Last fortnight a leading Mobile Payment gateway from India
unveiled its projections to 5,00,000 online seller base by March 2017 as
compared to current seller base of 1,70,000.This portal alone facilitates 300
million payment transactions per day and has set a target of 1 billion by 2020.
As I presume this ONLINE BUSINESS IS HIGH VOLUME AND LOW
MARGIN BUSINESS.
When margins are low there are possibilities of compromises
with the security or quality of the services customers receive. As these online
companies can not compromise with bandwidth and high resolution servers they
are most likely to save by compromising on security measures. These companies
are for profit and not for charity and scrutinizing their business module it
looks more probable that they might be compromising on security.
Section 43A of Information Technology Act mandates these
service providers to follow reasonable security practices and guidelines to
protect sensitive personal data and information of the users.
Another point of worry about these payment gateways, which
have mushroomed recently, is very few legal or technical compliance required
from government end. In a rush towards fulfilling its well deserved mission of
Start up India government seems to be neglecting inherent threats in
cyberspace. The cyberspace is used by entrepreneurs, end users who are techno
illiterate and simultaneously by cyber criminals who are highly comfortable
with technology and rather are highly techno savvy.
All are cohabiting in same cyberspace and when these payment
gateways are carrying out almost a billion transactions per day collectively,
the cyber criminals are bound to found out vulnerabilities in the same and
exploit them for their financial gain. The biggest losers in this scenario
presently are the innocent online payment gateway users and more interestingly
people who don’t even opt for these payment gateways for their any transaction.
Shocked????
How people who don’t even opt for online payment gateways
can be falling prey to such frauds???
The modus operandi noticed is very simple. These fraudsters
obtain credit/debit card details and cvv code from such innocent people and
utilise same for fraudulent transactions through these payment gateways.
Payment gateways are least bothered about origin of payment or destination of beneficiary.
What they are bothered about is their transaction fees and nothing else.
There are many cases where payment gateways are unable to
provide complete authenticated details of beneficiaries. This is alarming
situation and currently cyber criminals are exploiting it very effectively. The
amount of such frauds can not be estimated with limited information available
with my organisation but I am sure its figure will be unimaginable by anybody. If
you prefer to guess you are welcome.
It’s high time that Payment Gateways must be brought under
some sort of Regulatory mechanism!!!
This regulator will be entrusted to look into all such
matters where Payment Gateways are found to be involved in some sort of fraudulent
activities. For want of such regulatory mechanism, unnecessarily Good Payment
Gateways are also being tarnished.
To avoid this situation and make people believe in this
online payment mechanism the formation of such regulator is NEED OF HOUR.
No comments:
Post a Comment