Digital Payments Analysing The Cyber Landscape

Digital payments-
Analysing the
cyber landscape
Risk Consulting
April 2017
KPMG.com/in
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
Foreword
The pace of shift to digital payments has significantly Bitcoin based financial infrastructure is expected to
increased with the strong move towards cashless bring a revolution just like the internet. In future, bitcoins
economy. This shift wouldn’t have been possible could be the means of exchanging and trading. The
without several factors that influence the growth and Reserve Bank of India is taking a precautionary view
proliferation of digitalisation, including: on the cryptocurrency and RBI regulations don’t permit
bitcoin to be prepaid payment instrument1.
• An ever increasing mobile phone penetration
• Lower cost of service delivery Keeping pace with the growth of digitisation, the cyber
threats are not far behind. As many as 11,592 cases
• Banks discouraging customers to visit branches of cybercrime were reported across India in 2015. The
• Unorganised sector supporting the digital economy growth in cybercrime coupled with proliferation of digital
• Demonetisation economy is as close as it can get to a death-knell, if not
dealt appropriately.
Adoption of digital payments is visible when country’s
Honourable Prime Minister, Shri Narendra Modi, In this Thought Leadership, titled ‘Digital Payments –
launched a mobile application, Bharat Interface for Analysing the cyber landscape’, we examine the digital
Money, popularly referred to as, BHIM, two months payments ecosystem from a lens of readiness of
after announcing demonetisation and this mobile framework for adopting the technology, emergence
application, created a world record of sorts when it was of new industry (Fintech), security and preventive
downloaded more than 17 million times in less than two measures that an Indian citizen needs to take before
months. Other channels such as Immediate Payment taking a leap of faith in the digital world, and measures
Service (IMPS), has witnessed growth of 97 per cent to avoid frauds. While we unremittingly build our
with about 72 million transactions. Country’s leading defences, it is our strong belief that cybersecurity is
mobile wallet service provider has ~150 million users as the only panacea for immunity in the digital age against
of today. cybercrimes.
While the macro factors clearly indicate favourable

environment for digital payments, which is also being Mritunjay heads the Risk Consulting
supported by the approach being taken by regulator, practice at KPMG in India. He has over
however, several challenges remain though for having 20 years of experience in consulting
attain the state where country truly becomes digital- and advising across sectors, business
• Feature phones continue to be widely used in rural solutions, and geographies. At KPMG,
India, which make it a tad difficult – not impossible to Mritunjay is not only one of the senior
transact, members of the India Leadership
Mritunjay Kapur Team, but also an active member of
• Patchy digital connectivity in parts of India Partner and Head the Global Risk Consulting Steering
• Acceptance and change in mind set Risk Consulting Committee responsible for stratgising
and driving our Risk Consulting
• Lack of awareness and business, globally. In terms of industry
• Most important security in transacting. associations, Mritunjay is the Chairman
for ASSOCHAM’s National Committee
on Internal Audit and Corporate Fraud.
1. RBI maintains a no-no but India’s bitcoin demand is shooting, The Indian Economist,
08/02/2017
Executive summary
Government of India’s recent demonetisation in November 2016 and the ‘Digital India’ initiative, launched in 2015 have provided
substantial boost to the country’s digital ecosystem. With initiatives such as ‘DigiShala’, the government aims at building
a conducive ecosystem for ‘cashless economy’; other initiatives such as the National Optical Fibre Network (NFON) and
introduction of Unified Payments Interface (UPI), Bharat Interface for Money (BHIM- internet based mobile application) can help
support in faster adoption and transition to digital payments.
However, this sudden surge and change in end user profile has led to various challenges in the digital payment ecosystem.
Cybersecurity is one of the most critical challenges faced by stakeholders of the digital payment ecosystem. With more and more
users preferring digital payments, the chances of getting exposed to cybersecurity risks such as online fraud, information theft,
and malware or virus attacks are also increasing. Lack of awareness and poor digital payment ecosystem are some of the primary
reasons that have led to the increase in these attacks.
A robust regulatory framework, an effective customer redressal framework, fool proof security measures to enable confidence
and trust, incentives for larger participation and benefits similar to cash transactions i.e. ease of use, universal acceptability,
perceived low cost of transaction, convenience and immediate settlement, are some measures that can help ensure long-term
success for digital payments.
We conducted a survey to understand India’s perspective on the cybersecurity concerns around digital payments. Below are the
key findings from the survey -
Cashless payment Ease of doing payments

Nearly 88 per cent respondents prefer Ease of doing
cashless payment over cash payment, with payments is one
48 per cent using digital payment for more of the key factors
than 75 per cent of their transactions. for users to move
towards digital
payments.
Around 90 per cent of the people are unaware that

the government runs a 24*7 TV channel ‘DigiShala’
to guide people and help them adopt digital
DigiShala
payments.
Security concerns End devices
As high as 88 per cent of respondents All respondents cited security of end points/
expressed their will to adopt digital payment, devices being used for digital payments as a
however security concerns and lack of major concern.
awareness act as key barriers.
Strong cashless ecosystem

About 78 per cent of respondents opined
that availability of strong cashless ecosystem
is essential for enhanced adoption of digital
payments.
One-time password
Dual factor authentication such as card and
Personally Identified Number (PIN) as well as one-
time password based transactions should be used
to strengthen security in digital payments and gain
customers confidence.
About the survey
We recently conducted a survey with an aim to provide the industry with a reference point that sheds light on key aspects such
as acceptance, barriers, challenges and awareness of digital payments ecosystem post demonetisation. This survey seeks views
from various customers and users across different sectors on cybersecurity in digital payment ecosystem post demonetisation.
The content of the survey is derived from the responses of the participants and is complemented by insights from our experts in
cyber forensic.
An overview of the demographics of survey participants

Profile of the participants
The survey saw over 320+ participants across age groups and different sectors who are the end users of digital payments
platform in India.
32% 68%
Female Male
Age of respondents
36-45 18-25
18% 25% 26-35
55%
More than 45
2%
Table of contents
Digital payments Digital payments – Security in digital

in India Adoption, acceptance payment and
and barriers associated ecosystem
01 06 08
Preventive measures Way forward Infographics: Digital

in digital payment to payments and
avoid fraud ecosystem
14 19 21
1 | Digital payments - Analysing the cyber landscape
Digital payments in India

