Payment security trends to watch out for in 2020 and beyond

Apr 24 - 2020

The Indian digital payments industry has been thriving at a compound annual growth rate (CAGR) of 12.7%. It is expected to touch $10.07 trillion by 2026, as per the latest KPMG report.

In the face of the COVID-19 pandemic, digital transactions are expected to see a further rise. Offering customers the ease and convenience of making payments, digital payments are no doubt making life easier. Consumers, however, are increasingly becoming vulnerable to frauds.


The RBI, in FY 18-19, reported over 50,000 banking frauds, resulting in a loss of INR 145.08 crore.

While the regulatory body is reworking its policies on reinforcing data protection and cybersecurity, the sophistication in digital frauds is on the rise, too. Improved payments security, thus, becomes a critical strategy for financial institutions as opposed to being just a compliance measure. Here are a few security trends that will gain popularity among banks and fintechs in the years to come:

1. Validating transactions through Multi-factor Authentication

Recognising the growing need to protect the confidentiality of customer data, the RBI is pushing for adoption of multi-factor authentication (MFA) as a security measure among financial service providers. The RBI has issued guidelines to payment aggregators and payment gateways, who will now have to get customers to validate their transactions, without the option of using their static PIN.

MFA typically has three types of authentication factors - password, device in use and biometric identification. With biometric capabilities readily available in smartphones, consumers increasingly have been using this mode of authentication in their everyday transactions. Entering a password to make payments is now being replaced by touch or iris-linked authentications. MFA is expected to tighten security around transactions, therefore, removing the risk of stolen PINs and, eventually, preventing frauds.

2. Safeguarding customer data through card tokenisation

The shift from magnetic strips to chip cards was to prevent duplication of card information onto another, in a physical store. Much like that, tokenisation's end game is to prevent duplication of cards, digitally. Untraceable payment tokens are generated per card, per merchant. Even if hackers manage to steal tokenised data, they cannot use it, as the actual payment information is stored securely by the payment partner.

Tokenisation requires less computational power compared to encryption, which means that the tokenised information is processed faster and with fewer computer resources. Tokenisation is, thus, becoming an increasingly mainstream payment security measure, as it is a more cost effective and secure way to safeguard sensitive customer data.

3. Accelerating e-commerce with 3DS 2.0

With the rise of e-commerce, merchants now need to cater to an unprecedented number of online transactions. 3DS 2.0 enables a real-time, secure, information-sharing pipeline between digital merchants, payment networks and financial institutions. Issuers can use 3DS 2.0 for a more accurate authentication of customers without asking for a static password or slowing down their business.

3DS 2.0 prompts consumers to verify their identity after analysing the merchant’s contextual data on high-risk transactions, therefore offering additional fraud protection. The older version of this technology, the 3DS 1.0 protocol was originally written in 1999. Today, nearly 70% of online transactions in India originate from a mobile device. The security feature, meant for a desktop generation, therefore tends to have an adverse impact on the Payment Success Rates (PSR).

With 10 times more data on payment history, device, channel, location, etc. than the previous version, 3DS 2.0 helps speed up authentication and enhance security, giving shoppers a faster checkout.

4. Enabling contactless payments with wearable devices

Some of the banks and digital payments players are already leveraging technology innovations such as NFC and QR codes to enable contactless payments. Contactless payments made through tap-and-pay, dynamically generated PINs and wearable devices have not only made payments quick and easy, but also added an additional layer of security.

Wearable devices are linked to the cardholder bank accounts and make use of card tokenisation features to complete payments. Dynamic PINs can be generated for every transaction through mobile banking apps.

Contactless payments are not just enabling faster checkouts and seamless payment experiences, but also preventing various cyber attacks like keylogging, phishing, and other internet based frauds. As contactless payments gain popularity, more merchants are upgrading their payment systems to meet this demand.

With India expected to clock the fastest growth in digital payments’ transaction value, it is critical for banks and other financial institutions to build digital capabilities for payment security and user convenience.

Advanced ACS solutions today offer seamless payment experiences through completely secure transactions. With best-in-class security, powerful APIs and all the required integrations in place, such solutions can help banks and financial service providers ensure higher payment success rates, and therefore improve overall customer experience.

Stay up to date on the latest in Fintech & Banking