a secure and convenient way for individuals to access their financial accounts. This is particularly beneficial in areas where traditional identification documents may be scarce. 5. Financial Inclusion for Merchants: Offline digital payments extend beyond individual users, providing opportunities for small businesses and merchants. By accepting offline digital transactions, even in areas with intermittent internet connectivity, merchants can expand their customer base and participate more actively in the digital economy. 6. Government Initiatives: Recognizing the potential of digital payments to drive financial inclusion, the Indian government has launched initiatives like Aadhaar Pay and UPI (Unified Payments Interface). These initiatives leverage biometrics and mobile numbers to facilitate secure offline digital transactions. 7. Financial Products and Services: Offline digital payments pave the way for the delivery of a range of financial products and services to previously underserved populations. This includes access to credit, insurance, and savings products tailored to the unique needs of different segments of the population. Challenges and Considerations While offline digital payments hold immense promise for financial inclusion, certain challenges and considerations need to be addressed: 1. Security Concerns: Ensuring the security of offline transactions, especially in areas with limited connectivity, is paramount. Robust security measures, including encryption and biometric authentication, are essential to protect users from potential risks. 2. Infrastructure Development: While offline digital payments reduce the reliance on physical banking infrastructure, there is still a need for ongoing efforts to enhance digital infrastructure, including the development of reliable networks and the availability of affordable smartphones. 3. Regulatory Framework: A conducive regulatory framework is crucial for the widespread adoption of offline digital payments. Clear guidelines and policies that foster innovation while ensuring consumer protection will play a pivotal role in shaping the future of these solutions. 4. Collaboration Among Stakeholders: Successful implementation of offline digital payment solutions requires collaboration among various stakeholders, including government agencies, financial institutions, technology providers, and local communities. A coordinated effort is essential to address the multifaceted challenges of financial inclusion. Bottom line: Offline digital payments represent a transformative force in the journey towards financial inclusion in India. By addressing the challenges of limited access to banking infrastructure, low financial literacy, and intermittent connectivity, these solutions empower individuals and businesses to participate fully in the formal financial system. As we move forward, it is imperative to continue innovating, address security concerns, and foster a collaborative environment that embraces the diverse needs of the population. The vision of a financially inclusive India can be realized through the thoughtful integration of offline digital payment solutions, ensuring that no one is left behind in the digital era. BaaS

Empowering the Unbanked: Offline Digital Payments and Financial Inclusion in India Read More »

Browser Fingerprinting- Part 2

Are you all set to find out more about browser fingerprinting? We bring you Part 2 of this series. Types of Fingerprinting Techniques: Canvas Fingerprinting: The browser fingerprinting technique uses the HTML5 canvas element to identify variances in a user’s GPU, graphics drivers, or graphics card. Steps- First, the script draws an image, often overlaid with text. Then, the script captures how the user’s web browser has rendered the image and text. Naturally, every device with different hardware and drivers will render the image slightly differently, distorting its colour and shape. A hash is then computed using the rendered image’s data, which serves as the ‘canvas fingerprint.” The scripts used for canvas fingerprinting operate in the background to keep the user from realizing that the fingerprinting is occurring. This fingerprinting technique is accurate and not too processing-intensive, making it one of the most commonly employed script techniques. The visitor’s specific browser and device render images, which can be narrowed down to a pool of fewer than 0.01% of total visitors. WebGL Fingerprinting: WebGL fingerprinting is very similar to Canvas fingerprinting, as they both use the browser to render images off-screen. The WebGL API can be used to render 3D forms in the browser. With the help of the three.js JavaScript library, many 3D forms can be rendered, such as Sphere Cube Precomposed geometric shapes The test is not that reliable because it is too sensitive to changes in the environment, such as the size of the browser window or the use of the browser console. These changes caused the dimensions of the rendering context to be updated, which resulted in different rendering results when the page was reloaded. The methodology is still to use images to distinguish users based on their graphics drivers and device hardware. Media Device Fingerprinting: This technique uncovers a list of all the connected media devices and their respective IDs on a user’s laptop or PC. This includes all internal media components like video cards and audio cards, as well as all connected or linked devices like headphones. Media device fingerprinting is not widely used for fingerprinting functions. This is because it requires the user to grant access to their microphone and camera to get a complete list of connected devices. Audio Fingerprinting: While other fingerprinting techniques force browsers to render a text or image, this technique checks how their devices play sound. The browser vendor and version used impact minute differences in sound waves generated by a digital oscillator and differences in CPU architecture. Clock Skew: Clock skew is a measure that can be used to identify the hardware specifications of a machine by analyzing the uneven arrival of electrical signals from a clock generator at different components. These differences can be affected by temperature variations in the hardware and can be analyzed with sufficient data and numerical analysis. This is considered an extreme measure in the field of fingerprinting. Browser fingerprinting workflow: Utilizing browser fingerprinting for authentication during payments as an additional layer of security and protection against fraud is helpful, but it has to be coupled with a two-factor authentication process. Two-factor authentication involves verifying a user’s identity using two different methods, such as a password and a fingerprint or a code sent to their mobile device. By adding browser fingerprinting as a third factor, Wibmo’s Trident FRM solution uses canvas fingerprinting and creates a more secure and reliable payment authentication process. It is important to ensure that proper privacy protections and data security measures are in place, as browser fingerprinting data is unique to each user and can be used to track and identify individuals across different websites and devices. Additionally, it’s important to comply with data privacy regulations such as GDPR, CCPA, and the upcoming Digital Personal Data Protection Bill when collecting and storing browser fingerprint data. Fingerprinting and Online Fraud Detection: Browser fingerprinting techniques can be useful for identifying and targeting visitors with a pattern of fraudulent behaviour on a website. These techniques can be particularly effective in identifying users who use identity concealing techniques such as disabling cookies, using a VPN, or browsing in incognito mode. 1.In cases of account takeover, where malicious users try to hack a legitimate user’s account, fingerprinting and other user identification technologies can be used to add additional security measures to the login process for suspicious traffic only. 2.To prevent brute force or bot attacks, it is best practice to require users to solve a CAPTCHA after a certain number of failed login attempts and to lock out the user for a set time after a certain number of attempts, as such attacks often rely on automation and thus may not have the unique browser configurations of genuine users. a. Browser fingerprinting can detect bots through their unusual browser configurations. b. Multiple login attempts with the same fingerprint can signal a brute-force attack. c. Bots that either lack a unique fingerprint or use identical fingerprints can be spotted and investigated. d. It can improve CAPTCHA systems by triggering a CAPTCHA when a fingerprint is linked to suspicious activity. 3.For phishing scams, requiring email or two-factor authentication for new fingerprints attempting to log in and blocking repeatedly visited fingerprints can also be effective measures. Conclusion: Limitations and current scenario of browser fingerprinting: Author: Vaibhav Chandel, Product Manager Wibmo A PayU/Naspers FinTech Company BaaS

Browser Fingerprinting- Part 2 Read More »

BIN Attack Fraud

Card not present (CNP) transactions are those where the purchase is made without presenting the physical card to the merchant at the point of sale. As more and more physical stores are using EMV-compliant terminals, Javelin Strategy & Research credit card fraud statistics report that card-not-present fraud is now 81% more likely to happen than card-present fraud. Card-not-present transactions can be done via online merchants, telephone orders, or mail. There are various modus operandi to commit CNP fraud, such as account takeover using phishing scams, malware infection to capture keystrokes, or friendly fraud. In such scenarios, the cardholder is involved in the fraud, and it is kind of a personalised attack. However, today we will talk about an impersonal attack where a fraudster exploits a BIN (bank identification number) and uses distributed computing power to automatically generate the remaining numbers and test these combinations to see which card numbers are correct and if the cards are active. This kind of attack is called BIN attack fraud. The subtlety of BIN Attack fraud is that it does not involve any data breach or ID theft; it is just a pure random coincidence that a victim’s card number is chosen. The compromised cards can have a significant impact on issuing banks in terms of chargebacks, call c entre volume spikes, and re-issuance expenses. Furthermore, any cardholder disruption or friction during this tenure leads to a loss of interchange revenues. The damage to the bank’s reputation could lead to cardholders switching the bank’s services to another, more secure bank. A merchant involved in BIN attack fraud faces increased disputes or chargebacks, additional fees, and regulatory fines. Depending on the nature of the attack and risk profile, the acquiring bank may choose to suspend support for the merchant’s site. The cardholder’s bank may restrict purchases from your site, resulting in further financial losses. Refunding any fraudulent transactions is an operational challenge, not to mention the reputational loss. Thus, BIN attack fraud is a problem both for issuers and merchants. Preventing a BIN Attack Fraud To prevent BIN attack fraud, the merchant or the issuing bank can deploy a few techniques: Enable 3D security. The latest version of EMV 3DS 2.x is an additional security layer for online credit and debit card transactions that aims to achieve a balance between security and user convenience. As a merchant, enable a CAPTCHA test to tell humans and bots apart. While this may create friction for genuine customers, it’s an effective deterrent against BOT scripts. Deploy an anti-fraud solution that can look at many aspects and block transactions or alert your fraud analyst. A good anti-fraud solution should have: Ability to spot multiple low-value transactions (unusually low for the merchant’s business). Multiple declines within a short period The timing of transactions may be unusual for the merchant, business, or cardholder. A large number of transactions from the same BIN were attempted in a short period of time (a few seconds apart). IP Velocity Checks: Even though these days, through proxy and spoofing, fraudsters can make it seem that the transactions are coming from different IPs, Use an anti-fraud solution that deploys good device fingerprinting techniques to solve this issue, as fingerprinting is impervious to IP proxies. Unusually large volume of international transactions for a given merchant or for a cardholder. Look for patterns, cards with sequential numbers, the same card number but different expiration dates, or CVV codes. Ability to create a profile for the merchant and cardholder and alert in case of any significant deviations. There are a few additional measures that the industry could take, such as creating advisory, actionable intelligence, and a listing of sites that anti-fraud tools can take advantage of. EMV 3DS 2.x allows merchants and acquirers to do a risk assessment prior to making an EMV 3DS authentication call to the issuer. A combined risk assessment from both the acquiring and issuing sides acts as a strong deterrent to fraudsters. Both issuers and acquirers can pool their intelligence and create a shared intelligence pool of fraud markings to identify common points of fraud. Information on declines on the switch side during authorization when fed into 3DS authentication ACS gives actionable intelligence to anti-fraud tools. BIN attack fraud is still a crude brute-force attack vector that is detectable, and preventive measures can be taken to interrupt it. A well-informed merchant and bank implementing a defensive anti-fraud solution that keeps itself abreast of the latest advisories combined with continuous monitoring of anomalous behaviour can stay a step ahead of this kind of fraudulent attack. Author: Ajit Nair, Director Product Management Wibmo A PayU/Naspers FinTech Company Cnp, Fraud, Fraud Prevention, Payment Fraud, Payments