The digital payment landscape in India is undergoing a
massive transformation. Indian consumers have shown As per Reserve Bank of India’s ’Financial Stability Report
tremendous affinity to digital technologies, with growth of 2015-16’, share of electronic transactions as part of total
rates for mobile phones and e-commerce adoption far transactions in volume terms moved up to 84.4 per cent
outstripping rates in developed economies. The Government from 74.6 per cent, accounting for more than 95.2 per
of India’s ’Digital India’ initiative aimed at transforming India cent in value terms. While majority of these are because
of inter-bank RTGS and CCIL transactions, share of retail
into a digitally empowered society and knowledge economy electronic payments and mobile payments is steadily
is expected to further accelerate awareness, availability and increasing.
adoption of digital technologies.
The chart depicts the share of various categories of
As highlighted in the Ministry of Finance’s Committee report payments systems, excluding the RTGS and CCIL. It
on Digital Payments published in December 2016, financial explicitly highlights the decreasing trend of paper-based
clearing and an increasing trend of various digital modes.
inclusion is one of the foremost policy challenges facing
India today. As of 2014, approximately 53 per cent of India’s
population had access to formal financial services. In this
context, digital payment acts as a key enabler for accelerating
financial inclusion. In fact, troves of insights available through
customers’ payment transaction patterns can be leveraged to
offer fit-for-purpose products and solutions.
Source: RBI - Financial Stability Report of 2015-16
In fact, the share of retail electronic transactions (i.e.

excluding RTGS) is approximately 12 per cent with cheque
(10 per cent) and cash (78 per cent) covering the rest of the
retail payment space.
2
Our study indicates that 88 per cent respondents prefer cashless payment over cash, with 48 per cent using digital payment for
more than 75 per cent of their transactions.
Percentage of respondents transacting through digital payments
48%
respondents
34%
respondents
15%
respondents
4%
respondents
More than 50-75% 30-50% Less than

75% 30%
Will you prefer cashless payment over cash payment
88% 5% 7%
Yes No Does not matter
The recent demonetisation introduced by the government in November 2016, and following drive towards launch of policy level
changes (such as merchant and consumer reward programmes for using digital payments instruments) and assets (e.g. BHIM
mobile application) has turbo charged the digital payment adoption landscape.
It would be fair to say that the existing adoptions levels and several macroeconomic factors indicate that ingredients for
successful creation of a thriving digital ecosystem are rapidly falling in place in India.
4
The digital payment ecosystem in India

Digital payments comprises payment transactions carried standardisation such as UPI, BHIM (internet based mobile
out using a variety electronic modes such as cards, mobile application) will help in adoption and usage of various modes
or internet based set ups, to send and receive money. The of digital payment.
ecosystem consists of buyer (customer), seller (merchant,
These enabling mechanisms along with relentless innovation
service provider) and Payment Service Provider (PSP) that
driven by PSPs and technology service providers (such as
enables transfer of money from buyer to seller for the product/
FinTech, etc.) provides to launch customer centric and easy to
service availed.
use products, ecosystem of large number of merchants and
The PSPs in India consist of both bank and non-bank players. customers shall continue to drive onslaught of digital payment
As of July 2016, PSP segment had 44 authorised Pre-Paid on cash and other modes of non-digital payments.
Payment Instruments (PPIs) including mobile wallets, prepaid
cards providers and eight authorised payments banks, eight The Reserve Bank of India’s report, ’Payment and
authorised cross-border money transfer operators and eight Settlement Systems in India: VISION-2018’ highlights
authorised white-label Automatic Teller Machines (ATM) vision statement as-‘Building best of class payment
operators. and settlement systems for a ‘less-cash’ India through
These PSPs offer a variety of digital payment modes – from responsive regulation, robust infrastructure, effective
traditional ones such as National Electronic Funds Transfer supervision and customer centricity‘ which revolves
(NEFT), National Electronic Clearing Services (NECS)/ around following five contours:
Automated Clearing House (ACH), bank cards (credit, debit, Coverage – by enabling wider access to a variety of
pre-paid), internet banking, mobile banking to newer ones electronic payment services
such as wallets (PPIs), Aadhaar Enabled Payment System
(AEPS), Immediate Payment Service (IMPS), UPI, Bharat Bill Convenience – by enhancing user experience through
Payment System (BBPS), and now AadharPay and India QR ease of use and of products and processes
code. Confidence – by promoting integrity of systems, security
Undoubtedly, mobile instruments as the form factor and of operations and customer protection
technology are driving innovation and adoption. Banks and Convergence – by ensuring interoperability across service
non-banks are now rolling out products driving adoption on providers
mobile platform.
Cost – by making services cost effective for users as well
In this context, increasing availability of mobile phones as service providers
(internet enabled mobile phone are expected to cross 500
million by 2020) and ubiquitous availability of data network
infrastructure, further rollout of 3G and 4G network, and The long-term success for digital payments would be
large merchant ecosystem are critical enablers, and require contingent of convenient and easy to use mode, a robust
coordinated effort from industry, government and regulators. regulatory framework, an effective customer redressal
framework, fool proof security measures to enable confidence
As per RBI’s report, ‘Vision-2018’, a four pronged strategy
and trust, incentivizes larger participation and benefits similar
focusing on regulations, robust infrastructure, effective
to cash transactions i.e. ease of use, universal acceptability,
supervisory mechanisms and customer centricity has been
perceived low cost of transaction, convenience and immediate
adopted to push digital payments in the country. The policy
settlement.
initiatives such as simplified Know Your Customer (KYC),
removal of Two Factor Authorisation (2FA) for small value Ease of use: Based on our survey, ease of doing payments
transactions, recent disincentives for cash transactions, is one of the major contributors for users to move to digital
lowering of digital payment costs and building infrastructure payments. We believe this can be a key enabler to encourage
such as National Optical Fibre Network (NFON) and people to opt for digital banking/payments.
Factors enhancing use of digital payment Awareness: While there has been a significant uptake of
digital payments, there is still a considerable amount of work
40% that needs to be accomplished. There should be continuous
36%
35% focus on educating customers and merchants on the
advantages of digital transactions. Awareness campaigns
30%
regarding security best practices, ease of usage and grievance
25%
25%
22% redressal forums for issues in digital payments can go a long
20%
way to increasing adoption.
17%
15% Enhanced customer service: An effective and efficient
customer service mechanism is one of the critical
10%
components for increased adoption. A digital payment
5% ecosystem comprises of number of players – telecom
0%
operators, payment gateways, banks and regulators. It is
Ease of Friendly user interface Tracking of Easy refunds on important to clearly define the roles and responsibilities of
doing payments and navigation all payments cancellation all stakeholders. Effective customer handling will be one of
of order/purchase
the primary drivers for adoption and all stakeholders need
to ensure that consumer interests are paramount in their
It is important to design use cases with optimal transaction operating and business models. The following need to be
flows and information exchange to simplify payment looked at:
transactions. Similarly, while measures around information
security and data privacy are essential, it is crucial to achieve • Institutionalise mechanism for handling customer
the trade-off with customer convenience. Few prevalent complaints/grievances
measures are the relaxation of 2FA for online payments below • Establish chargeback and dispute resolution process
INR2000. Adoption of Aadhaar for authenticating online
Fit for purpose offerings: The payment transaction data
transactions and its usage for KYC can further encourage the
use of digital payments in India. collected by PSPs can be used by them to provide customised
deals and offers to the customers, thereby influencing their
Technology enhancements and innovations: Increasing buying pattern.
penetration of mobile phones, ubiquitous connectivity,
alternate modes of authentication such as voice and Through security: It is imperative for the security architecture
biometrics and adoption of cloud and Internet of Things to ensure confidentiality, integrity, authenticity and non –
(IoT) are the technologies that can shape the way for future reputability. Robust encryption measures for communicating
transaction in India. Unified Payments Interface (UPI) can customer and payment information between stakeholders
be further refined to enable a large scale adoption of digital should be established along with periodic risk management
payments in India by overcoming current short falls e.g. analysis, security vulnerability assessment of the application &
integration of various service providers such as banks and network.
other financial institutions on this platform and uniform
customer experience.
Merchant adoption: The depth and breadth of merchant

