We are in an era where digital is the king. Today, everything you can imagine of, is available digitally, pleading the owner to buy it with a single left click of the mouse. What next, you just have to enter the OTP, sent to your mobile number and it’s yours. Such is the ease and this has resulted into increased amount of online purchases in the country today. But there is a huge question of security, which the ease of purchase simply engulfs!
According to data from RBI, paper-based transactions cleared through cheques in FY 2015 (April 2014 – March 2015) summed up to INR 85 lakh crore (US$1.33 Trillion) whereas cashless transactions through credit card, debit card, NEFT, and online wallets comprised of INR 92 lakh crore (US$1.43 Trillion). The total transaction amount in India – exclusive of cash transactions – reached $2.76 Trillion in FY15. Online shoppers are expected to increase from 20 million in 2013 to 40 million in 2016, as an additional 200 million Indians will access the Internet in the next three years, with majority of them coming online through smartphones, indicates a new joint study by Assocham and Grant Thornton. That is a whooping number!
With the growth of e-commerce and digital payment systems is the rise of cyber risk. Fraudsters are waiting out there for a small mistake you do and they get access to all your information including your credit/debit card details, bank account numbers and lot more. So what do you do, should you stop buying online? Absolutely not, but you can definitely be more careful and look at the finer things to be sure that you are transacting securely.
It’s no secret the payments ecosystem is vulnerable. Much like the Internet, the payments infrastructure was developed for connectivity, not for security. Now, in the face of serious cyber threats and too many exposed vulnerabilities, the industry is on a back-foot and trying to catch up.
As a consumer, it gets very difficult to know what can go wrong or know how to judge it, here are few tips
Look for ‘https’ enabled website. Such websites are usually more secure and if enabled with https, the search bar on the top of your screen will turn green.
See if the website has an SSL certificate. SSL is an encryption mechanism that creates a connection between the merchant’s website server and the user’s web browser, and encrypts the information being transferred between the both the ends. This ensures there is no message forgery, data tampering or eavesdropping from third party users, attackers or applications.
Disclose the least information. Most websites will need your credit/debit card number, expiry date, name, address etc. but it’s recommended not to save them online and also not to provide details like your annual salary, office location etc.
Don’t fall prey to phishing emails or links. Cyber thefts these days are a step ahead and they can create emails which look original but will only be at the back-end collecting information you share and re-direct you to the original and authentic website once you have entered the details.
Use virtual keypads. If your keypad is compromised, a hacker can easily see what you are typing and again has all the records. You can even use the virtual keypad your operating system provides. Though it is necessary to remember that even the passwords typed through virtual machine can be stolen.
Use debit/credit card with less balance. In a scenario when you are using a debit or a credit card with small balance/limits, the chances of it getting hacked are less. Hackers are always looking to get into accounts where the balances are large. Even if a credit card with a limit of INR 50,000 is hacked, the loss is still less.
Use net safe banking. It enables you to generate a unique virtual card number using your physical Visa Debit/Credit or Mastercard Debit/Credit Card. Your physical card number is thus safe from getting exposed on the net.
Consumer awareness and knowledge is the best way one can be safe and while the industry and the government is collaborating in making a secure online payment ecosystem. Remember, a human error can never be safeguarded. So it is quintessential, that you know the basics of cyber-security and you are aware of the possible threat.
— By Rahul Tyagi, VP - Training, Lucideus...