BIN Attack Fraud Read More »

Browser Fingerprinting- Part 1

Overview: 1. A user’s device’s hardware, operating system, browser, and configuration are all included in a set of data called a “browser fingerprint.” 2. Via a simple script running inside a browser, a server can collect a wide variety of information from public interfaces called application programming interfaces (APIs), HTTP headers, device information, etc. 3. The method of gathering data from a web browser to create a device fingerprint is known as “browser fingerprinting.” Cookies vs Browser Fingerprinting: Cookies Fingerprinting: Small pieces of data are stored on a user’s computer by a web browser when they visit a website. They are used to store information about the user, such as preferences and browsing history, and to track user behaviour on the website. They are typically used to improve the user experience by remembering information about the user and their preferences, but they can also be deleted, blocked, or turned off entirely. Cookie tracking involves placing a unique identifier on a person’s web browser, and fingerprinting occurs when a company (the website owner) creates a profile of the device’s unique characteristics. The General Data Protection Regulation (GDPR) regulates the rules for covert data collection, which is why websites often ask users to approve or disapprove of cookies. Browser Fingerprinting: Information includes details about the browser, network, and device, such as the language used, keyboard layout, time zone, cookie settings, operating system version, etc. By combining all this information into a fingerprint, advertisers can recognise a user as they move from one website to another. Studies have shown that around 80–90% of browser fingerprints are unique. This is done by advertising technology companies that insert their code onto websites and collect data about online activity. Once established, a fingerprint can potentially be linked with other personal information, such as data held by brokers. GDPR: Browser fingerprinting also falls under the purview of the GDPR to protect user privacy. However, nothing has been explicitly mentioned about it. The GDPR establishes six legal grounds that enable the processing of data, including user consent and the “legitimate interest” or consent of the person doing the tracking: In the context of browser fingerprinting, these general rules apply as follows: Companies using fingerprinting must ensure that their interests in tracking user information do not override the user’s fundamental rights and freedoms, including their privacy. The website must also provide detailed information to the user about the scope, purposes, and legal basis of the data processing. Fingerprinting should be transparent when using and processing data about anonymous visitors. *Browser fingerprint technology has enabled marketers to run targeted campaigns on the internet at any stage of the marketing funnel. Parameters and the Math: Uniqueness: It means to provide enough ground for identification; the more unique a fingerprint, the more identifiable it is. When the fingerprint has an attribute, whose value is only present once in the whole dataset or when the combination of all its attributes is unique in the whole dataset. Stability: This links the browser fingerprints that belong to the same device. For stability, the quantity of modified information (each time the user’s fingerprint is obtained) should be as small as possible. Entropy: Defines the amount of uniqueness that a specific property exposed by the browser (such as the User-Agent header) introduces into a browser fingerprint. Usually expressed in bits, the higher the entropy, the more unique and identifiable a fingerprint will be. After the new dataset is tested repeatedly, giving similar correlated probability outputs, we can say that a technique is effective in terms of its ability to say that a fingerprint is unique! Blueprint: Using Browser Fingerprinting for Authentication Information gathered: Browser fingerprinting can gather a lot of information (more than 100 data attributes) from a browser, for example: Device model Operating system Browser version User time zone Preferred language settings Keyboard layout Ad blocker used Screen resolution Tech specs of the CPU graphics card, etc. The logic is to have enough specifics about a user’s device and settings to pinpoint them in a sea of internet users. A specific fingerprinting technology employs several cutting-edge browser identification methods to gather over 100 individual signals. These signals are combined with server-side analysis and deduplication to generate a visitor ID, providing a persistent and valuable abstraction of a browser fingerprint, which can be volatile if a user changes settings or updates software on their device. Watch out this space for Part 2! Author: Vaibhav Chandel, Product Manager Wibmo A PayU/Naspers FinTech Company BaaS

Browser Fingerprinting- Part 1 Read More »

UPI Fraud Trends and Their Possible Mitigation

With over 2 billion transactions worth over INR 4.5 trillion processed every month, India’s United Payment Interface (UPI) has revolutionized the digital payment ecosystem. UPI has been emerging as the most preferred payment method among Indians. However, at the same time, we are witnessing a rise in fraudulent transactions in recent times. A total of 1,46,495 unified payments interface (UPI) fraudulent activities were reported on the National Cybercrime Reporting Portal (NCRP) during the first and second quarters of 2022, as per the Ministry of Home Affairs (MHA). Up until now, banks and financial institutions have predominantly relied on educating consumers against fraud. But, in cases of fraud, the consumer is at the mercy of the grievance process, which adversely affects the consumer experience and dents customer loyalty. Fraud Trends and Their Possible Mitigation Impersonating Sellers and Customer Care It is more of a habit to google customer care contacts when facing issues with our online purchases. Fraudsters are flooding the internet with fake customer care details to lure in consumers. After gaining the trust of gullible customers over the phone, refund collect requests are shared via QR codes, SMS links, and so on. Financial institutions can integrate with technological solutions that detect and alert the customer in the event that a payment is made over the phone. Spoofed VPA IDs In the name of disaster relief or support, fraudsters created multiple spoofed VPA IDs that are remarkably similar to the original ones. In recent times, we witnessed an unprecedented rise in VPA IDs, similar to the PM Cares Fund. Maintaining a list of suspicious keywords such as support, relief, care, disaster, army, minister,” etc. and running risk rules over transactions being made to VPA IDs containing high-risk keywords have the potential to curb fraudulent transactions. Screen mirroring apps and malware Through malicious links, fraudsters get consumers to download screen-sharing or remote-access apps or malware. Once installed, the fraudster gains access to confidential UPI details, which are then used in combination with other modus operandi, such as SIM-swapping. Payment apps should have the capability to detect potential malicious apps already downloaded on the device and restrict payments from going through. Collect Request Through classified ads, fraudsters initiate conversation with sellers they are impersonating as potential buyers. Creating a sense of urgency, the fraudster intends to make a quick payment without much negotiation and sends a collect request, sometimes in the form of a QR code. The VPA IDs used by fraudsters are generally gibberish and at times have numbers or alphabets in sequence. Banks or financial institutions’ apps should have the capability to detect such patterns on beneficiary VPA handles. UPI has made digital payments more accessible and convenient for millions of people in India, and it is expected to continue to play a significant role in India’s digital payments ecosystem in the coming years. With continued efforts of educating consumers against frauds, banks and financial institutions should leverage the technological advancements against the mushrooming UPI frauds. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company BaaS

UPI Fraud Trends and Their Possible Mitigation Read More »

Regulator asking your bank to migrate from SMS-based OTPs to more secure authentication options? Use the opportunity to derive multiple benefits

Central Banks are proactively taking steps to reduce the risk of banking/financial fraud The phrase “two sides of the same coin” applies to the world of digital banking and financial services as well. Internet/mobile based banking capabilities have undoubtedly enabled convenience and speed for consumers and reduced costs for service providers. Simultaneously, however, there has also been a steady rise in digital frauds and scams around the world. New ways of scamming consumers are constantly emerging because omni-channel digital first banking has given perpetrators more options based on how banking transactions are authenticated. Central banks around the world have regularly been raising the bar for digital security within their jurisdictions, given their responsibility for orderly conduct of a country’s banking and financial services system and ensuring the highest levels of consumer safety and protection. Individual banks and fintech players are proactively integrating new technologies and protocols to provide customers with the additional security of multi-factor authentication. About a month ago, Bank Negara Malaysia (BNM, the Malaysian central bank) announced that banks operating in that country needed to adopt authentication methods for online activities (opening accounts, making payments and other transactions) that go beyond SMS-based OTPs (One Time Passwords). BNM’s new measures also cover changes to default customer account settings, cooling off periods for new accounts, using just one device for authentication, etc. The rules pertaining to the detection of scams/frauds and the triggering of blocking actions are also being tightened. While many of the steps will kick in after suspicious transactions are detected, what is essential for banks is to strengthen measures that can minimize the occurrence of frauds and scams through superior digital authentication and the detection of risky transactions. OTPs and two-factor authentication are no longer adequate Over the past years, OTPs have become ubiquitous and deeply embedded in our lives as the primary means to authenticate all banking (and many other) transactions. But the two-factor authentication provided by OTPs is no longer enough to provide customers with the desired levels of safety and protection. Authentication is based on entering the 4 or 6 digits sent by the service provider to the customer’s mobile number. It does not verify the identity of the person who has entered the OTP. This means anyone with access to the OTP can easily impersonate a customer and complete transactions without the genuine customer being aware until it is too late. Think about three commonplace scenarios that customers might routinely face: a lost or stolen mobile phone, an unlocked phone on their office desk while they briefly step out, or a phone given for repairs (where unscrupulous staff members have the chance to copy/access personal data). In each of these situations, unauthorized persons can easily access OTPs and other transaction-related messages sent by banks to the phone and essentially “authenticate” transactions that will go through as legitimate transactions initiated/approved by you. If such impersonation risks are not bad enough, think about phishing frauds and scams where users are induced to click on links that they believe have come from their bank or other service providers via SMS. A world of non-banking digital payment apps and platforms gives fraudsters even more opportunities to scam customers by voluntarily giving out information that is needed to complete unauthorized financial transactions. In such a high-risk environment, online authentication must necessarily be made a more rigorous and fool-proof process that is inherently harder to circumvent. Rather than relying on an OTP that can be entered by anyone (and not just the genuine customer), banks must adopt authentication protocols that use multiple data points that can be collectively used to establish customer identity and authenticity of transactions. Multi-factor authentication can make a big difference to the reliability of your authentication and hence customer experience Banks need to balance secure and reliable authentication with the associated costs and impact on customer experience. Working even when there is mobile network latency (or lack of network coverage) is another requirement. Compliance with the bank’s own security norms and complete adherence to prevailing regulatory requirements also needs to be considered. The solution must be such that it can be used seamlessly with mobile banking as well as internet banking. Multi-factor authentication (MFA) solutions tick all these boxes. A robust MFA solution uses a combination of three distinct sets of data points for authentication: · Knowledge- what the customer knows (e.g., password, security question); · Ownership/access- what the user has (e.g., mobile device, USB token); and · Inherence- something that is inherent to the customer (e.g., fingerprint or other biometrics) A world-class MFA solution must provide banks (and other organizations) the option to authenticate customers and transactions based on a variety of authentication touchpoints that cater to customer preferences and risk profiles. It must be used either on a standalone basis or be capable of easily being integrated with a bank’s existing assets. It must support Out of Band (OOB) authentication- which means that the channel used for authentication must be distinct from the one used to sign in or perform a transaction. Ideally, the OOB authentication element must reside in the customer’s registered mobile phone, making it easier to leverage ownership- and inherence-based data points as well for authentication. The MFA solution must be compatible with EMV 3-D Secure and 3-D Secure 1.0 protocols and support CNP transactions as well. Wibmo’s Tridentity is an MFA solution that is designed to address the above needs and deliver the above capabilities. It supports authentication based on Push notifications, Offline OTP, and Biometrics. It is available as a simple SDK or downloadable as an Android/iOS app. Tridentity is compliant with the EU’s PSD2 initiative. Please click on https://www.wibmo.co/tridentity/ for more information on Wibmo’s Tridentity solution and how it can help your bank in Malaysia or elsewhere. If you have specific questions and would like to speak to one of our experts, write to us at sales@wibmo.com. Author: Edward Chien, Director- Sales, South-East Asia Wibmo A PayU/Naspers FinTech Company Authentication, Multi-Factor Authentication, Online Payments, Out of