participation are significant determinants for adoption of digital
payments. Merchants need to be encouraged with sufficient
incentives for them to actively contribute to the growth of the Kunal is a Partner with IT Advisory,
digital payment ecosystem. Merchant discount rate and other KPMG in India. He leads IT Advisory
transaction charges on digital payments are in the process of focus towards financial services sector.
being rationalised and a new regime of transaction charges Kunal has more than 13 years of
based on high volume and low charges is expected to be rolled experience in providing IT advisory and
out. Special care is being taken of small and rural merchants, assurance services.
for instance, one of the largest public sector bank has
proposed zero transaction/ MDR charges on such terminals.1 Kunal Pande
Partner
IT Advisory
1. SBI waives MDR charges for small merchants for one year, The Economic Times,
09 January 2017
6
Digital payments – Adoption, acceptance

and barriers
With the entire clamour on demonetisation and the endeavour still represents only 19 per cent of population using internet
to move from hard currency to digital, it would be interesting and even lesser percentage using mobile internet. These
to ponder if we have done something like this in the past. As numbers have to increase substantially if digital payments
it turns out, we have done it quite a few times before. In the have to make the impact they promise.
last 2 centuries, we went from using gold/silver coins to bank
• The Government of India has taken upon itself to create
notes, subsequently to paper currency. In the last century
an ecosystem for cashless digital economy. This means
itself we moved from the ‘anna’ system to the ‘paise’ system.
fostering an environment conducive for growth and
Just the same way that paper currency espoused the ideals
innovation in the FinTech industry. The Indian FinTech
of our country for the last 60 years namely the Ashok Chakra
software market is forecasted to touch USD2.4 billion in the
and the face of the father of the nation, it’s only logical that the
year 2020 from the current USD1.2 billion2.
next wave would be digital and electronic payments which is a
reflection of how we live today. • The RBI has also responded to the growing trend in its
report, ‘Vision 2018’ – where it states that new policies with
Which brings me to the question, what are the barriers to
focus on electronic payments will influence the trends in
digital payments? Probably because we have been using
electronic payment systems in the country.3
it in its current form for the last 70 years. While there have
been many attempts to bring in financial discipline via bank • The government’s focus on banking for the unbanked
accounts, credit cards, pre-paid cards, post office accounts but through schemes such as the ‘Jan Dhan Yojana’ where 200
the robust system of cash based transactions has continued million unbanked individuals were brought into the banking
to thrive alongside the banking system. In some ways the sector. Also, the extension of Aadhaar to pension and
longevity and association, it becomes a part of our culture, Provident Fund has helped in financial inclusion.2
from money in the hand, under the table, in polythene bags, in
• The banking industry has also seen mobile and internet
sweet boxes and sometimes in garlands. There are a number
banking transactions increase to 27 per cent overall
of people not just habituated by incentives to keep the status
transactions in April 2016, an increase from 8 per cent in
quo.
March 2012. There has also been an increase in card based
November 8, 2016 however may have proved to be a transactions.3
watershed moment in every Indian’s life. One that may well be
• There has been significant growth in the e-commerce
remembered as a BD (Before Demonetisation) and AD (After
market place. India’s e-commerce market (revenues) grew
Demonetisation) event.
from USD 3.8 billion in 2009 to USD 23 billion in 2015.4 The
The intent, implementation and readiness (or lack thereof) trends of online shopping are also tending significantly
have received extensive coverage and commentary but it towards mobile devices.
showed us that in the tomorrow’s world, it could be difficult to
• Since the government’s demonetisation announcement,
escape an indelible electronic money trail.
Indian bitcoin adoption has been on the rise. Indians are
There were many developments that quietly led up to support likely to adopt crypto currencies in the form of bitcoins. For
the digital payments phenomenon- bitcoin to gain adoption and become the foundation of a
new global financial system, companies should continue to
• India has the third largest internet user base in the world,
innovate and make it easier for consumers to buy, hold, and
with more that 300 million users1. Nearly 50 per cent i.e.
spend bitcoin*.
150 million users are mobile-only internet users. This may
be a significant number from an absolute perspective but it
1. Mobile Internet users in India to double by 2017, says study, Live Mint, 24 March 2017 4. E-Commerce Industry will cross $38 bln mark by 2016; Indian e-commerce market set to
2. Fintech in India – A global growth story, KPMG in India- NASSCOM, June 2016 grow by 67% in 2016: study, ASSOCHAM India, 01 January 2016
3. RBI’s Vision 2018 zeroes in on electronic payments, Live Mint, 24 March 2017 * The 5 Phases of Bitcoin Adoption, The Market Oracle, 30 December 2014
The volumes should expand dramatically so that large Government’s cashless lessons on ‘DigiShala’
merchants can start accepting payment in bitcoin.
Awareness for bitcoin should be spread along with these
developments. Blockchain is a fundamentally more
90%
scalable, reliable, and secure solution than the then, and
even the present day, payment processing technologies
used by some of the biggest processors and gateways in
India.
Not aware
There is however a need to step back and take note of what it
means in our everyday life. Can the digital payments industry
be really inclusive?
• The digital world could not escape the disparities we
see in the real world. According to a survey by Pew
10%
Research Centre in February 2016, only 12 per cent of
older respondents (aged 35 and above) used the internet
occasionally or own a smartphone. This was in comparison
to 34 per cent of millennial (aged between 18 and 34). Aware
• While there is an exponential growth in the e-commerce

