Payments Going Digital In India: Data Security Vital To Success

Nitin Bhatnagar, Associate Director, PCI Security Standards CouncilHolding a Master’s in Cyber Law & Information Security from the Indian Institute of Information Technology, Nitin held the role of Associate VP at SISA Information Security, prior to joining PCI in 2018.

Innovations in payments technology are changing the way Indians make payments. Barriers to adoption of digital payment methods for businesses and consumers have continued to decrease in recent years, and, as India becomes a less cash economy, digitaltransactions have risen by approximately 440 percent over the last three years. This represents an enormous shift in India’s payments ecosystem, and, for entrepreneurial small business owners, the possibility of a more socially and geographically diverse customer base signals new opportunities for success.

However, reaping the benefits of this huge shift towards digital payments is not as easy as simply adopting the technology and doing business. It is vitally important that business leaders and decision makers take the necessary steps to implement data security standards that helps prevent data theft, ensures cardholder data remains secure, and paves the way to further adoption by addressing the concerns of the public.

Digital Payments Continue to Gain Traction
Since Indian banknote demonetisation began in 2016, a vast number of Indian consumers have been adopting digital payment methods such as electronic fund transfers, card payments, and mobile banking. In fact, as of April 2019, there are 884.7 million debit cards and 48 million credit cards in circulation in India, with over three million merchants in India accepting payments. As a result, businesses have begun to react to these changes, more readily accepting digital payments, and there are now over three million merchants in India accepting digital payments.

To accommodate this, innovative payment solutions, such as the use of smartphones for making and accepting payments, have become increasingly important. The transaction value of mobile Point of Sale paymentsin India has been growing exponentially and is expected to grow by over 50 percent each year until 2023 and business owners are keen to make the most of this.

Security is the Key to Harnessing the Opportunity
Despite the growth opportunity of digital payments, businesses that operate without a secure payments infrastructure represent an opportunity for cyber criminals and hackers, who are well-equipped and relentless at finding avenues to steal data where the correct precautions have not been taken.

Every company should operate with an appropriate security framework to help protect their business from data theft. For smaller businesses and entrepreneurs, this is particularly important, as efforts can
understandably be focused on business development and management, while critical priorities like payment data security are treated as secondary priorities.

Fortunately, there are clear steps that can be taken to help businesses protect customer payment data and solutions available to help them. For example, the PCI Data Security Standard (PCI DSS) provides a foundation of security controls that when implemented and continuously monitored offers the best protection for payment card data before, during and after a purchase is made. Any business that stores, processes and/or transmits cardholder data should continually apply controlsspecified in the PCI DSS. Additionally, for the increasing number of businesses relying on smartphones and tablets to accept payments, PCI SSC provides security standards for solutions that enable them to accept contactless payments on their devices and trust that these transactions are secure. This provides opportunities for more businesses, and especially those not based in a fixed location or new to card acceptance, to be able to accept contactless payments in a secure manner.

Business leaders who can effectively implement security standards and train personnel to maintain the standards will be tomorrow’s captains of commerce

At the very minimum, every business using any form of digital payments should have at least one member of staff who is appropriately trained in security standards to protect their business. For the smallest businesses, this may even be the founder, and entrepreneurs must realise that the responsibility to safeguard their customer payment data could be theirs.

For larger, more developed businesses, executives should be hiring or training data security professionals, or Internal Security Assessors, within their businesses to ensure that there are individuals capable of deploying up-to-date standards to protect themselves against cyber criminals.

Crucially, data security is not a one-time fix. As payments and technology evolve, and cybercriminals become smarter, so do methods of data theft, and so do security standards. Data security is an ongoing process which must be constantly updated.

Data Security is a Requirement for Success
One thing that businesses owners and decision makers in India must consider is a change of attitude about digital payments for their business. Digital payments can be extremely profitable of course, and for the majority implementing these methods can be seen as a one-way ticket to increasing customer catchment area.

However, Indian business owners must realise that implementing new payment methods must be complemented with the appropriate security standards. Without the standards, sooner or later a data breach is almost inevitable. Hackers are constantly probing businesses for security weaknesses, and as soon as they find one without safeguards, they will infiltrate its computer systems and steal customer payment data for profit.

And for a business whose customer payment data is stolen, the results can be catastrophic. Many businesses whose data is stolenwill go out of business within 12 months of the cyberattack, and those that do not go out of business can suffer severe reputational damage that takes many years to recover from.

Entrepreneurs must not be Deterred!
This should not deter entrepreneurs, and experts are clear that digital payments are the future for India. During a video address at the PCI SSC 2019 India Forum in Delhi Indian entrepreneur Nandan Nilekani emphasized that acceptance of digital payments technology, by both merchants and consumers, is vital for economic growth, but knowledge sharing and education about data security are vital to success.

A lesscash economy represents a fantastic opportunity for business growth in India. However, companies need to ensure that they are reducing the number of opportunities where cyber criminals can steal payment data. Business leaders who can effectively implement security standards and train personnel to maintain the standards will be tomorrow’s captains of commerce.