Regulator asking your bank to migrate from SMS-based OTPs to more secure authentication options? Use the opportunity to derive multiple benefits Read More »

Moving beyond SMS OTP Authentication

If you have ever transacted or purchased online, you must have come across the OTP Authentication. The system-generated code delivered through SMS on your device serves as a verification of the claim that you are the actual owner of the device as well as the account/card/wallet through which the transaction is initiated. The authentication or verification of our identity as who we claim ourselves to be is a part of our day-to-day lives. Be it checking in at the airport or going past the security desk of an office, though we identify ourselves with our name, we authenticate ourselves with some other form of ID card. With growing security concerns, both in the physical and digital worlds, authentication methods have evolved not only to protect but also to provide a seamless experience to users. The ways in which one can be authenticated fall into three categories: · Knowledge: Something the user knows (eg. Password) · Ownership: Something the user has (eg. ID card) · Inherence: Something the user is (eg. Fingerprint) The above categories are referred as the Authentication Factors and the use of the number of factors in an authentication process derives its name. · Single-factor Authentication: Requires providing only one piece of verifiable information such as a password · Two-factor Authentication(2FA): Requires providing two pieces of verifiable information such as a password and then proof of possession of their smartphone (through an SMS OTP delivered on that device) · Multi-factor Authentication: Required to provide two or more pieces of verifiable information. As in the case of 2FA, where two categories (factors) of information are required, it is also considered an MFA. The idea of an OTP was first suggested in the 1980s by Leslie Lamport. With growing attacks and increasing authentication requirements, many patented OTP algorithms were developed. Today, OTPs are synonymous with two-factor authentication and are thought to augment existing passwords with an extra layer of security. Yet, fraudsters manage to circumvent it every day. SIM SWAP: In this scenario, a fraudster uses the stolen identity (name, email, government ID, etc.) to trick a mobile service provider into issuing a new SIM card for an existing phone number. Once the new SIM card is active, the original SIM card will be shut down, and the fraudster will try to gain access to the user’s financial application. Once the fraudster has gained access, the last line of defense—2FA or SMS OTP, is compromised. JAILBREAK or ROOT: Removing software restrictions put in place by manufacturers, to gain full access to the device’s operating system is called “jailbreaking” for iOS and “rooting” for the Android operating system. Generally, it is aimed at customizing the user experience or gaining access to a greater variety of unofficial apps. Jailbroken and rooted devices are susceptible to malware and viruses due to the weakened built-in security features of the devices. This eliminates security controls made by the manufacturer, which enables hackers to steal personal information, attack the network, or introduce malware, spyware, or viruses to circumvent the authentication measures in place. Investigating the feasibility of implementing a code by financial institutions that checks if the device is rooted or jailbroken prior to the installation of the mobile application and disallows the mobile application to install or function if the phone is rooted or jailbroken, can save its customers from possible fraud. Increasing layers of security is not a feasible solution for financial institutions when consumers prefer speed and convenience, even when it comes to accessing financial services online. User experience has become one of the determining factors when it comes to user adoption in any industry globally. Not receiving an SMS OTP, is one of the most painful experiences one can have as a user. Latency, in addition to the SMS cost, is a challenge for financial institutions in the exponentially growing digital era. Maintaining a balance between fighting fraud and improving the consumer experience is a challenge. Leveraging inherence-based authentication, such as biometrics, or ownership-based authentication, such as push notifications on the registered device, are some of the authentication measures that cater to both security and the consumer experience. Technological solutions with multiple authentication measures other than SMS OTPs and device binding are the way forward for providing a delightful customer experience without compromising security. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Authentication, Fraud Prevention, Global Digital Payments, Payments

Moving beyond SMS OTP Authentication Read More »

True Cost of Combating Payment Frauds

A quick recap of major players involved in payment transactions : 1. Customer 2. Issuer Bank — holding the customer’s bank account 3. Payment Networks — Visa, Mastercard, NPCI, etc 4. Merchant 5. Acquirer Bank — holding the merchant’s bank account In simple terms, Payments Fraud is the one where someone made unauthorized payments/purchases. Though the liability of fraud differs(customer/merchant/banks etc) on a case-to-case basis, someone in the payment system has to finally bare the brunt and mark the money as lost in their respective books. Fraud is a global issue that affects not only individuals but also organizations — merchants, banks, insurance companies, and who so ever is dealing with payments. Payments frauds have been crippling every country across the globe and according to recent studies, the epidemic of payment fraud has been growing over the recent years. When it comes to payments, there are 2 major elements – 1. FALSE NEGATIVE — when an act of fraud goes undetected and through the payment system 2. FALSE POSITIVE — when a faulty fraud detection system blocks a legitimate transaction. Anti-fraud solutions and fraudsters are caught in a cat-and-mouse game. Both have been leveraging technological innovations to meet their underlying need and eventually adding to the cost of combating fraud. Whenever we come across the term COST, our first thought is that it’s a mere cumulation of expenses incurred in producing or building a product or service. However, in financial terms, the cost is segregated into — Direct Cost and Indirect Cost. The majority of the time, indirect costs are neglected when it comes to deriving the actual cost of a project due to the difficulty associated with deriving a cost-effective methodology for the assignment of indirect costs. When it comes to defining the cost associated with fraud, organizations generally tend to consider the amount lost in the fraud process. These numbers are a significant percentage of the topline revenue. Moreover, it’s a concerning fact that even less than 20% of businesses are able to fully recover the amount from unauthorized transactions and other fraudulent activities. Apart from the obvious Direct Cost — fraud amount value — associated with the transaction, the Indirect Cost often goes unnoticed. Cost of Combating Fraud: Huge infrastructure and resources — manual as well as technological are deployed by organizations in payment authentication and authorization. The cumulative loss arising from both False Positive and False negative scenarios burn a larger hole in terms of operational efficiency. Cost to Reputation: Businesses incurs huge cost when it comes to building a reputation of trust through the marketing function which employs varied techniques to increase the perceived value of a product or service over time. Undetected frauds and consequent delays in grievance redressal often leave the customer/merchant with a bad experience with their respective banks and also with the payment entities involved in the process. Cost of declining Genuine transactions: High False positive rates can leave the customers/merchants frustrated. Organizations leave no stone unturned through sales and marketing and customer support to acquire and retain a customer. In the era of fierce competition, if one thinks Customer acquisition is hard, think about the retention of a frustrated customer. It is somewhat now possible to measure fraud and error losses but one needs to surely factor in the Indirect Costs in order to make a proper judgment about a proportionate level of investment to be made in reducing them through the deployment of anti-fraud tools. Direct costs associated with fraud are just the tip of the iceberg and give even less than half a picture of the menace lying underneath. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Anti Fraud Management, Digital Payment, Fraud Detection, Fraud Prevention, Online Payments

True Cost of Combating Payment Frauds Read More »

RETURN FRAUD- The e-commerce way of Shop-Lifting

The pandemic changed the way consumers shopped. A black swan event changed consumer behavior and Online shopping is one of the segments to reap benefits. The pandemic and the exponential growth in e-commerce forced traditional brick-and-mortar shops to adapt to the evolution. Pre-pandemic brick-and-mortar shops kept a cautious eye on shoplifters but the e-commerce boom came up with its own shoplifting nemesis, say Hello to RETURN FRAUD. Fraudsters abuse the retailer’s fraud policy which was actually created for customer delight and it’s the smaller e-retailers who bear the brunt of Refund Fraud. The modus operandi of Refund Frauds differs from traditional frauds as it takes place post transaction — once the goods have exchanged ownership from the merchant to the consumer. A thriving ecosystem, Fraud-as-a-Service (Professional Refunders) has come into place to support those who wish to take advantage of lax return policies without actually having to go through the process. Reddit and Discord channels are leveraged as promotional grounds for these Illegal Life Pro Tips (ILPT) Modus Operandi 1. Everything is legitimate during the online transaction. Fraud is initiated once the good is received by the consumer. 2. Consumer goes to a Professional Refunder who charges a percentage cut on the refund value. 3. Refunder impersonates the Consumer 4. Refunder initiates the escalation with the merchant and uses the PERFECTED METHODS to get a refund without returning the product. A few of the Perfected Methods : a) Substance Leak — With doctored images/videos refunders report hazardous breakage such as monitor capacitor leakage, or battery acid leakage, thus making the product legally un-shippable. b) Partially Empty Box — Generally used for tracked shipping where the package is claimed to have arrived but has missing components. c) Fake ID Tracking Numbers — A properly weighed package is returned back without the actual goods. The shipping address is doctored to a new but incorrect address. Refunder then initiates a return claim with the merchant — to whose naked eye the package appears to be shipped and delivered back. d) Blood or Maggots — Claiming of finding questionable substances (again, doctored images/videos) in the product received and thus a reason for why one can’t possibly handle the opened package. Refund Fraud not only is a concern to merchants but also runs a risk of putting consumers’ virtual assets at risk such as email, passwords, card details, etc — as refunders offer Fraud-as-a-Service, access to the buyer account. Apart from the complicated methods listed above employed by professional refund fraudsters, consumers, with a Robin Hood mentality, too are learning about refund fraud and executing Refund Fraud as : a) Bricking: A working item ( generally electronic items) is purchased with the intention to be returned after stripping down the valuable component and rendering the item eventually unusable. b) Wardrobing: Majorly observed with expensive clothing. An item is purchased, used, and eventually returned. c) Switch Fraud: Returning a previously owned defective or damaged identical item with the aim of cashing on to the refund. Be it the retailers or the e-retailers have a return policy in place but a fine balance needs to be maintained — neither overly complex nor overly relaxed. The process of refund dents a blow to the bottom line not only in terms of labor involved in the process but also in refurbishing the returned items. Trying to avoid Return Fraud by adding manual resources will be a mountain task in this era of data where organizations are sitting on a mountain of data as well as leveraging data from other sources. Multiple data enrichment tools provide services as quick reverse checks on multiple data points for instance email addresses. Current innovations in fraud detection software over the recent years have made it possible to curb the menace of fraud even with very little technical knowledge. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Fraud, Fraud Detection, Fraud Prevention, Return Fraud, Risk Management

RETURN FRAUD- The e-commerce way of Shop-Lifting Read More »