market, cash on delivery is still the most preferred mode.
In 2015, 45% of online shoppers preferred cash over card
based or digital payments.5 This trend has not reversed With these issues, the larger question is who is responsible
post demonetisation. and accountable for a cashless economy. The government
• The divide extends to education levels where only 9 per and RBI have clearly stated that cashless economy is the way
cent with lower education levels are online, as compared forward. In this scenario, we need to answer some important
to 38 per cent who have higher education levels. A gender questions:
gap was also noted where 17 per cent of women and 27 • Is there adequate governance mechanism and public policy
per cent of men reported internet and smart phone usage. intellect to cope with the impact of digital/cyber terrorism
What may be particularly worrying is that the disparity and warfare?
between the digital haves and have not’s may widened
faster with rapid changes in technology.6 • Are the three pillars of our democracy i.e. legislature,
executive and judiciary skilled and ready to take on the
• The comparison with a cash based economy will weigh challenges of cybercrime?
digital payments down. In a cash based transaction, the
cost of the transaction is not transferred to the customer. • If the economy runs on digital, should our government
In a cash-less transaction, the merchants pass on the report on cyber security performance?
transaction charge to the customer. While the government • Do companies have an obligation to their customers
intervened during demonetisation, eventually the PSP will and investors to be transparent on their cybersecurity
charge fees to make margins. performance?
• Also, KYC requirements are disparate. The threshold for These questions are just some that need to be answered for a
KYC requirements for a digital transaction is lower than that thriving yet secure digital economy.
for an over the counter cash transaction.
Based on our survey, 90 per cent of the respondents said Abhijit is a Partner with IT Advisory,
they were unaware of the government’s 24*7 TV channel, KPMG in India. Abhijit has more than
‘DigiShala’ that guides people for using digital payment modes. 15 years of experience in developing
and building cybersecurity solutions
in a wide variety of areas including
security governance, policies and
standards, privacy and business
Abhijit Varma continuity. He also leads the Business
Partner Intelligence and Analytics team for
IT Advisory KPMG in India, focused on delivering
high quality information, helping
5. E-Commerce Industry will cross $38 bln mark by 2016; Indian e-commerce market set to
grow by 67% in 2016: study, ASSOCHAM India, 01 January 2016 clients improve the quality of their
6. Only 17% Indians own smartphones: survey, Live Mint, 24 March 2017 decision-making processes.
8
Security in digital payment and associated

ecosystem
Last few years have witnessed many high impact
cybersecurity attacks, globally, across sectors such as
healthcare, e-commerce, telecom, financial services,
government services, manufacturing, and hospitality causing
far reaching implications and establishing cybersecurity as
one of the top business risks. Our study, which included
inputs from global CEOs, indicates that cybersecurity risk has
climbed to become top three risks where CEOs would like
to invest. The magnitude of risk has exponentially increased
with enhanced adoption of digital channels by businesses to
interact with customers and capture of information across
industries.
Cyber risk is not limited to geographical boundaries and

corporates in India have been fairly exposed to this risk. Our
study indicated that nearly 72 per cent of organisations
witnessed some form of cyberattacks. The attacks have
accentuated with significant drive on adoption of digital
payment channels over the last six months with phishing,
Distributed Denial of Service (DDoS) and spam being most
widely used attack vector.
Nature of cyberattacks faced by organisations on digital payments channels
40% Phishing
40% DDoS
40% Exploits of vulnerability

40% Spam
20% Malware
20% Cyber espionage
20% Social engineering
20% Identity theft
20% Merchant fraud
0% Advanced fee, wire transfer scams and page jacking
40% Others
10
Nearly 88 per cent of our survey respondents preferred to

adopt digital payment channels; however, our study also
highlights the following two major causes that act as barriers
for adoption-
• Cybersecurity
• Awareness
Digital payment: Barriers of growth

20%
18%
16% 15%
14% 14%
14%
12% 12%
12% 11%
10% 9%
8% 7% 7%
6%
4%
2%
0%
Non availability Lack of awareness Lack of strong Security concerns Instability of king Additional charges Low regulations Lack of effective
Cash is stillKING
of point of ecosystem for the mobile complaints and
sale system cashless payments network redressal mechanisms
Cybersecurity risk – Reality check

