Securing the future of Mobile Payments in India

India has come a long way in adopting the mobile phone as a communication device, from the days when one had to visit a STD booth to make a call and owning a telephone was a luxury. Today, India is in the throes of the mobile revolution with its M-Commerce market size estimated to be be approx USD 2.5 billion in 2014.

India’s tryst with mobility

With 904.51 million mobile subscribers according to the March 2014 data released by TRAI, India is one of the countries with the highest mobile phone penetration in the world and growing annually at a compounded rate of 60% since 2005.

It is expected that India would have more than 300 million internet access points by 2015 and this growth is likely to be fuelled by the growth in smart phone and tablet usage and aided by the availability of cost effective devices. IAMAI & IMRB International estimate 185 million users in India who access the internet via their mobile phones of which 32 million would be from rural India.

At present, smart phones account for 10% and tablet users account for 3% of the total mobile subscriptions in India. With 44 million sets sold in the first quarter of 2014, and with TRAI mandating minimum download speed for 3G and CDMA EVDO service at 1 megabit per second with 95% success rate, the adoption would be at an exponential rate in the imminent future. Powered by faster processors and RAMs that surpass the capabilities of personal computers, these new age mobile phones are competing with personal computers and laptops as devises for internet access.

Mobile as a mode for payments

Banks, payment services companies, telecom service providers as well as retail establishments are therefore looking at the mobile phone as a source of revenue and greater operational efficiency by facilitating convenience of effecting non cash payments to the end consumer.

Similar Read:  Top 8 Big Data Tools for Enterprise Developers

Source: Reserve Bank of India

RBI data reveals that India registered 83 million mobile transactions in 2013 (a rise of 89% as compared to 2012) indicating a behavioural change in terms of propensity to effect payments through the mobile mode. Though the total value of these transactions amounted to Rs. 161,000 million,(287% higher as compared to 2012), the ticket size of such payments are minuscule; averaging Rs. 260 per transaction according to an Avendus report (2013).

Mobile security: The thorn in the flesh

It indicates an implicit lack of trust stemming from security concerns of sharing sensitive financial information such as the bank account number and debit/ credit card details through the medium. People don’t flinch when it comes to exchanging messages on mobile chat applications or sharing status updates and photos on social media applications via the mobile, but prefer to resort to cash or cards as modes of payment due to the risk of loss of personal finances. It’s therefore imperative that the following concerns of end users associated with Remote payments (using IVR, WAP, USSD and SMS channels) are redressed through a concerted effort by all the stakeholders in this field:

“What if I lose my phone?

 “How can I protect my mobile from hackers and ensure that my personal & financial information is not compromised?”

“What if my bank balance is debited, but the payment does not go through?”

Before we venture to find answers that quell the paranoia associated with mobile payments, we need to understand that there are three elements to the security conundrum.

  • Protection of what you have (Bank account and debit/credit card details)
  • Protection of what you know (The Log-in and Transaction related Passwords)
  • Protection of who you are (Personal information)
Similar Read:  How to Deliver Software with Excellence and Economy

Staying protected

1) Secure ‘devices’ with passwords: The first step of pragmatism indeed would be for end users to secure their mobile devices with a password that needs to be entered for unlocking them. This would be particularly helpful if the mobile device has direct access to mobile banking or m-commerce apps which aren’t password protected.

This also makes a compelling case for app developers to ensure double layered security (for access as well as transaction completion) and limiting the number of log in attempts to prevent any misuse.

2) Chose passwords with alpha-numeric combination: What would be a good practice would be to maintain passwords as a combination of alphanumeric and special characters and changing them periodically. Though remembering these passwords is likely to pose a challenge, it’s recommended not to store passwords anywhere on the mobile.

Thank God for OTP (One Time Password) generation! It serves as a boon in this respect for transaction related passwords freeing our minds from the burden of remembering combinations of alphanumeric passwords.

3) Use trustworthy resources: It would be prudent for users to download payment related apps from trustworthy sources such as Google Play or the App store, given their strict adherence to quality control, after checking for reviews on popular portals and blogs.

In the event of not finding the desired app, the user can visit the mobile portal of either the bank, retail store or the mobile wallet app developer and download the app after checking for the secure HTTPS connection.

4) Avoid doing transactions on public Wi-Fi: It’s advisable not to undertake any transactions over a free public Wi-Fi network as it carries the highest probability of data snoopers to gain access to your mobile’s IP address.

Similar Read:  IoT, Big Data, BI, Data Science, Digital Transformation: Hype or Reality? Facts and Figures

5) Install Anti-virus softwares: Lastly, an updated Anti-Malware software installed on the mobile would fortify the system against virus threats.

If the above mentioned precautions are taken by users, mobile payments would be a far secure mode of payment as compared to card related transactions such as ATM withdrawals or swiping cards on POS terminals that pose the threat of sensitive data being skimmed.

Payment companies have adopted a technique called ‘Tokenization’ wherein sensitive personal and financial data gets encoded into an alphanumeric number and passes through the system to the bank which decodes it and effects the payment.

Most mobile payments facilitators have 24X7 Grievance redressal helpline for engagement as well as troubleshooting. Efficient redressal of complaints related to failed transactions besides pre-emptive fraud identification measures would boost the much needed confidence of end users.

So the next time you wish to settle your restaurant bill, pay rent to your landlord or buy the dress you always wanted from your favourite e-commerce portal from the comfort of your home without having to stand in long queues; pick up your smartphone and make the payment with confidence. It will make your smartphone ‘smarter’.

About the author: Kumar Karpe is the CEO at TechProcess Payment Services Limited. He has over 20 years of experience in Financial Technology domain. Prior to TechProcess, Kumar held key leadership positions in IBM India & ASEAN as Head – BFSI vertical.

Category  
  • Ritesh Agarwal

    I am surprised how come OTP is being seen as a boon. Worldover banks and other regulatory bodies are shying away from OTP non-sense. It not only kills the workflow due to user unfriendliness…but also discourages merchants or anyone to be patient to accept such payment mechanism.
    I find this article void of vision and I felt sorry for it.