Frauds

Next Article

Data Security Breaches and Online Frauds

Over the past six years, the system’s response to data security and fraud has evolved from the nascent to the mainstream stage. There has been a rapid growth in private-sector solutions and regulatory interventions to combat fraud and improve data security.

2016 status: Early discussions on cybersecurity issues, but limited solutions and absence of awareness among the masses.

2022 status: Increased data breaches have led to mainstream media coverage of the risk. There has been an emergence of regulatory and private sector solutions.

Key Developments

Indian Banks Data breach

3.2 mn debit cards of various Indian banks were compromised which led to numerous fraudulent activities.84

RBI’s cybersecurity framework for NBFCs

The framework outlined that NBFCs should have a separate cybersecurity policy from a broader IT/ IS policy approved by the board.85

Google Pay launches two step notification

To help users easily identify any suspicious transactions, Google Pay began to send app and SMS notifications at the moment of transaction.86

RBI’s Master Direction on Digital Payment Security Controls

The guidelines mandated multifactor authentication, encryption, digital certificates, and other controls to secure digital payment apps.87

RBI’s directives on grievance redressal & tokenisation of cards

The guidelines mandated Card on File Tokenisation to ensure safety of card details. They have also launched a centralised grievance management helpline.88

Key Trends

The sharp increase in the number of data breaches has increased mainstream media coverage.

Regulatory bodies such as RBI have ramped up cybersecurity efforts.

Rapid growth in private-sector solutions for data security and fraud.

The number of data breaches have increased about 26x to over 1.4 mn incidents in 2021 as compared to 2016. These include large and high-value targets such as Air India, SBI, and BigBasket. in 2018.89 These incidents were actively covered in the media and an analysis of Google trends show a four times increase in search of the keyword ‘cybersecurity’ between 2016 to 2021.

Prior to 2016 there were limited regulations put forth by RBI, but since 2017 it has put forth cybersecurity frameworks for NBFCs, Master Directions on Digital Payment Security Controls and has also issued a set of guidelines that mandate sensitive customer information to be stored in the form of an encrypted ‘token’ to help secure transactions. Parallely, in 2018, UIDAI introduced Aadhaar tokenisation to ensure data security.90

The cybersecurity solution industry has grown at the CAGR of ~40% from 20162021.91 In 2020, 30% of the enterprises used more than 10 solutions.92 Over the past few years, Google Pay has deployed a two-factor payment notifications system, PhonePe removed the UPI collect option and Paytm has launched the card-on-file tokenisation for online shopping.93

6: Affordable and Personalised Products and Services | Data Security Breaches and Online Frauds

Opportunities For Philanthropic Investment

Data security has become a priority concern for both private and public sector stakeholders. The Indian market is currently underpenetrated and relies on OTPs, which are unsecure and have been deemed non-compliant by recent EU payments security standards. To ensure exhaustive mitigation of risk and secure storage and use of data, our research suggests the following pathways for philanthropic investment:

Aid implementation of solutions by building feedback loops: Large scale research, grievance redressal mechanisms.

Support implementation of scale solutions to mitigate the risks at scale.

The table below presents gap areas and illustrative funding opportunities for philanthropy to improve data security:

Pathways

Illustrative Opportunities

Create a strong ecosystem of cybersecurity professionals that work on building a white hat culture, conduct preventive assessments to avoid private sector negligence.

Support capacity building of public institutions and safeguards.

Provide incubation support to innovators where they can test out their innovations and develop proofs of concepts. Incubation support can include tools such as synthetic data assets, Application Programming Interface (API) marketplaces, a coding environment, and access to expert mentors and observers.

Fund and support innovative, easy-to-use encryption and password-less identity and access management products that can serve mid-market clients and promote decentralised data management.

Fund and support digital risk management platforms that help companies detect cybersecurity threats.