‘Cyber Swachhta Kendra’ (CSK)
Proliferation of digital channels along with increased data
Established in February 2017, the Botnet Cleaning and
access covering the remote locations in India, has led to
Malware Analysis Centre, CSK, operated by Indian
significantly high number of users having internet access.
Computer Emergency Response Team (CERT-IN)
The current decade has witnessed significant changes and focuses on desktop and mobile device security.
innovations in digital payments channels and with emergence The Union Minister of Electronics and Information
of FinTech the transformation shall continue at even more Technology, Ravi Shankar Prasad mentioned this as an
rapid pace. important milestone in various initiatives taken on cyber-
security.
While this has led to multiple customers to use digital
channels, however, at the same time it has also led to There are multiple solutions which have been released,
increased cyber-risk exposure. including solution on desktop security (‘USB Pratirodh’)
and mobile device security (focused on Android™1
based mobile phones, called ‘M-Kavach’).
This is a step which has been taken by CERT-IN to

address the increased number of incidents being
reported (more than 50,300 incidents reported in
2016) and is also part of the government’s ‘Digital
India’ initiative, under the Ministry of Electronics and
Information Technology.
1. Android is a trademark of Google Inc
These could be attributed to: • Inadequate security measures on devices – Smart

Security measures on end user devices phones with internet access are exposed similar to
traditional computers from security perspective, however,
Users today are accessing digital channels through multiple these devices are normally not secured through various
devices, and our study indicates that nearly 48 per cent of the security tools – such as antivirus, anti-phishing, anti-
users prefer using mobile phones. malware, etc. This exposes the users to cyber security
risks. All our survey respondents uniformly cited security
Preferred mode of digital payment transactions of end points/devices used for digital payments as a major
concern.
Key reasons for security incidents

Mobile Swipe the cards
devices at point of sale 120
48% 38%
100 100%
80 80%
60%
60
40 40%
20
0
Lack of user End points/ devices Concentrated Lack of
Computers awareness levels being used for digital attacks on users adequate
(Laptop/Desktop) due to varied payments are not through redressal
user profiles secured (such as infected mechanism
14%
mobile phones, apps/malwares post incident
desktops, etc)
Smart phones have emerged as a preferred mode for carrying

out digital payments since it enables communication – • Cracked applications installed on devices – Users
anytime, anywhere, provide applications for ease of access. have multiple applications installed on their mobile
While doing transactions/business is more convenient by phones, which also includes the ‘cracked’ applications
the use of mobile devices, it also exposes individuals and that may have access to information across the device.
organisations to cyber security risks such as online fraud, These applications potentially access financially sensitive
information theft, and malware or virus attacks. These may information and pass on to attackers. Our study indicates
happen because of the any of the following: that nearly 58 per cent respondents considered the usage
of One Time Password (OTP) to be a secure mechanism;
however, information such as OTP can be accessed by
malicious applications installed on mobile phones, which
have access to user’s messages or calls.
• Vulnerable/unpatched operating systems – India has a
mix of users having smart phone with Android™ (76.85 per
cent) and Apple™2 operating system (2.33 per cent).3 The
nature of some of these operating systems are extremely
open which supports collaboration, but also exposes large
set of users to potential security issues.
2. Apple is a trademark of Apple INC., registered in the U.S. and other countries
3. Market share held by mobile operating systems in India from January 2012 to December
2016, The Statistics Portal
12
Security by design for digital payment products

• The demand for accessing digital payment channels has
increased significantly post the demonetisation drive in
the country. While this provided an opportunity to service
providers, the demand of solutions led to design and launch
of multiple products during short period, which may lead to
security controls not being designed comprehensively.
• One of the leading mobile wallet providers had to roll back

the product, since there were concerns raised on security
measures.4
Large ecosystem with multiple variables

According to our survey, availability of strong cashless
ecosystem is essential for enhanced adoption of digital
payments.
Digital payments: Factors to enhance adoption

100%
90%
78%
80% 74%
70% 62% 61% 62%

55% 59%
60% 52%
50% 42%
40%
30%
20%
10%
0
Adequate Speedy refund Awareness on No additional Stable More acceptance Awareness Availability of Availability of
regulations mechanism redressal charges mobile of debit/credit cards across masses point of strong
mechanisms for making networks sale systems cashless
cashless payments ecosystem
Digital payment ecosystem is evolving at a rapid pace as India • Lack of perimeter: The ecosystem being large with
is embracing digital and technological advancements. The multiple data interfaces, devices and systems, has led
value chain of entire ecosystem is large and growing, which to undefined perimeter for the environment. Enforcing
exposes it to cybersecurity risks. The key variables include: adequate security controls in such an environment causes
its own challenges.
• Data interfaces across the products: Products are
required to have multiple interfaces with other services/ User awareness
applications and most of the products have multiple
Application Program Interface (APIs) for this purpose. Lack of end user awareness has emerged as one of the main
There is high possibility that these APIs may be exposed causes for attacks being successful. Attackers continue to
to untested/ untrusted interfaces, which may lead to exploit lack of awareness through various social engineering
compromise of security measures. attacks, which include identity impersonation, phishing
sensitive information, etc.
• Third party service providers: There is lot of information
exchange that happens with third parties, and overall
security levels are based on the weakest link in the chain.
Recent incidents related to debit card security compromise
were attributed to security attack on third party service
provider.
4. Paytm rolls back app POS service: Will it affect the brand?, Moneycontrol, 25 November
2016
Regulation – Are we doing enough to address cybersecurity risks?

One of the key drivers for deploying adequate cybersecurity Country has adopted digital payment channels with significant
measures has been the regulatory requirements. Our study increase in volume (and value) of transactions, however, any
indicates that 55 per cent respondents believe that the significant security incident can have adverse impact on the
adoption of digital payments can be enhanced once there usage of this channel.
are ’adequate regulations’ governing the digital payments
It is imperative to have structured approach to security, with
in country. This calls for a need to adopt a more proactive
following key components:
approach to build a robust regulatory framework.
Security strategy and governance
The RBI has been monitoring the changing risk posture
due to cybersecurity and have drawn regulations to be • Design and implement robust cybersecurity frameworks
implemented by organisations across sectors to strengthen
• Identify ’crown jewels’ and protect them
user’s confidence in digital transaction. Recently issued
cybersecurity regulations include: • Establish adequate measures for protection from third party
• Banks to have comprehensive and robust cybersecurity risks
framework • Evaluate the changing threat landscape and align risk
• Technical cybersecurity audit of Prepaid Payment treatment strategies
Instrument (PPI) issuers • Empower the users through enhanced security awareness
The regulations are enforcing PSPs to ensure that there is a Security defence and transformation
minimum baseline of security controls.
• Establish robust measures for establishing user identity and
One of the potential emerging areas is where devices (post authentication for transactions
adoption of IoT) shall carry out payments and our study
indicates that more than 65 per cent of users are keenly • Establish advanced authentication measures, such as risk
looking forward to such technologies; this however needs to based/adaptive authentication
be commensurated by appropriate regulations. • Deploy adequate technical and security measures to deal
with ’cyber warfare’
Conclusion
Cyber response
The changing nature of cybersecurity attacks such as web
application attack, ransomware, reconnaissance, DDoS attack • Establish comprehensive cyber and incident response plan
clearly establish cyber-risk as new reality and also positions it
• Conduct regular cyber drills to enhance preparedness
as one of the top business risks today.
Atul is a Partner with IT Advisory,