Importance of Fraud and Risk Management Solutions for Financial Institutions

Technology and trust must go hand in hand Technologies are undoubtedly transformative for businesses and their customers. But to fully deliver the promised benefits, technologies must consciously build trust amongst all legitimate users and stakeholders. Trustworthiness is becoming critical by the day in an increasingly digital world because of the rising incidence of online fraud. Just as quality at the source is a mantra for manufacturing companies, the detection, and prevention of fraudulent transactions as soon as they originate is important for banks and financial institutions. At the same time, customer convenience has to be balanced out. Regulators expect banks to enhance their digital abilities to detect/prevent frauds/crimes Regulators play a key role in ensuring the safe, smooth, and efficient functioning of the banking and financial systems within their individual jurisdictions. As such, central banks worldwide have begun to tighten various regulatory requirements in order to reduce the risk of fraud made possible by technological or process loopholes in the systems used by banks and other financial institutions. In March 2022, the Bangko Sentral NG Pilipinas (“BSP”, the central bank of the Philippines), published amendments to its “Regulations on Information Technology Risk Management” with the specific objective of enhancing customer protection. To ensure that digital banking channels are made safer and more reliable, the BSP requires banks operating in the Philippines to implement automated and real-time fraud monitoring and detection systems capable of identifying and blocking suspicious or fraudulent online transactions. Starting 1 September 2022, banks must be prepared to show BSP their action plans; and full compliance with a readiness plan is expected by 31 December 2022. While the Fraud Management systems implemented must commensurate with the bank’s operations and the scope of its digital platforms, BSP does expect that the solutions that banks put in place will, at a minimum, deliver the following capabilities: · Monitoring, collecting, and analyzing transaction data arising from all physical and digital banking and non-banking channels; · Integration with the bank’s Anti Money Laundering (AML) systems to provide a more robust and comprehensive mechanism to prevent financial crimes (and not just detect them); · Building customer profiles and analyzing behavior to detect frauds based on changes in usage patterns; and · Secure scalability to handle growing transaction volumes. FRM solutions must give robust Fraud detection and prevention capabilities without damaging customer relationships Frauds and other operational risks not only damage customer confidence in individual banks (and the banking system as a whole) but can also lead to financial losses (reparations, penalties) and harm your brand/reputation. Clearly, the costs of not having a state-of-the-art Fraud & Risk Management System (FRMS) are high. While there are many FRMS solutions out there, not all of them are equally efficacious. This is because each one uses different protocols to detect and analyze risks and thereafter, determine further courses of action. Wibmo’s Trident FRM platform offers multiple advantages Wibmo’s Trident is an enterprise fraud and risk management platform that uses advanced authentication protocols and ML-driven statistical models. Our platform makes approval/ challenge/ decline decisions based on rigorous, real-time assessment of more than 100 parameters related to the device, user, and transaction (e.g., merchant, location, IP address, time of the transaction, value, etc.). This Risk-Based Authentication (RBA) approach provides a more robust and reliable assessment of the risk of every individual transaction. The omnichannel capability of the platform is an added advantage wherein the bank’s operations team gets a central view of their customer’s transactions across channels For banks operating in the Philippines, Trident can ensure full compliance with BSP’s amended regulations within the stipulated timeframe. However, irrespective of where your bank operates, there are many other reasons why Trident could be the right FRMS solution for your bank: · Many banks rely on disparate legacy systems and point solutions for specific functions (e.g., AML, branch-based KYC transactions, etc.). Integrating data from myriad systems is neither easy nor efficient; the chain is only as strong as the weakest link. Therefore, our risk management platform is API-driven. What is more, it uses 360o degree customer data and insights to detect anomalous behaviors that might indicate fraud or misuse. · Trident is sensitive to the need for banks to deliver a seamless, speedy, and superior customer experience for every legitimate transaction; this minimizes customer friction– key to building loyalty and enhancing lifetime value. · Customers (and fraudsters) can use multiple channels to effect transactions (e.g., 3DS, mobile payment, ATM/POS, online retail/corporate banking). The FRMS solution your bank adopts must be able to function equally effectively- and seamlessly- across channels (to handle situations where customers legitimately switch channels). Our platform uses AI/ML to safeguard customers, merchants, card issuers, and networks in an omnichannel environment. Sometimes, frauds are perpetrated at the merchant level (e.g., by employees misusing customer cards for fraudulent transactions). The Trident platform can detect and prevent such misuse as well. Trident enables full compliance with FATF and AML-CFT, thus helping to prevent financial crimes. · Your bank works with various card networks (Visa, MasterCard, American Express, etc.). Trident is compatible with all networks; it gives you get a network-agnostic RBA score thus strengthening your bank’s overall ability to detect, prevent and manage fraud risks. · Trident can be fully deployed on Cloud, thus assuring high availability and scalability so that 100% of your bank’s transactions are processed in real-time to validate the authenticity and assess risk before completion. · Our FRMS platforms are rules-driven. This lets your bank respond quickly to emerging threats with the help of “quick rules” and “expression rules” for more complex threat scenarios. The bank will also be equipped with Rule Wizard wherein the operations team can build rules on the fly · Quick investigation and resolution of transactions are important to ensure customer satisfaction, and regulatory reporting/compliance as well as enhancing the bank’s preparedness to prevent future false positives. Efficient and workflow-driven case management capabilities built into our platform allow investigators to track, investigate and resolve transactions quickly. This also reduces your bank’s operational expenses– a major benefit gave the pressure on margins. · Banks that adopt

Importance of Fraud and Risk Management Solutions for Financial Institutions Read More »

Understanding ONDC and what banks must do to benefit from it

Introduction: what is ONDC and why it is a game-changer for India India’s digital commerce industry is growing rapidly. From around US$38 Billion in 2021, it is expected to touch US$120 Billion by 2026 (source: KNN India), and possibly cross US$200 Billion by 2029 (source: India TV News). Given the country’s demographics and internet penetration, digital commerce is still an underserved market in India. Thus far, its biggest beneficiaries have been large monopolistic marketplaces/platforms because of the massive investments needed. But there is a change in the air. Technology-led innovations such as India’s Open Network for Digital Commerce (“ONDC”) are creating open, network-centric digital commerce models to compete with existing platform-centric models. ONDC promises to revolutionize the country’s digital commerce landscape by democratizing access/participation. Over the next few years, the transformative effect will be similar to what UPI has done for digital payments. ONDC is a public infrastructure project being executed by a non-profit organization under the aegis of the Government of India’s Department for the Promotion of Industry and Internal Trade. In April 2022 pilot projects began in five Indian cities; 100 cities are to be covered by the end of August 2022. A number of public and private sector banks (e.g., SBI, PNB, Kotak Bank, Axis Bank, HDFC Bank) have already invested in ONDC. The “my way or the highway” approach taken by many proprietary e-commerce platforms has led to predatory practices. Smaller businesses are disadvantaged because they inherently lack bargaining power vis-à-vis these e-commerce marketplaces/platforms. ONDC aims to create a level playing field for thousands of small businesses across India as well as customers living in rural areas and smaller towns so that they can all benefit from digital commerce. ONDC is effectively a platform that allows you as a consumer to search and buy products/services that are currently offered only on multiple marketplaces, without having to log into each of them. You can conveniently browse and buy products that are listed on Amazon, Flipkart, Meesho, Myntra, Neu, or indeed anywhere else- using just one app. As a seller, registering on this platform gives you access to customers of multiple marketplaces. There is no need to list on multiple marketplaces, be tied to specific delivery partners, or comply with the different requirements of these platforms. The main beneficiaries of ONDC ONDC is designed to benefit three main categories of stakeholders: · Small businesses/suppliers of goods and services, who can access a larger market; · Customers across India (especially those in smaller towns and rural areas), who will get greater choice and better prices; and · Banks, who get another chance to be a relevant intermediary in digital commerce (both in the retail and SME space). Since the launch of UPI-based payments in 2016, proprietary payment platforms owned by non-banking players such as Google, Amazon, PayTM, etc. have accounted for a majority of digital payment transactions, especially in the retail space. Banks found themselves left behind. Both sellers/merchants and buyers/consumers are banks’ traditional customers, but third-party digital apps have effectively disintermediated them. By registering on ONDC, banks can offer solutions to both sets of customers. Banks get the opportunity to efficiently monetize their relationships with customers- a key source of competitive advantage in an increasingly digital, ecosystem-driven world. ONDC will give banks access to a much larger base of prospects and customers; it will also allow banks to offer these customers a larger bouquet of products/services (both banking as well as those offered by partners on the network). For example, banks can target retail customers with offers related to insurance, wealth management, loans, deposits, etc. Just as important is the opportunity that ONDC will provide banks to deepen their relationships with Current Account customers. India’s SMEs in particular have begun to gravitate towards fintech players and if this trend intensifies, it can spell trouble for corporate banks. Given that ONDC is designed to attract large numbers of SMEs, it affords banks a good opportunity to build and strengthen their relationships with customers in this segment by offering a larger portfolio of services, including working capital loans, Capex loans, export credit, etc. Thus, banks that choose to be part of ONDC can expect to capture greater mindshare (and hence, wallet share) of customers who choose to be active on the ONDC network. Given the “all-digital” nature and national/global reach of the ONDC, banks no longer need to worry about catering only to “local” customers (whether retail or corporate). Across segments, ONDC can help banks reduce costs of customer acquisition and service delivery, thereby boosting profitability and margins. Banks will need to upgrade their technology stacks to benefit from ONDC To offline merchants/sellers, banks either offer QR codes or PoS-based payment solutions or Open Banking based Payment Gateways to e-commerce players. Therefore, banks need a deep integration of their mobile apps with those of partner merchants and/or aggregators to enable customers to use their mobile banking apps. The objective is to build stickiness for the banks’ mobile apps, but the absence of an industry-standard protocol makes this expensive and time-consuming. All this will change with ONDC. Instead of direct integration with merchant apps, banks will need the capability to connect with the ONDC platform using a standard Beckn protocol, which is an “open, interoperable and universal transaction protocol to enable a decentralized digital economy,”(source: beckn). This will enable customers to use the bank’s app to: · easily register on the ONDC platform and discover products/services; · search for products/services they need using criteria such as geo-location, sellers, price ranges, etc.: · Make purchases; and · Manage returns and resolve disputes more easily and speedily. Provided banks are ready with the necessary technology components for ONDC, they can thus deliver access to a wider range of products/services as well as a smoother customer experience. Merchants joining ONDC will expect banks to provide a complete Digital Commerce solution that seamlessly integrates offline/online registration on the platform with transaction experience and banking services such as collecting customer payments and paying suppliers. Banks

Understanding ONDC and what banks must do to benefit from it Read More »

