Online Hacking Versus Payment Gateway

All online users are aware of cybercrime. Cybersecurity framework, cyber risk assessment, and related technology investment is the need of the hour. The point is that organizations and e-commerce management companies have till now thought of cybersecurity as an add-on expense. A paradigm shift is much required. Expenses that involve developing a secure framework to ward off all kinds of cyber attacks should be an essential part of the budgeting process now for all companies that drive business through e-commerce. Cyber crimes result in not only financial losses to a company; it also ends up in an undefined loss of trust and value in the eyes of the shareholders as well as customers.

Majority of cyber crimes fall under malware with as many as 73% cases of crimes reported under this head. This type of crime occurs when a particular software gains unauthorized access to a computer system. Around 43% of crimes are related to spear phishing where email scams target individuals or organizations to get unauthorized access to sensitive and private information. A new form of cyberbullying that is fast growing is called ransom-ware. It is also a type of malware that attacks computers and does not let the user access essential files and documents on the system without paying a ransom.

It is in cognizance of this and growing risks of online theft of information and personal data that the use of a suitable payment gateway becomes a necessity. All concerned parties – government regulatory bodies, payment gateways and banks need to work closely and in complete coordination with each other to fight cybercriminals. Some of the compliance-related details are as mentioned below:-

1. For standardized security measures, the payment gateway needs to adhere to Payment Card Industry Data Security Standards (PCI –DSS) for accepting online credit card payments. Any e-commerce site that accepts card payment and transmits or processes data related to the card needs to follow the PCI rules and regulations.
2. Payment gateways are governed by the Payment and Settlement Systems Act 2007 and the Payment and Settlement Systems Regulations 2008. The Reserve Bank of India regulates both the acts.
3. Additionally, the Reserve Bank of India has also mandated that in India only banks are authorized to have payment gateways. As on date, not all banks have the gateway system in place though.
4. The Reserve Bank of India has the two-factor authentication for all online card related transactions. In this payment gateway system after the user enters his card details (debit or credit) on the e-commerce site, he is asked to enter a one-time password (OTP) that is sent to the user’s mobile number. Once the OTP is correctly entered, the purchase process is completed. However, for transactions related to mobile wallets, this authentication is not required.

With the Digital India Movement, the government of India is not only propagating digital literacy it is also helping institutes educate internet users on dangers associated with online payment and shopping.