KPMG in India. Atul has more
than 16 years of experience in IT
advisory assignments and leads the
cybersecurity practice at KPMG in
India and is also an active member
of KPMG’s global initiative on
Atul Gupta cybersecurity.
Partner
IT Advisory
14
Preventive measures in digital payment to

avoid fraud
Background well as fraudulent transactions. Fraudsters exploit zero day
vulnerabilities or alternative payment methods such as digital
Over the last two decades, the world has seen rapid strides wallets as well as government initiatives such as UPI have
in technology and communication. In the digital world, paved way for newer techniques to perform digital frauds.
cybercrime is evolving rapidly, making it one of the biggest
threats to businesses, individuals and governments. A few illustrations of the cyber frauds prevalent in India are as
under:
Traditionally, fraudsters have targeted all payment vehicles and
digital payments are no different. Traditionally, risks in digital Fund diversion attacks: These type of attacks are becoming
payments include loss of revenue, brand reputation, denial of increasingly prominent in India, where more and more
services, theft of services or currency, money laundering as companies with export businesses are targeted. The typical
well as transaction frauds. modus operandi of this attack involves infecting computers
of key personnel in accounts receivables department or the
Traditional threats versus latest threats companies e-mail server with a view to obtain the credentials
of their e-mail accounts. By using Trojan, the cyber fraudster
Traditionally, bank frauds happen due to risks around identity
stealthily monitors the e-mail flow between the victim and
theft, phishing, unauthorised transactions, and fraudulent
the customers over a period of months. At an opportune time,
transactions and so on. However, criminals are gradually
the hacker strikes by impersonating the victim and directly
becoming more sophisticated in their use of advanced tools
communicating with the customer, asking them to remit funds
and techniques. They now employ malware infections, remote
into an account of his choice, which is instantly emptied out
code execution, and man-in-the-middle of transactions as
using an international laundering syndicate.
well as system vulnerabilities to perform unauthorised as
The modus operandi
Client communications relating to invoicing and payment
Hacker tracks all key financial Hacker infects victims mail

Customers communications server with malware to steal Victim’s
relating payments 2 admin credentials 1 e-mail
Money is
transferred to server
3
hacker’s bank 4
account
Key pointers
• Spoofed domains from which
Hacker sends spoof
e-mails are sent are hosted
e-mails to customers
outside India and owned by
demanding payment
in an alternate account
Hacker persons not residing in the
hosting country
and attaching
Hacker’s • Hackers accounts are emptied
bank forged documents as Hacker and closed as soon as funds
account proof
are received
• Accounts are usually outside
India and at multiple countries
Spear phishing: Spear phishing is an e-mail spoofing and perform reconnaissance to gather information about
fraud attempt that targets a specific organisation, seeking the key personnel (usually from websites, social media
unauthorised access to confidential data or transfer of funds. sites). They then register a domain name that looks similar
As with the e-mail messages used in regular phishing attacks, to the target’s domain address. An e-mail account is hosted
spear phishing messages appear to come from a trusted and forged e-mails posing to be CFO or CEO are sent to the
source. finance Directors or Managers instructing them to perform
fund transfer to an international bank account and charge
Companies within India are increasingly targeted with this
the amount to admin expenses. Fraudsters typically target
type of cyber fraud/crime. The typical modus operandi of
hundreds of companies with customised e-mails. A few
the fraudster is to first identify potential target companies
corporates eventually do fall prey to this type of attack.
The modus operandi
1
Obtain names of key company
personnel
Company’s
Hacker website
Create similar e-mail ID
2 to that of CFO but from
an imitation domain
WWW 3
Send an e-mail from the imitation

Finance
e-mail ID requesting fund transfer
Director/
Manager
Malicious mobile application based attacks: An increasing The modus operandi

number of cases have been noted where mobile users are
presented with attractive online offers and enticed into Clicks on special
downloading and installing unknown mobile applications. 1 offer link on the
Good majority of the users either always grant permission or website WWW
simply do not know enough about the kind of consent they
User
may have granted while installation of applications. In this way,
malicious applications enter the mobile devices. Depending on Malicious mobile Downloads the
the level of permissions these applications have been granted, application opens 2
malicious
the hacker connects to the user’s mobile phone and entices/ connection to the mobile application
demands the user or his/her contacts to make transfers attacker
3
through payment wallets. 4 Attacker entices the user or
his/her phone book contacts
to make payments using the
mobile wallet.
Hacker
16
How forensic technology can help Cyber forensic and monitoring technologies
While strategies of fraudsters have been evolving, so have the While it is evident that criminals prefer to carry out illegal
technologies and processes used for preventing, detecting activities using computing devices, making it hard for
and responding to frauds. Digital forensics is continuously organisations and investigators to establish culpability. To
evolving and numerous tools and methodologies are available detect cybercrime, organisations are increasingly leveraging
with the forensic technology investigators to respond to on cyber forensics to know accurate facts of the incidences.
payment frauds in an effective manner.
Cyber forensics encompasses the recovery and investigation
Cyber forensic experts can adequately identify, collect and of material found in digital devices, following standard
preserve evidences in a manner that is presentable and procedures acceptable in a court of law. It is also used by
acceptable in court of law. private sector during internal corporate fraud investigations or
intrusion investigations (for example, investigating a system
Tools and methodologies allow forensic technology
breach that occurred from outside or loss of customer data).
investigators to perform deeper collection and analysis of the
evidences. Some of the activities that are typically performed Law enforcement agencies are required to increasingly
by investigators to solve payment frauds are as below: cooperate among themselves to identify, track and extract
• Collection of evidences such as hard disk images, mobile evidences in order to capture criminals. Going forward, digital
phone images, server/desktop logs, firewall/security forensic evidence such as system logs and user identity
appliance logs in a forensically sound manner details would be required along with the data from telecom,
• Recovering deleted evidences from the computer systems internet service providers, and cloud service providers such as
IP address, GPS coordinates, for effective spatial and temporal
• Analysing the data to identify traces of the fraud and its
analysis of the crime.
possible source
• Presenting the evidences in a manner acceptable in a court
of law
While anonymity is still achievable by cyber criminals, tracing

