UPI transactions, via bank account or RuPay cards. Credit card, or debit card to pay for purchases. The futurism of tap to pay using anAndroid phone or smartwatch. Scanning QR codes. Methods and modes are aplenty, driving momentum for India’s digital transaction ecosystem. There are some numbers which detail this landscape. In the first half of 2024, the number of UPI transactions totaled 78.97 billion, an increase of 52% year-on-year. In parallel, 3.73 billion card transactions were clocked in the same period. The flip-side, cybercriminals are eyeing your money, and higher volumes gives them a better chance of success.
It becomes imperative that banks, payment platforms and credit card networks do their best to secure transactions. Mastercard, one of the leading card networks globally (there are only five in the world, the others being Visa, American Express, Diners Club and the homegrown RuPay), is helping banks, payment gateways, businesses and users with a series of transaction as well as card security measures. The company believes digital banking frauds were as high as $9.8 billion in 2023, and that’s expected to rise still, to $24.8 billion by 2028.
Also Read: Banks rely on AI as digital transactions grow, and methodology of frauds evolves
At the same time, fraudulent money transactions, which were already worth $5.5 billion in 2023, will be as high as $12.6 billion in 2028. Their counter, are the likes of behavioral solutions which use a number of models and algorithms to identify bots, analyze user behaviour and flagging risky card usage in real time. Wait till you hear about Account Takeover (ATO) fraud and the pig-butchering scam. Worrying?
Generative artificial intelligence (AI), which is also the reason for quicker and more sophisticated phishing attempts, is also helping Mastercard in mounting a defense. “With AI-powered solutions such as Decision Intelligence, Mastercard monitors over 112 billion transactions annually, providing real-time authorization and fraud detection to customers,” Joy Sekhri, Vice President of Cyber & Intelligence solutions, South Asia at Mastercard tells HT, in a conversation.
This month, Mastercard inaugurated what it describes as a new state-of-the-art Tech Hub in Pune. They say this facility will play a key role in advancing the company’s global tech infrastructure, with over 6,000 technologists and engineers in action — that would make it Mastercard’s largest workforce in a single city, anywhere in the world.
HT speaks with Mastercard’s Sekhri to understand India’s fast evolving payments landscape, how frauds are becoming smarter and faster, the importance of multiple layers of protection and the use of AI to put up a defense. Edited excerpts.
How would you analyze India’s digital payments landscape as it is rapidly evolving, and within that the share of different formats including card payments and UPI?
Joy Sekhri: India’s digital payments landscape has undergone a remarkable transformation, with transaction volumes soaring in the last decade. The country saw a surge in the number of digital transactions, from 2,071 crore in FY 2017-18 to an impressive 18,737 crore in FY 2023-24, led by technological advancements and changing consumer preferences. Multiple factors, such as increasing smartphone usage, low-cost internet, and rising digital literacy have accelerated this shift, enabling communities even in rural areas to benefit frrom digital payments.
In this evolving ecosystem, multiple payment methods have emerged, offering a variety of options to consumers. These include card-based payments, real-time payments (RTP), QR code transactions, and cash. The need of the hour is to ensure continuity, security, and accessibility of digital transactions, so that everyone, everywhere can reap the benefits of digitization. Going by the current trend, India is set to stay at the forefront of the global digital payment revolution, fostering greater financial inclusion and growth for both enterprises and communities.
Has the risk ever been higher than now, with regard to online frauds? How would you illustrate new, unique methods that target online banking and digital payment users within India and around the world?
JS: The risk of online frauds is certainly growing in the wake of widespread digitization across sectors. With online transactions increasing in number, cybercriminals are employing more sophisticated techniques to exploit vulnerabilities both within India and around the world.
A common method being used is Account Takeover (ATO) fraud, where attackers use tactics like credential stuffing and phishing to gain unauthorized access to user accounts. In such a scenario, a user’s login credentials — often obtained from previous data breaches, are used to access accounts. This data is then exploited to make unauthorized purchases, affecting sectors, such as e-commerce and digital goods, which are particularly vulnerable due to challenges in verifying transactions.
Another method being increasingly used by bad cyber actors is pig-butchering scam, where cybercriminals build trust with victims over time, eventually convincing them to transfer large sums of money. As these fraud techniques evolve, sectors like healthcare are also at risk. For instance, in healthcare, sensitive patient information can be misused for identity theft or fraudulent billing.