Things you must know about Tokenization — talk of the town

After the industry requested more time to comply with the latest data security rules, the Reserve Bank of India mandated the implementation of tokenization of card transactions, with a deadline of June 30, 2022, which is further extended to September 30, 2022. So, what exactly is tokenization? And how would it aid in the security of online transactions? Tokenization is a process of replacing sensitive information with non—sensitive information [token]either completely or partially, rendering the token useless for the unintended users. Tokens are irreversible, original data cannot be derived back using a key, unlike the cryptographic process. It follows the principle of ‘pseudonymization’ [Pseudo Anonymization or simply put alias or surrogate] for sensitive data like Aadhar, SSN, Credit Card, Bank ac/c, phone, or DOB. A tokenization system links the original data to a token but does not provide any way to decipher the token and reveal the original data. For e.g. in the case of a card/PAN, Token PAN is generated using the Format Preserving Hash which is irreversible PAN, and Lunch’s check is passed on the same so all the card validations on the token are also successful and follow card network rules. Original PAN: 7654 1111 1111 1111 Token PAN: 6667 2397 1422 2655 [Identical to PAN but of no value for a bad actor as it cannot be used without the valid Token Requestor and Merchant Id combination.] Any token generated for a card will inherit the key attributes of the original card e.g. expiry date, product code, card art, etc. Tokenization is a secure method of storing payment information. In essence, a token (an alias or a Pseudo number) is generated for the stored payment card. As a result, simply possessing the token does not grant you access to the card information without first passing through the tokenization system. When we apply this to the real world, we can see the benefits. Consider a website that sells specific products but also offers recurring deliveries. When a client purchases from the website for the first time, they will enter their credit card information themselves; however, for recurring transactions (such as the delivery of specific cosmetics on the first day of each month, for example), the information must be stored by the website in order for a monthly payment to be made. If card information is not stored securely, unauthorized personnel or even bad actors can gain access, causing a nuisance for the consumer and a serious problem for the merchant resulting in chargebacks. To solve this problem in the simplest way possible, we turn to tokenization. When a client first enters his card details, the payment platform collects the information and sends it to the tokenization system, which returns the token to the website and processes the payment. The token will be stored on the website in conjunction with the information entered during the registration process. For a Standing Instruction when the merchant website needs to charge the client on a recurring basis, it will simply send the amount and the token to the payment platform. The payments platform will then send the token to the tokenization system, which will map the card number against the token and complete the transaction on behalf of the customer. The website does not need to store the actual card details to process recurring payments using this method, and the payment process is limited to the dialogue between the tokenization system and the payment platform, both of which have high levels of security. Tokenization inherently uses a pseudonymization process to replace sensitive data with random data. Card tokens are intent-based which is unique per merchant. Card tokens generated at one merchant cannot be used at other merchants. In case of any data compromise at a particular merchant/entity, it cannot be used for any other purpose. Even if the bad actor wants to use the stolen token at the same merchant, they will also need the cryptographic keys to initiate any transactions which are almost impossible to get access to organization cryptographic keys. Hence tokenization makes the data storage, data transmission, and data usage very secure without worrying about misuse. In this case, the user would simply delete/cancel the token for a particular merchant only as opposed to canceling the card and managing storage at all other locations Because online shopping is becoming more popular by the day, cybercrime has skyrocketed so as data proliferation, both businesses and their customers must now rely on secure online solutions for all types of transactions. This means that more credit card information is being stored and processed, providing more opportunities for cybercriminals. Security solutions such as tokenization are arguably more important than ever before, as they can assure clients that their sensitive data is much more secure, thereby fostering trust and loyalty between businesses and consumers. Benefits of tokenization on your cards : · With rising subscriptions and recurring economy, intent-based unique tokens enable users to manage multiple subscriptions (COF or SI) very securely · Can be used for an online card on file and device-based tap n pay contactless payment on mobile devices · Greater protection against data theft due to higher storage security · Higher customer control to view and manage tokens and set controls · Bring standardization for card storage across the ecosystem rather than every entity implementing their own standards The Wibmo Areion ‘Token Hub,’ built in accordance with EMVCo standards, is the only unified tokenization solution for merchants, acquirers, Issuers, and Fintechs. It ensures that you are in compliance with the latest RBI guidelines while also providing a frictionless payment experience. To find out more, write to: sales@wibmo.com Author: Ravi Battula, Vice President, Merchant Acquiring Business Wibmo A PayU/Naspers FinTech Company Card Payment, Card Token, Digital Payment, Online Payments, Tokenization

Things you must know about Tokenization — talk of the town Read More »

Why is Biometric Authentication becoming the headline in the world of Digital Payments?

The last decade has witnessed a progressive adoption of technology in almost all the industry. Few industries like banking and fintech have embraced the technology to grow in leaps and bounds. The revolutionizing spread of internet has ushered in an incredible increase in the number of the users and in turn the addressable market. The hitherto latent yet humongous body of rural population is today enabled with fintech services like online payment and transaction and even Ecom. The one word which has propelled the whole population into the digital payment however is rather old fashioned -TRUST Let’s dive deeper with an example. When a small business owner from a village in Bihar pays a vendor residing in another state, he needs be assured that the payment would indeed be done. Similarly, a migrant labourer, slogging in the southern state need to believe that his hard earned money is indeed going to reach his family in a matter of minutes if not seconds. However both the people also need assurances that it would be paid only to the intended parties and not to anyone else! Authentication: The foundation of trust in the digital payment space Authentication is used most commonly to assure the consumers of reliability. However, the question remains if the authentication mechanisms used currently produce the highest levels of trustworthiness. Let’s delve into the circumstances where multifactor authentication is the best option. The following two out of the three ways have proved to be a strong medium for payment authentications: · Possession: for example, a documented identify or device, etc. · Knowledge: for example, a password or secret, etc. · Inherence: for example, their fingerprint, hand, face, etc. History of Biometrics — An evolved tool used in payment securities Although biometrics go way back into human history, the contemporary commercial usage of biometric authentication began in the mid-nineteenth century using fingerprints by William James Herschel, a British administrator in India. Biometric authentication gained popularity among consumers and service providers with the rising usage of feature-rich smartphones and other devices enabled with high-resolution cameras. The instant gratification was stoked with the biometric authentication as it is based on the biological traits which are unique to every individual and cannot be faked. One of the most widely used examples of biometric usage is that of Aadhaar card in the Indian Market: All Indian residents are given an Aadhaar number, which is a 12-digit unique identification number. This figure is derived from their biographic and biometric data (a photograph, ten fingerprints, two iris scans). The concept was originally related to government subsidies and unemployment benefits, but as its authenticity is proved, it now includes a payment scheme. The growth of biometric payments in a post-pandemic world According to global surveys, the pandemic has heightened awareness and acceptance of biometric payments. This popularity doesn’t show any signs of abating as we step into the post-pandemic era, thanks to a focus on sanitation and contactless payments. Biometric authentication is popular due to the simple and uncomplicated process that it entails. Unlike the conventional authentication techniques, which suffer from glitches like not getting an OTP or issues with the strength of the internet network. Biometric payments are becoming more popular in large and densely populated countries such as Russia, South Africa, Kenya, Nigeria, Ukraine, India, and others. Consumers sense the simple and foolproof option of biometric authentication is safer, quicker, and simpler. Biometric authentication provides several advantages over knowledge-based and possession-based authentications: 1. It’s universal, as these metrics can be found in every human. 2. It is unique. 3. It is permanent, as metrics like fingerprint or dental don’t change. 4. It can be easily recorded if the consumer wants it to be so. 5. Finally, it can be measured for comparison and cannot be falsified. Conclusion: Though there have been cases where Biometric authentication based on statistical algorithms may occasionally provide false positives, resulting in erroneous results, the benefits of using biometric authentication for digital payments outweigh the drawbacks. This is causing a significant shift towards its adoption, and it seems to be continuously growing. In a diverse socioeconomic environment like India which has a population that is both cost-sensitive and aspirational, there is no other solution that can beat biometric authentication. Author: Shatrughan Sharma, Global Head- Payment Security Wibmo A PayU/Naspers FinTech Company Authentication, Biometric Authentication, Global Digital Payments, Payments, Secure Payment

Why is Biometric Authentication becoming the headline in the world of Digital Payments? Read More »

Identification, Authentication, Authorisation — Know the Difference

We undergo the process of Identification, Authentication, and Authorization every day in both physical and digital worlds. Let’s first start with the physical world. You have been planning for a weekend vacation for a long time but have been stalling because of the busy work schedule. After months of long hours of work, you finally find a weekend for a getaway. After work hours you meticulously plan the vacation — the place to visit, the hotel to stay, the to-do activities, and whatnot. Finally, the getaway weekend has arrived and the first thing that you do after reaching your destination: is Check-in into the hotel 1. Identification — You walk to the hotel reception and mention that you have a prior booking at the hotel. The first thing the receptionist asks is for your name. The receptionist then checks through the register to confirm of your booking. By providing your name, you claimed your identity. Your name, more or less, is unique and used for identification. 2. Authentication — Once the receptionist has got your name in the booking register, you are asked to present an ID card. The ID card verifies that you are the person whose name is on the reservation Here, the ID card facilitates the process of authentication and verifies your identity. 3. Authorisation — After the receptionist has done the necessary authentication process/paperwork, you receive a guest keycard. The guest’s keycard grants you access to your room, the guest elevators, and the pool — but not other guests’ rooms or the service elevator. Hotel employees have a service keycard, authorized to access more areas of the hotel than guests are. You enjoy the next few days to the fullest and finally be well-rested and rejuvenated. It’s time to go back to your work and give your best. It’s time to check out and walk to the reception desk. You hand over your card to the receptionist to pay the bill. At this moment you have jumped into the digital world of identification, authentication, and authorization. 1. Identification — The receptionist puts your card through a POS terminal. The information stored on your magnetic strip/EMV chip enables the banking systems to identify your valid account details — a bank that has your account, your account details, etc. Here the information on your card’s magnetic strip/EMV chip is analogous to your name which you used during check-in. 2. Authentication — You are then requested to enter your card PIN. Your card PIN is confidential to you — only you know it (an ideal case). By providing the PIN, you establish the validity of you being the owner of the card, associated with the bank account. The PIN authenticates that you are the owner of the bank account, from which money would be transferred to the hotel for its services. 3. Authorisation — There are multiple stakeholders involved when you are making transactions through your card. The bank in which you have your account, the card networks — Visa/Mastercard/Amex/Diners, the bank which has the hotel account, the software provider for the POS terminal, etc. Each stakeholder has a specific role to play. For example, the bank — which has your account- confirms that your account has enough balance amount. It then authorizes the deduction of the bill amount from your bank account. It may seem that all three steps — identification, authentication, and authorization are inseparable. But that’s not true. Remember the last time you uploaded a file on your Google Drive/One Drive and shared a public link. Here, you have authorized anyone with the link to access that file without any prior identification or authentication. Probably, the value of the file is far less than the value of the money in your bank account. Hence, the banking world uses cutting-edge solutions to predict, prevent and detect fraudulent transaction attempts on your card. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Authentication, Authorization, Digital Payment, Identity Management, Security