of the criminals is possible through detailed collection,
preservation and analysis of evidence by forensic experts.
The experts are able to track down the criminals by identifying
IP addresses coupled with any other evidences left by the
criminals in the data content and logs.
We should build data analytics capabilities that can handle Further, detective/monitoring technologies, verification of
increasingly huge volume of data. Data indexing and analytics transactions, dual factor authentication for each and every
platforms which can help in classifying information, identifying transaction should be adequately configured for timely
trends, performing keyword searches and visualising outlier detection of fraudulent transactions and employing adequate
data elements would need to be deployed. countermeasures and corrective controls.
Cyber forensic efforts are greatly enhanced if the While the above is a sound framework for cyber risk
organisations have appropriate audit trails and logging management and protecting digital payments infrastructure
mechanisms established in its business environment. for banks, wallet providers, processors, the key ingredients for
However, it is common for organisations to not have proper success of such a framework are:
audit logging and monitoring practices implemented. Lack • Boards/senior management of organisations should
of system level audit trails generated at the time of business take cognisance of the internal/external threats in their
activities/transactions can hamper the investigation as cyber organisations
forensic can’t recover something not created in the first place. • Adequate support from the management
It becomes difficult to propose/test hypothesis without having
• Development of adequate cyber security and response
appropriate audit trails to substantiate the analysis.
mechanisms
Cybersecurity and securing digital payments infrastructure has Last, the sustainability of such cyber risk management and
emerged as one of the most important concerns for banks and digital payments protection programme requires tireless
payment service providers such as digital wallet providers. The efforts to be put into creating and maintaining continuous
sophistication and rapid growth of breaches, cybercrimes and awareness among end users, operators, processors,
digital payments fraud cannot be ignored. Corporates should merchants as well as banks. As the saying goes, you are only
bear in mind that an effective cybersecurity strategy, is not a as strong as your weakest link.
onetime activity but a continuously evolving cycle of activities
that need to be carried out at periodic intervals.
These include: Sudesh is a Partner with Forensic

• Development of a Cyber Fraud Risk Management Policy Services, KPMG in India. He has
Framework (including incident management, enhancement more than 15 years of experience in
and assessment) forensic and fraud investigation across
• Cyber fraud controls design and review life sciences, industrial, IT-ITeS, and
• Continuous monitoring systems consumer markets sector.
• Cyber forensic incident response and investigation.
Sudesh Shetty
Partner
Forensic Services Investigation
18
Infographics: Digital payments and

ecosystem
Rise in digital payments post Growth in digital payments within one
demonetisation month of declaration of demonetisation
Increase in volume of digital payments % Rise in Digital Payments Post Demonitization

250
1400
200
1200
150
1000
100
800
50
600
0
Mobile Digital Credit 400
banking wallet card
200
December 2016 November 2016
0
USSD UPI E-wallets RuPay
Cards
Increase in value of digital payments % Growth in number of transactions

160000 (December 07/November 08)
% Growth in value of transaction
140000 (December 07/November08)
120000
100000 Source: Digital payments soar by up to 30% after demonetization, The Times of India, 10 December 2016
80000
60000
40000
20000
0
December November
2016 2016
Mobile banking Digital wallet Credit card
Source: Digital revolution cashes in on demonetization effect, Business Line, 12 February 2017
20
Upsurge in transactions from Point of Sale (POS) system

post demonetisation
Number of transactions Value of transactions

in million in million
9.81 175.1
122.1
5.08
Oct Avg Nov Avg Oct Avg Nov Avg
Source: Digital payments soar by up to 30% after demonetization, The Times of India, 10 December 2016
Volume of transactions using digital channels have decreased in the month of February
2017 as compared to December 2016
300 Representative data updated as of 1 February, 2017 253.1
250
200 164.2
158.7
150
118.5
87.3
100 64.9
62.4
50 9.3
4.2
0
Real-time Immediate Mobile Prepaid Cheque National National Debit and
gross payment banking Payment truncation automated electronics credit cards
settlement service Instrument system clearing fund transfer at PoS
(PPI) house
Source: Numbers speak: Digital payment volumes down 10%, reveals RBI data, Business Standard 7 February 2017
Digital payments have decreased in the month of January 2017 and February 2017
Total volume in million INR

1200
1000
800
600
400
200
Nov 16 Dec 16 Jan 17 Feb17
Digital payment - Ecosystem
Regulators Governance and regulatory framework for digital payment transactions processing
Governance
Customers Typical payment cycle Customers
Banking
cards Payment
banks
Acquiring bank Payment processor
Mobile
wallets
Retail
Card brand banking
Mobile
banking
Corporate
Internet Merchant banking
banking
Issuing bank Financial service

Point Customers
of Sale providers
Micro
ATMs Technology enablers
Bank pre-paid Telecom service Payment card

cards provides provides
Source: For illustrative purpose only, KPMG in India
22
RBI guidelines to strengthen digital payment ecosystem
9 December 2016
Security and risk
mitigation measure -
Technical audit
of pre-paid payment
instrument issuers
2 April 2014 6 October 2016

Guidelines for Operating guidelines
licensing of for payments banks
payments banks
Activity
29 April 2011
Working group on information security,
electronic banking, technology risk
management and cyber fraud- implementation
22 June 2001
Report on
internet banking
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Source: RBI Website (www.rbi.org.in). Press release section. Year
Key legislations in India

