Last fortnight a leading Mobile Payment gateway from India unveiled its projections to 5,00,000 online seller base by March 2017 as compared to current seller base of 1,70,000.This portal alone facilitates 300 million payment transactions per day and has set a target of 1 billion by 2020.
As I presume this ONLINE BUSINESS IS HIGH VOLUME AND LOW MARGIN BUSINESS.
When margins are low there are possibilities of compromises with the security or quality of the services customers receive. As these online companies can not compromise with bandwidth and high resolution servers they are most likely to save by compromising on security measures. These companies are for profit and not for charity and scrutinizing their business module it looks more probable that they might be compromising on security.
Section 43A of Information Technology Act mandates these service providers to follow reasonable security practices and guidelines to protect sensitive personal data and information of the users.
Another point of worry about these payment gateways, which have mushroomed recently, is very few legal or technical compliance required from government end. In a rush towards fulfilling its well deserved mission of Start up India government seems to be neglecting inherent threats in cyberspace. The cyberspace is used by entrepreneurs, end users who are techno illiterate and simultaneously by cyber criminals who are highly comfortable with technology and rather are highly techno savvy.
All are cohabiting in same cyberspace and when these payment gateways are carrying out almost a billion transactions per day collectively, the cyber criminals are bound to found out vulnerabilities in the same and exploit them for their financial gain. The biggest losers in this scenario presently are the innocent online payment gateway users and more interestingly people who don’t even opt for these payment gateways for their any transaction.
How people who don’t even opt for online payment gateways can be falling prey to such frauds???
The modus operandi noticed is very simple. These fraudsters obtain credit/debit card details and cvv code from such innocent people and utilise same for fraudulent transactions through these payment gateways. Payment gateways are least bothered about origin of payment or destination of beneficiary. What they are bothered about is their transaction fees and nothing else.
There are many cases where payment gateways are unable to provide complete authenticated details of beneficiaries. This is alarming situation and currently cyber criminals are exploiting it very effectively. The amount of such frauds can not be estimated with limited information available with my organisation but I am sure its figure will be unimaginable by anybody. If you prefer to guess you are welcome.
It’s high time that Payment Gateways must be brought under some sort of Regulatory mechanism!!!
This regulator will be entrusted to look into all such matters where Payment Gateways are found to be involved in some sort of fraudulent activities. For want of such regulatory mechanism, unnecessarily Good Payment Gateways are also being tarnished.
To avoid this situation and make people believe in this online payment mechanism the formation of such regulator is NEED OF HOUR.
Advocate Mahendra Limaye
Cyber Legal Consultant