Identification, Authentication, Authorisation — Know the Difference Read More »

Why cultivated BFSIs are moving from Cyber Defense to Cyber Resilience

Cyber threats like APT (Advance Persistence Threat), Malware, hacking, phishing, ransomware, and distributed denial-of-service (DDoS) attacks have the potential to cause enormous challenges for organizations. Not only can companies suffer serious service disruption and reputational damage, but the loss of personal data can also result in huge fines from regulators. Some experts define cyber defence as preventing hackers from attacking your network and accessing your systems and data. Cyber resilience, they may view it, is about responding and recovering after an attack has happened. While they position cyber defense and cyber resilience as two separate activities, the reality is more complex than that. Cyber security can be seen as the first step in cyber resilience meaning any cyber resilience strategy must encompass cyber security. This blog explains more: If we map these two strategies with NIST -CSF (Cyber Security Framework), Cyber Défense is limited to Identify, Detect and protect pillars, however, Cyber Resilience also touches other two pillars i.e. Respond and Recover. It should be clear by now that cyber security and cyber resilience are different but symbiotic. Some companies do still treat them as separate and inter-related solutions, often establishing cyber security and resilience policy frameworks and strategies. However, there is more value when cyber security forms an element of overall cyber resilience. Why Cyber resilience over cyber security? Cyber resilience starts with nailing the cyber security basics; at Wibmo, we call it “doing the common uncommonly well.” This includes regular risk assessment, patching vulnerabilities, detecting and mitigating threats, and awareness on how to defend company assets. But we need to be doing these things continuously, not just once a year. The aim of cyber resilience is clear enough: to ensure operational and business continuity with minimal impact. But the reality can be harder to pin down because there’s currently a no good way to measure cyber resilience. As leaders, we need to have a certain level of confidence in our ability to respond to an attack, to maintain our customers’ trust, absorb the financial, legal, and brand impact and get back to business. But there is no widely-accepted cyber resilience framework, no maturity model, and I think there should be. The four elements of cyber resilience: I recommend a four-part approach to cyber resilience: 1. Manage and protect The first element of a cyber resilience programme involves being able to identify, assess and manage the risks associated with network and information systems, including those across the supply chain. 2. Identify and detect The second element of a cyber resilience programme depends on continual monitoring of network and information systems to detect anomalies and potential cyber security incidents before they can cause any significant damage. 3. Respond and recover Implementing an incident response management programme and measures to ensure business continuity will help you continue to operate even if you have been hit by a cyberattack, and get back to business as usual as quickly and efficiently as possible. 4. Govern and assure The final element is to ensure that your programme is overseen from the top of the organisation and built into business as usual. Over time, it should align more and more closely with your wider business objectives. Benefits: A cyber-resilient posture helps you to: Reduce financial losses; Meet legal and regulatory requirements: Improve your culture and internal processes; and Protect your brand and reputation Author: Pravin Kumar, CISO Wibmo A PayU/Naspers FinTech Company Cyberattack, Cybercrime, Cybersafe, Cybersafety, Cybersecurity

Why cultivated BFSIs are moving from Cyber Defense to Cyber Resilience Read More »

Prediction, Prevention, and Detection of Fraud Attempts, the key to faster payment processing

The global digital payment market size is expected to grow from USD 89.1 billion in 2021 to USD 180.4 billion by 2026. The promotion of digital payments worldwide and the increasing penetration of smartphones are major contributors. Besides, the pandemic has accelerated the adoption of contactless and wallet payments. India, too, saw exponential growth. Thanks to 1 Billion cards and more than 2 Billion prepaid payment instruments like wallets and other digital payment modes. But, cyberattacks are a major roadblock in the growth of digital payment solutions. These global attacks are the most critical challenges that the payment industry has been facing. New and evolving cyberattacks affect businesses by breaking into payment systems to get cardholders’ data. The evolving frauds include : a) Friendly fraud — Fraudsters make the purchase on a credit card, receive the product or service. Then demand a refund for a lost or short-shipped order, or file a chargeback through their credit card issuing bank. With the intention of receiving a full refund of the purchase amount. b) Affiliate fraud — Refers to any unscrupulous activity conducted to generate commissions from an affiliate marketing program. Newer types of affiliate fraud include using stolen data for lead generation or stolen credit cards to generate sales. c) Botnets- Submit large numbers of transactions to test the viability of stolen payment card credentials. d) Phishing — Fraudulent communications, through email, text, or call, that appear to come from a reputed source. e) Velocity attacks — Multiple monetary authorizations seeking to detect an active account and decipher CVV/Expiry Date values of a set of cards within a BIN range. f) Triangulation — Fraudster is the middleman between a customer and an unsuspecting merchant. The customer places the order through the fraudster (impersonating as a merchant). Then the fraudster uses stolen credit card information to buy those goods from a legitimate merchant. It is estimated that 9 million identities are stolen each year in the US alone, with a new victim of identity theft every two seconds. Since many people do not report identity theft, no true number of victims exists. According to the Central Statistics Office (CSO), by 2021, loss from cyberattacks would rise to US$ 6 trillion from US$ 3 trillion in 2015. The growing number of cyberattacks is a hindrance to the adoption of digital payment services. In a recent study by YouGov and ACI worldwide, consumers are increasingly concerned about digital payments fraud. As a result, exercise greater caution when using digital payments compared to a year ago. 71% of consumers are more concerned about scams and fraud because of Covid-19, compared to 47 percent of consumers last year at the onset of the pandemic. The study also indicates that banks continue to be the preferred first point of contact in event of fraud. Around 60% of respondents would first call their bank to block their account or visit the bank branch to file a written complaint. Though worldwide initiatives towards customer awareness are on the rise, the banks will need to continue to lead the way not only by increasing customer awareness but also by deploying modern and robust enterprise-level fraud management solutions. For a delightful customer experience, banks need to predict, prevent and detect fraud attempts even before the payment processing to pave way for frictionless digital transactions. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Fraud, Fraud Detection, Fraud Prevention, Global Digital Payments, Online Payments

Prediction, Prevention, and Detection of Fraud Attempts, the key to faster payment processing Read More »

What is Risk-Based Authentication and why banks should implement it?

Driven by the trifecta of smartphone penetration, low-cost data rates, and higher incomes, the Indian e-commerce market was expected to grow to US$ 200 billion by 2026. Covid-19 has caused an inflection point for the e-commerce market in India. A Bain & Company-PRICE survey of 3000 households across income groups and geographies which was conducted between April and June, revealed about 13% of respondents buying online for the first time, while about 40% buying more online. An NRF survey showed that nearly 6 in 10 consumers say they are worried about going to the store due to fear of being infected. Figure 1: Growth of credit cards in India (Source: RBI database, Bank-wise ATM/POS/Card Statistics various years) The majority of the growth is from online shoppers in Tier 2 tier 3 cities. The pandemic has also seen a surge in UPI transactions. While credit cards did a total of 185 million transactions delivering a value of INR 805K million, UPI delivered a staggering 3654 million transactions with a value of INR 6543K million as per RBI and NPCI statistics for Sep 2021. Key Challenges and Solutions: With the spectacular growth in the eCommerce market sophisticated online payment frauds and threats have mushroomed too. An e-commerce transaction involves multiple entities at various stages, such as the marketplace, merchants, payment gateways, financial institutions, apart from the end consumers, and each of them can act as a vulnerability or attack point for malicious actors. For example: The end customer fraud making fraudulent claims, chargebacks, fake buyer accounts, promotion/coupon abuse. Malicious fraudsters involved in account takeover, identity theft, card detail theft, etc. Data leaks compromise millions of consumer details every year contributing to digital fraud through impersonation globally. Fraudulent merchants who could deploy “bust out” merchant fraud and transaction laundering mechanisms to defraud acquirers. However, transactional and identity security is not the only concern of financial institutions. This must be balanced with customer experience. Customer loyalties now lie with merchants and banks that offer the best experience in terms of convenience, speed, and security. With the myriad of devices, payment authentication options, and processes every digital bank faces the ultimate challenge of balancing optimal security and a seamless customer payment experience. This is where Wibmo’s Trident FRM makes a difference. Trident FRM is a comprehensive, omni-channel, risk-based authentication (RBA) solution that identifies and manages fraud in real time. It does so by building a holistic customer profile from diverse data points. Figure 2: Risk-Based Authentication A customer’s transaction journey begins on a checkout page or a bill payment action or when a customer does a fund transfer (wire transfer). These actions result in the customer connecting to the bank’s server and the bank’s server is an integration point for Trident to evaluate the risk of every transaction done by the user in real-time. Trident uses the data it receives from multiple channels and devices. Data comes in various forms, like: Transactional data: Card number/account number/phone number, amount, currency, merchant or payee information, billing, and shipping addresses. Location data: Terminal id, IP address, approximate latitude and longitude, ISP data. Device data: (SDK App ID, Browser information, proprietary device-fingerprinting) User information: Time of the day for this transaction and any deviations from past customer behavior using historical data. With more than 100 data points (in the case of online e-commerce), and a powerful set of operators Trident can write rules for almost every fraud scenario using an intuitive rule builder screen. In addition, Trident employs advanced analytics and machine learning algorithms to generate a real-time score and decisions for every transaction. The decision can be one of the following: Low Risk: These are transactions that can be ALLOWED to proceed without challenging for OTP thereby delivering a seamless customer experience. In Wibmo’s experience, more than 90% of the transactions fall under this category. Medium Risk: Transactions that are suspected are risky enough to challenge using a multi-factor authentication method. High Risk: Transactions that are suspected to be very high risk and suggested to be declined. Any suspected fraudulent transaction is marked as a case for automated action or manual investigation and closure in the Case Management portal. An efficient case management portal drives both proactive and reactive fraud cases using consolidated data across channels. It also generates various reports that are required for regulatory and compliance purposes. Benefits of RBA are: Reduced financial losses due to fraud. Customer delight due to seamless payment experience. Improved compliance with local and global regulatory requirements. Reduced total cost of operations by managing fraud cases efficiently and limiting the number of cases routed for manual review. Impact Analysis: So, a frequently asked question is: What is the impact of doing risk-based authentication? For a credit card online purchase (card not present) scenario, RBA using Trident delivers almost 6–8% improvement in success rates for banks and almost 40% reduction in latency for completing the transaction for the end customers. To put this in perspective, as of Dec 2020 with an average ticket size of credit cards was Rs 3,653 and with 20 lakhs transactions per month for online transactions, for a given bank and assuming a 1% MDR, this is an additional uptick of 43 lakhs every month. Wibmo processes cards not present transactions for many of India’s largest banks. For a large bank with more than 150 lakh transactions, we were able to save close to Rs 5 lakhs in a month. Conclusion: As transaction volumes are set to grow in double digits year on year, and as customers expect to transact from anywhere using multiple devices, the threat of increased online fraud becomes more real. Customers want speed and convenience balanced with security, therefore, banks that deliver the most optimized services will win customer loyalty. Hence, it becomes imperative for issuers to be integrated with robust, omnichannel fraud detection and prevention risk engines. RBA solutions such as TRIDENT FRM is a cost-effective solution that empowers banks to stay one step ahead of fraudsters and deliver delightful customer experiences which they have come to expect in today’s digital world. Author: Ajit Nair, Director Product, and Programs Wibmo A