It’s become important that organizations adopt technologies like artificial intelligence (AI), machine learning (ML) and behavioral analysis to detect anomalies and prevent frauds.
How does Mastercard ensure transaction security, and how important is it to keep improving tech?
JS: Mastercard implements a robust range of security safeguards to protect transactions through its network. With AI-powered solutions such as Decision Intelligence, Mastercard monitors over 112 billion transactions annually, providing real-time authorization and fraud detection to customers. This not only prevents billions in losses but also allows the company to detect compromised devices and unusual patterns.
In fact, Mastercard’s efforts go beyond protecting the transaction. The company is driving a new thinking and new approaches to safeguard an evolving ecosystem, from the physical to the digital to the metaverse, and every interaction in between. Mastercard’s approach to security gives its customers and partners deeper visibility into cyber risk and greater adaptability and resilience, protecting their systems through the latest AI technology, and delivering peace of mind to the people and businesses they serve.
Has Generative AI been able to provide any help in countering threats before they can target unsuspecting users?
JS: Generative AI has emerged as a powerful tool in the realm of cybersecurity, playing a crucial role in both preempting and countering threats before they can impact users. One of its most significant contributions is its ability to enhance threat detection by analyzing vast amounts of data to establish a baseline of normal behavior. This proactive approach is particularly effective in detecting sophisticated cyberattacks that might evade traditional security systems.
In addition to improving threat detection, GenAI also automates security responses. By continuously learning and adapting to new attack patterns, it ensures that defense mechanisms evolve in real time. This adaptive capability makes AI an essential part of any modern security system, ensuring that organizations are better equipped to handle emerging threats.
In the financial services sector, AI has made significant strides in strengthening security, enabling financial institutions to flag and investigate suspicious transactions in real time, providing a critical layer of protection for both companies and their customers. Moreover, by simulating various financial scenarios, the technology allows companies to evaluate the potential impact of different risk factors and develop strategies to mitigate those risks.
What are the layers of protection that get enabled when a user starts a transaction, either offline or online? Is there anything a user can additionally do when making a transaction?
JS: When a user initiates a transaction, whether online or offline, several layers of protection are activated to ensure security of the payment process. Multi-factor authentication (MFA) becomes particularly important since it requires users to provide two or more verification factors before gaining access to their account or completing a transaction. The Reserve Bank of India (RBI) has emphasized the importance of transitioning from traditional OTPs to more secure methods, which is where solutions like Mastercard’s Payment Passkey Service come into play.
Launched first in India as a pilot, Mastercard’s Payment Passkey Service represents a significant advancement in transaction security by replacing traditional passwords and OTPs with biometric authentication methods, such as fingerprints or facial scans. This service aims to streamline online shopping while enhancing security against fraud and scams. By utilizing tokenization, it also ensures that the cardholder’s sensitive information is not shared with third parties.
In addition to these built-in protections, users can take some steps to enhance their transaction security. To start with, regularly updating passwords and enabling MFA on all accounts where the option is available can be helpful. Users can also monitor their financial statements frequently to spot if there have been any unauthorized transactions and utilize virtual card numbers for online purchases whenever possible.
Is there a specific role that Mastercard would play in helping banks, payment systems, and ecosystem participants?
JS: Mastercard plays a significant role in supporting banks, payment systems, and ecosystem participants by offering solutions that enhance security, operational efficiency, and customer experience. Through close collaboration with financial institutions, Mastercard tailors its products and services to meet their specific needs. This collaborative approach allows banks and other players in the financial services sector to streamline operations and offer improved services, ultimately fostering growth and competitiveness in a fast-evolving digital landscape.
One of Mastercard’s key contributions is in the realm of cybersecurity and fraud prevention. Tools like RiskRecon and Brighterion exemplify the company’s commitment to helping banks and payment systems strengthen their security posture. RiskRecon provides real-time insights into cybersecurity vulnerabilities, allowing institutions to identify and address risks before they become critical. Brighterion, on the other hand, leverages AI to detect fraud in real time. By analyzing transaction data and identifying anomalies, Brighterion ensures secure transactions while minimizing false positives, enabling institutions to better protect their customers from fraud and other cyber threats.
Mastercard offers consumers direct protection against identity theft through its Mastercard ID Theft Protection service. This comprehensive service is designed to safeguard personal information by proactively monitoring the deep, dark, and surface web for compromised data such as passports, bank accounts, credit cards, email address etc.