Given the complex final transactions maze and increasing instances of governments bringing harsh penalty on citizens for failure to provide satisfactory answers to transactions, the option of declining to accept payments from unreliable sources, will be essential for citizens' safety
While there is a significant effort by the RBI to protect customers from online fraud and other risks associated with online banking and transactions, surprisingly it is entirely silent on another potential threat to customers regarding financial transactions.
Image: Shutterstock
India is now a global leader in the adoption of digital payments accounting for 46 percent of worldwide real-time payments in 2022. With 89.5 million digital transactions, she has more transactions than the other four leading countries combined. The spectacular $3 trillion digital payment market, predicted to more than triple to $10 trillion by 2026, is because of rapid expansion in digital infrastructure, UPI-led migration to digital, pandemic-led acceleration of shift in customer preferences, growing merchant acceptance network, and disruptive innovations by fintech companies. It is now making inroads into global expansion with UPI payments in countries like Saudi Arabia, Singapore, Canada, UK, Australia, HK, UAE, Oman, Qatar and USA.
Globally, almost all countries enforce stringent measures to ensure security of financial transactions particularly those involving customer transactions. These are usually achieved using combinations of Encryption, Tokenization and Authentication. Most popular methods involve Single-Factor Authentication (SFA) requiring usually a password or a PIN, Two-factor authentication (2FA)-requiring two forms of identification, such as a password and a one-time code sent to a registered device, or a Multi-Factor Authentication (MFA) requiring three or more forms of identification, which may include biometric data, security questions, or physical tokens.
RBI too has detailed guidelines regarding securing financial transactions of account holders. In general, RBI proposes three-stage authentication practices for internet banking—Something the user knows (e.g., password, PIN); something the user has (e.g., ATM card, smart card); and something the user is (e.g., biometric characteristic, such as a fingerprint).
However, while there is a significant effort by the RBI to protect customers from online fraud and other risks associated with online banking and transactions, surprisingly it is entirely silent on another potential threat to customers regarding financial transactions. This pertains to receiving electronic payments in an account. Obviously, it begs the question: What is the risk associated with receiving payments that requires the RBI to put in security features?
Consider the scenario where payments from an account are being made to an individual. For many, there is no obvious way to know when and by whom such payments are being made. In the current system, SMS or other alerts that inform the recipient about the credit of funds is neither a default nor a mandatory option. Often such messages or alerts may get hidden among many such messages and alerts, if an individual doesn’t immediately respond to them.