What is Risk-Based Authentication and why banks should implement it? Read More »

Faster and Convenient Authentication

Before the invention of the steam-driven railways in the 1800s, mankind was dependent on animal pulled wagons to transfer goods. The Tanfield Wagonway in England, the first large-scale railway, used horses to haul coal-filled wagons from the mining village of Tanfield. On the lookout for faster and more convenient forms of transportation, evolved from horses driven wagons to steam engines, from steam to diesel, and from diesel-driven to engines driven on electricity. Fast forward to the 21st century, the world is experimenting with hydrogen-powered trains. Consider the banking industry. Though there is no trace of the word ‘banking’ before the 1600s, the practice of safekeeping, saving, and transacting money can be traced back to the temples of Babylon. The Arthsashthra, written by Chanakya around 300 BC, has mentions of ‘hundis’ or letter of transfer. Had the banking industry failed to ride the technological horse, money transfer initiated through hundis would have taken days or at least hours, to reach the designated payee through the fastest railroad. Thankfully, the banking industry learned to ride the technological horse and today with the help of electronic transfer can facilitate the process of money transfer. Electronic transfer not only made money transactions faster but also convenient for the people, who were saved from the age-old hassle of going to a nearby branch and waiting for their turn in the long queues at the bank teller. Can money transactions be made faster and more convenient for the customers? The movement of the electrons, involved in the electronic transfer, cannot be made faster with current feasible resources nor the customers can have a more convenient experience in making transactions from the comfort of their homes. The only way to provide a better — faster and convenient- banking service could be through optimization of steps involved in internet transactions. A large part of the processes involved in electronic money transfer is dominated by Authentication or security — ensuring the money transfer takes place from the genuine customer. The introduction of OTP has been a major advancement in the banking industry. However, it is the one step that may be loved by the banks but hated by customers, especially when the OTP fails to arrive on time or when the user makes a mistake. Removing OTP altogether poses a serious threat to security and thus banks still rely on OTP services for user authentication. This brings us to the question — How authentication can be made faster and more convenient? Is it possible to have convenient security? The answer lies in DATA. Let’s consider a simple case of house-rent transfer. A genuine user would be transferring the same house-rent amount month after month to the same account, using mostly the same wifi connection (ISP), the same laptop/mobile, and may be even on the same day of the month. A fraudster, for sure, wouldn’t be so generous to take the pain of paying rent on the user’s behalf. All the parameters above can be easily tracked and monitored with data. The answer to a “Faster & More Convenient Authentication/Security” lies in identifying the right set of data and formulating them into risk assessment. Higher risk should demand stricter authentication whereas lower risk should lead to faster and convenient -frictionless transactions, paving way for customer delight. The pandemic has accelerated the adoption of cashless transactions across the globe and is forcing the bank, more than ever, to evolve in order to meet the demands of smartphone-led online shopping culture, with cards and digital wallets rising in prominence. Banks need to leverage data and segregate high and low-risk transactions in order to provide ‘faster and convenient authentication to their customers. The demand for a fast, reliable, secure, and frictionless payment experience by customers requires banks to adopt fraud detection systems, which leverage the power of data through advanced machine learning technologies. When it comes to detecting subtle patterns which help in the identification of fraud transactions, machines are more effective than humans. Today, irrespective of the field, the power to leverage data, to provide ‘faster and convenient service, is one of the biggest assets for any organization. The faster and higher the convenience, the greater is the customer delight. The greater the customer delight, the higher is the customer loyalty. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Authentication, Digital Payment, Fraud Detection, Payments, Paytech

Faster and Convenient Authentication Read More »

How did we make Wibmo GDPR ready in 6 months?

A brief about GDPR GDPR is the world’s most strictly enforced set of data protection rules, enhancing how people can access information about themselves and limiting what organizations can do with personal data. GDPR’s full text is a cumbersome beast with 99 individual articles. The regulation in the EU, which replaced the previous 1995 data protection directive, serves as a framework for laws across the continent. After more than four years of debate and negotiations, the GDPR’s final form was adopted by both the European Parliament and the European Council in April 2016. At the end of that month, the underlying regulation and directives were published. GDPR went into effect on May 25, 2018. Countries in Europe were given the ability to make minor changes to better suit their own needs. This adaptability resulted in the creation of the Data Protection Act (2018) in the United Kingdom, which replaced the previous Data Protection Act of 1998. Driver for GDPR Wibmo currently has a large presence in India, Asia, Middle East, and Africa. And we aspire to enter the European market with our flagship service offering such as Authentication solutions and Fraud Risk Management solutions. We foresee that with increasing dependency on technology and digital products, we can offer seamless services to the European market. Moreover, with the expansion of the European Union, the EU market seems to be more lucrative to capture a large clientele base with a common regulatory framework and processes. Journey to GDPR readiness We performed initial due diligence with regards to GDPR articles and realized that it falls under the category of “Data Processor” as the majority of Personally Identifiable Information (PII) are not captured by themselves. These PII are shared with us by our customers/banks (controller) to whom we provide services. Then we defined “Security and Privacy by Design” principles and implemented them across the organization. To make everyone aware of these principles, we also provided mandatory training to all our employees on this subject through the “OneTrust” training tool. We performed a check for applicability of GDPR Articles and prepared a Statement of Applicability (SOA) which listed the set of GDPR Articles applicable to it. As a next logical step, we engaged with a Big4 consulting firm to perform gap assessment vis-à-vis processor control requirements. The gap assessment covered below domains: 1. Governance and Operating Model 2. Legal and Regulatory 3. Data Privacy Policy 4. Data Management 5. Privacy by Design 6. Security for Privacy 7. Third-Party Management 8. Data Subject Access and Requests 9. Consent Management 10. Training and Awareness 11. Breach and Incident Management 12. Business Unit Processing Activity (BUPA) 13. Data Privacy Impact Assessment (DPIA) The identified gaps were categorized in the areas of People, Process, and Technology. Then we created several policies and processes with the help of the global privacy team to comply with GDPR articles. To name a few policies and processes — Cyber Security and Privacy Incident Process, Data Subject Request Handling process. We also defined Business Unit Processing Activity (BUPA) and Data Privacy Impact Assessment (DPIA) for applicable business processes. We also enhanced our systems following a robust Change Management process to address some of the technology-specific gaps. We organized several awareness sessions and training on Privacy and Security controls requirements to ensure that the entire company stands in unison with regards to GDPR expectations. We are very pleased to share that the identified gaps have been successfully remediated. The remediation evidence has been shared with consulting partners for independent verification and closure confirmation thereafter. In addition, we have established a dedicated team for enforcement, implementation, and ongoing support of the GDPR compliances. Finally, we got a much expected and long-awaited tagline that “Wibmo is a GDPR-ready organization”. This compliance would help our business team to attract customers based out of the EU region which will make us globally the number one authentication service provider. Lastly, we would like to extend a big thanks to all our customers, employees, vendors for their seamless support in this journey. Author: Pravin Kumar, CISO Wibmo A PayU/Naspers FinTech Company GDPR, GDPR Compliance, GDPR Training, Security

How did we make Wibmo GDPR ready in 6 months? Read More »

What are Pre-Paid Cards and how do they work?

By referring to Prepaid Cards, we first need to agree on what do we understand by Prepaid Card, and how do we see it? Do we see it as a closed card program or an open card program? Many get confused in the definition of what exactly is a Prepaid card? A Prepaid Card can be defined as a secured card (a plastic) that enables users to process transactions in order to make purchases of goods and/or services. We can then say that we do have two types of Prepaid Cards: Closed Card Programs. Open Card Programs. A Closed Card Program is usually referred to as a closed-loop, mostly in the form of Gift Cards, used by many stores. On the other hand, an Open Card Program is usually referred to as a debit card, which is linked to a bank account. Both solutions could be referred to as Prepaid Card solutions; however, one does not require the need of having a bank account but for the other, having a bank account is a must. To some extent, some countries around the world are now initiating closed-loop programs, as a debit card, for domestic card transactions. For instance, a country may opt to have a closed-loop domestic card program that can only be utilized in the country, in form of a domestic prepaid card scheme. In today’s world, Financial Institutions (FI) are working hard to promoting Financial Inclusion by providing financial services and/or products to customers at a very affordable cost. However, despite, the efforts and times put together by Financial Institutions, the results for getting everyone inclusive into the Financial Ecosystem is still low. Therefore, FI is constantly improving their products/solutions in order to meet customers satisfaction by positioning solutions such as Prepaid Cards in order to make inclusion attractive. That is why, to meet customer’s satisfaction, Financial Institutions have opened up to the closed/open loop payment program to reach out to all markets and/or segments. These programs have been put in place to solving problems for Consumers, Retailers, Corporates, and Governments. The benefit of those cards is that consumers can make use of the solution to make a purchase, pay bills, transfer funds, and/or withdraw cash from an ATM, Merchant/Retailer stores, or an Agent (Agency Banking), in a very convenient and secure way. Prepaid Cards used by the bank (“the debit card”), can also be offered to customers who do not qualify for credit facilities. By these means, the bank is offering a product to customers which will enable them to transact by using their own funds. On the other hand, Retailers or Merchants are also offering similar solutions to customers in form of Gift Cards, for instance, as previously mentioned. Once a Prepaid Card has been offered to a customer, the Service Provider will immediately issue a card to the customer in order to enable the customer to start transacting from day one. Nevertheless, to make this mechanism fully functional: A plastic card will have to be issued to the customer. Customer will have to load own funds onto the cards. The card will have an Expiring Date, Card Number, and a PIN. Customers can now start transacting. Yet, for Prepaid Card such as Gift Cards, cards can only be used within a network of retailers, and most of the time, the card does not have a PIN number for acceptance of transactions. However, transactions are authorized on a signature basis. So, Prepaid cards could be considered as a fast-growing segment for Retail Banking and Merchant Services Industry despite entries of new innovative payment technologies. Author: Nsele P. Bokuma, Director-Sales, South Africa Wibmo A PayU/Naspers FinTech Company Card Payment, Digital Payment, Online Payments, Prepaid Card

What are Pre-Paid Cards and how do they work? Read More »

How to prevent identity theft?

With unprecedented growth in online transactions, it is no surprise that online fraud has increased. One of the major malpractices is identity theft. In a country like India which is striding towards the number one position in online shopping, the rise in this kind of fraud cannot be overlooked. Accessing and retrieving personal information is a child’s play in an increasingly digitized country like India. With social media and the deep web or darknet getting more and more accessible to a larger population, the prevalence of identity theft is getting increasingly difficult to control. Who can be the victims of Identity Theft? Have you used your Credit or Debit card to shop online/POS? Have you paid the utility bills using your Card? Have you used UPI or other payment methods? In short, anyone who has used plastic money is in danger of identity theft. Everyone who has shopped online or used any payment portal using their payment credentials is at risk of falling prey to synthetic identity theft. It is, in essence, stealing your identity i.e., impersonating you digitally, and riding on your credibility and creditworthiness. It is done by gathering data that confirms the identity like phone number, Aadhar card number, or PAN card number along with Bank Account number and utilizing this data to impersonate and transact digitally. With widespread social media and the data captured by almost all websites, it is nearly impossible to stay completely private. The Conditions favouring Identity theft In a densely populated country like India, identity theft is spreading like a disease more due to Cyber security laws are in place but reporting and actual implementation of those laws is not easy in a developing country like ours. It is getting easier to lay hands on social security details like Pan and Aadhar Data breach is increasingly difficult to prevent crime by identifying the perpetrators and isolating them. Also, the timeline that the entire fintech industry works, is very limited i.e., the journey of the card to merchant to verification or access control and back to the transaction approval takes just thirty seconds on average. This renders a very small window to our lenders but an easier getaway to the fraudsters. It, therefore, makes more sense to fortify defences at our end through our payment gateways. Usage of multi-layered security makes it a herculean task to track perpetrators while they on other hand enjoy accessibility from any corner which has internet. The Impact It is an indisputable fact that digitization of the financial transactions in India has accelerated beyond what the experts forecasted. Part of it was contributed by the covid waves and the awareness of “cashless transactions and contactless delivery”. It can however not be denied that as the younger population of the country is swelling, we find a major part of the population turning net-savvy and preferring mobile transactions. They demand seamless experience and connectivity through IoT. This has not only provided traction to digitization but has also enhanced the effectiveness of creating an antifraud and secure transactional environment to retain the credibility of the digitized transactions. Role of FRM like Trident in Detection of fraud The simple logic that Wibmo uses is that the more you know your customer, the more difficult it becomes for the fraudsters to impersonate you. E.g., while a person might impersonate another with a banker, it is almost impossible to impersonate him with his family. The difference lies in the fact that the family knows the person in question too well. This is the exact logic we use at Wibmo through our TRIDENT. In essence, the more you use our services, the more difficult it becomes for fraudsters to steal your identity. Collecting various data points through ML or machine learning offers the most effective defence against identity theft. Based on the past patterns, the current transaction can be evaluated and analysed in a fraction of seconds, and thus the fraud detection and prevention can occur without increasing the transaction time. The continuous learning by the machine will only improve as the data points collected are only going to get the virtual persona of the customer more precise. The long-term utility and credibility that such a system can give to the issuer and acquirer are worth every penny spent and every effort taken. Role of end-users in the detection of the fraud There are few steps that you can take to reduce the risk as an end-user. 1. Take time to check the authenticity of the sites where you are planning to use the card. Do not simply click on the links sent over SMS or WhatsApp or mails offering you cashback or discount vouchers 2. Download the apps from a trusted origin and use that for repeat purchase rather than using links that might have been sent to you. 3. Never share the OTP, UPI pin, and other bank details. However, at times this has been reiterated it is surprising how even the educated crowd is taken in. Do not hesitate to change them in case you even suspect them having been compromised. No one can deny that Identity theft is a very real threat but reducing our transactions fearing this is akin to not using roads fearing accidents. Neither is it fair to throw the onus of this onto the end-users or customers. The only sustainable and robust solution lies in fortifying our defences at the PG level. Author: Krishnan KN, Advisor in Wibmo’s Agile PMO Wibmo A PayU/Naspers FinTech Company Fraud, Fraud Detection, Fraud Prevention, Identity Management, Identity Theft

How to prevent identity theft? Read More »

DevSecOps — A necessity in the current landscape

Let’s start with the basics here. Traditionally, we followed Software Development Life Cycle, in short SDLC, a structured approach to develop quality software that meets customer requirements. With a rapid evolution in lifestyle, we moved to the Agile method which is one of the variants of SDLC to develop software in an iterative and fast way. While the agile methodology aims to develop a software or a component of software quicker, there is a need to deploy that component at equal speed in production set up to make it available to the user community. This development process along with the deployment process is together referred to as DevOps. Essentially, DevOps refers to the continuous integration of a software component and its continuous deployment. Now, thinking of security from the early stage of the development cycle instead of retrospectively fitting at the end of the cycle, transcends DevOps to DevSecOps. Here, we are shifting Security at the early stage of the cycle, i.e., shifting to the left of the cycle, which is referred to as Shift Left. To establish an analogy, may not be exact but a crude analogy to understand better, let’s look at some of the household work like cooking. I cook in my free time at home. After cooking, I request my wife to serve the food to family members. Here, the cooking process is Development, serving process is Operations, together with cooking and serving process is DevOps. Now, it’s important to understand in this example what is DevSecOps. While cooking, I am concerned about the hygiene of the food from the beginning, else, retrospectively fitting hygiene is very difficult. Therefore, the cooking and serving process along with maintaining hygiene in the entire process is DevSecOps. In a rapidly moving world where technology is easing the way we do business and lead life, there is a rapid increase in threats to the technology landscape by fraudsters or individuals with malicious intent. Therefore, it’s imperative that security is looked at from the very early stage of the development cycle and all possible threat vectors are identified and appropriate controls or safeguards are built into the software to protect the software and therefore protect its user community and ultimately customers. Let’s look at some of the benefits of DevSecOps. Continuous integration (CI) — merges code changes to ensure the most recent version is available to developers. Continuous delivery and continuous deployment (CD) — automate the process of releasing updates to increase efficiency. Microservices — builds an application as a set of smaller services. Infrastructure as code (IaC) — designing, implementing, and managing app infrastructure needs through code. Common weaknesses enumeration (CWE) — improves the quality of code and increases the level of security during the CI and CD phases. Threat modeling — implements security testing during the development pipeline to save time and cost in the future. Automated security testing — test for vulnerabilities in new builds on regular basis. Incident management — creates a standard framework for responding to security incidents. Fast delivery — achieve ensure fast delivery of application by embedding automated security controls and tests early in the development cycle. Enriched efficiency — higher efficiency by scanning code for vulnerabilities as it’s written. Automotive: reduce lengthy cycle times while still meeting software compliance standards. Digital Transformation: enable digital transformation efforts while maintaining the privacy and security of sensitive data per regulations such as GDPR. Code analysis — deliver code in small chunks so vulnerabilities can be identified quickly. Compliance monitoring — be ready for an audit at any time that means being in a constant state of compliance, including gathering evidence of GDPR compliance, PCI compliance, etc. Threat investigation — identify potential emerging threats with each code update and be able to respond quickly. Vulnerability assessment — identify new vulnerabilities with code analysis and accordingly analyze how quickly they are being responded to and patched. Security training — train software and IT engineers with guidelines for set routines. Source: https://accelera.com.au/ To conclude, DevSecOps is a cultural shift which means security is a shared responsibility, and everyone participating in SDLC has to a play very vital role in building security into the DevOps workflow. Author: Ravi Bhushan, Head- GRC and Ritesh Prasad, Manager DevOps+SRE Wibmo A PayU/Naspers FinTech Company Compliance, DevOps, Infosec, Risk Management, Security

DevSecOps — A necessity in the current landscape Read More »

Move to Pre-paid Cards for Simplifying your Corporate Expense Management

Tracking Corporate Expenses made easy Corporate expenses range from individual employee benefits to infrastructural allocation to individual units. Everyone has heard the terms reimbursement, employee benefits claims, and other expenses albeit through the prism depicting a myriad of reactions — most of them unsavory to put it mildly. While the corporate executives find the long process of filing expense reports and submitting the invoices tiresome and at times bordering on lack of trust, the accounts find themselves in an unenviable position of questioning, auditing, and reconciling them with the Company Budget. And when auditors do come out with systems to reduce frauds, Department heads are regularly at loggerheads with accounts over the paperwork. The sum total is interdepartmental bad blood and a constant state of tug of war that can adversely affect both the operations and the accounts. Prepaid Cards for Corporate expenses are a boon to both employers and employees. Prepaid cards are one of the best tools to manage corporate expenses. It is no secret that as the company grows so do the expenses, especially the travel and other petty expenses which form a substantial percentage of the overall budget. The bottleneck in tracking is that the disbursement is through individual employees whose numbers might run in hundreds and at times in thousands. This is where maintaining a balance between fraudulent or mistaken charges versus operationally profitable charges becomes a challenge. The prepaid card enables control over the employee spending through a limit set over time and the amount. This also reduces the massive burden of claims or reimbursements. With reduced dependency on actual cash transactions, policy adherence and automated tracking enable the auditors to access a lot of information without depending on the employees for details saving both time and faceoffs. Pointers to get the most of Prepaid Cards to manage corporate expenses. Ideally, the Prepaid cards could be a major relief, but in practice, it is possible only if certain standards are maintained in the implementation and usage of this facility. Selecting a Vendor who would equip and facilitate these services, is crucial to the successful issuance of the Prepaid cards to the employees or other stakeholders of the company. The prepaid card program must be customized as much as their budget would allow. It should strictly adhere to the company policy with separate options for both open and closed-loop programs. The cards should be configured according to the needs, specific to the company for example some might need it to be used in ATMs while others might want it to work within just the cafeteria and sister concerns of the company. Some could select merchants or categories for a certain department or particular grades. E.g., sales teams should have options to use it on online travel sites or enable multiple currencies for certain grades. Wibmo’s Prepaid solution meets all these requirements and more. Covering the whole range of corporate expenses from payroll to daily expenses and travel expenses they are easy to use and have reloading wallets backed with 24-hour customer support. With every advancement comes its own set of risks and unethical practices. The good news is that the market has vendors who can provide services and fortify them against fraud. Two-factor authentication is always recommended for such cards with EMV chips for added security. Market Proven tools like TRIDENT-FRM can be used to disable fraudulent attempts. Additional security and control can be attained through vendors who provide Host Complete back-office card operations. In short, the prepaid cards can empower the companies to control the corporate expenses thereby bring them down without much sweating whilst the employees, now more aware of the limits, need not spend their productive hours filling out expense reports and more importantly feel more trusted with their dignity intact. Author: Krishnan KN, Advisor in Wibmo’s Agile PMO Wibmo A PayU/Naspers FinTech Company Expense management, Payment Security, Prepaid Card, Reimbursement

Move to Pre-paid Cards for Simplifying your Corporate Expense Management Read More »