1. Banking Regulation Act, 1949
2. Payment And Settlement Systems Act, 2007
3. Pre-paid Payment Instruments in India
(Reserve Bank) Directions, 2009
4. Master Circular in 2014
Fraud spike
13083
11997
9500
Transactions
8765
2012 - 2013 2013 - 2014 2014 - 2015 2015 - 2016
ATM (credit/debit cards) and Net banking ®

frauds (in terms of transactions)
Source: 11,997 frauds related to credit, debit, net banking reported in Apr-Dec 2015; DNA Newspaper, 26 February 2016.
Keeping cybercriminals at bay

1. Users should treat their mobile phones as banks
2. Strong and unique passwords should be used on every websites
3. Operating systems, applications and anti-virus should always be up

to date
4. Two-factor authentication should be enabled wherever available

(particularly for e-mail and financial sites)
5. Link should be typed in the address bar of web browser instead of

clicking on the links
6. Link or attachments sent from unidentified sources should be avoided

7. Connection should be secured by clicking the lock on the browser and
the users should connect to the correct organisations
8. Accounts should be monitored for unauthorised transactions
9. Users should avoid sending financial or personal information

by e-mail
10. Users should avoid clicking links or entering personal information on

pop-windows
24
Way forward
With demonetisation, millions of Indians have enrolled for digital payments with mobile payments being the most preferred
mode. With such surge in the volume and number of transactions, it is unlikely that the cybercriminals would not be interested.
Hence, securing digital payments infrastructure becomes one of the most important concerns for banks and payment service
providers such as digital wallet providers. With the use of online payments going up, the incidents on misuse of payments
network and data theft are also on the rise.
Building a robust cybersecurity and digital payments protection programme –

Our recommendations
Organisations should understand the potential threats of • Formulate an effective cyber policy with special focus on
cyberattacks and install leading security architecture to digital payments
ensure that the transactions are seamless and secure. We
• Develop strong cyber protection culture by conducting
suggest the below digital payment protection programme for
cyber awareness and trainings
building robust cybersecurity mechanism:
• Perform periodic cyber risk assessments
• Developing a cybersecurity philosophy including
protection from third party risks • Build roust payment protection controls
• Engage senior management for their participation and • Perform periodic cyber audits and health checks
support for effective implementation of philosophy
Cybersecurity
philosophy
Senior management
support
Approved cyber policy
Strong cyber protection culture propagation and awareness
Periodic cyber-risk assessment
Building robust payments protection controls
Building robust payments protection controls
Periodic cyber audit and health checks
Source: For illustration purposes only, KPMG in India
26
People are the weakest link in the security architecture, • Avoid sharing any personal information over e-mail or call
hence security should be the shared responsibility of the
• Avoid entering personal information on pop-up windows
organisations as well as the users of the digital platform. The
end users should also proactively ensure that: As per our survey, nearly 90 per cent of the people are
unaware of the government’s ’DigiShala’ initiative. Hence,
• They use strong, unique passwords
the government should focus more on educating the
• Keep their operating systems, applications and antivirus customers as well as enforcing basic security standards for
up to date organisations. Also all the breaches should be mandatorily
reported.
• Enable 2FA, wherever available
To conclude, the digital payment ecosystem needs to
• Avoid opening links or attachments sent from unidentified
be strengthened, with organisations, users as well as
sources
government equally sharing the responsibility of securing the
• Ensure that the connection used during transacting is digital payment ecosystem.
secure
• Monitor their accounts on regular basis to track for

unauthorised transactions
Acknowledgements
Harshad Joshi
Hussain Rahat
Ishita Mogra
Jatin Rishi
Mubin Shaikh
Namrata Mehta
Priyanka Agarwal
Rishabh Rane
Ruchika Jaiswal
Sameer Hattangadi
Upalabadhi Singh
KPMG in India contacts:
Nitin Atroley
Partner and Head
Sales and Markets
T: +91 124 307 4887
E: [email protected]
Mritunjay Kapur
Partner and Head
Head Risk Consulting
T: +91 124 307 4797
AkhileshTuteja
Partner and Head
IT Advisory
T: +91 124 307 4800
Atul Gupta
Partner
IT Advisory
T: +91 124 307 4134
KPMG.com/in
Follow us on:
kpmg.com/in/socialmedia
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely
information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without
appropriate professional advice after a thorough examination of the particular situation.
© 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss
entity. All rights reserved.
All views and opinions expressed herein are those of the survey respondents and do not necessarily represent the views of KPMG in India.
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
This document is meant for e-communications only.

Digital Payments Analysing The Cyber Landscape

Uploaded by

Copyright:

Available Formats

Digital Payments Analysing The Cyber Landscape

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Digital Payments Analysing The Cyber Landscape

Uploaded by

Copyright:

Available Formats

Digital payments-

While the macro factors clearly indicate favourable

Cashless payment Ease of doing payments

Around 90 per cent of the people are unaware that

Strong cashless ecosystem

An overview of the demographics of survey participants

18% 25% 26-35

Digital payments Digital payments – Security in digital

Preventive measures Way forward Infographics: Digital

Digital payments in India

Source: RBI - Financial Stability Report of 2015-16

In fact, the share of retail electronic transactions (i.e.

Percentage of respondents transacting through digital payments

More than 50-75% 30-50% Less than

Will you prefer cashless payment over cash payment

The digital payment ecosystem in India

Merchant adoption: The depth and breadth of merchant

Digital payments – Adoption, acceptance

• While there is an exponential growth in the e-commerce

Security in digital payment and associated

Cyber risk is not limited to geographical boundaries and

Nature of cyberattacks faced by organisations on digital payments channels

40% Exploits of vulnerability

20% Cyber espionage

20% Social engineering

20% Identity theft

20% Merchant fraud

0% Advanced fee, wire transfer scams and page jacking

Nearly 88 per cent of our survey respondents preferred to

Digital payment: Barriers of growth

Cybersecurity risk – Reality check

This is a step which has been taken by CERT-IN to

1. Android is a trademark of Google Inc

These could be attributed to: • Inadequate security measures on devices – Smart

Key reasons for security incidents

Smart phones have emerged as a preferred mode for carrying

Security by design for digital payment products

• One of the leading mobile wallet providers had to roll back

Large ecosystem with multiple variables

Digital payments: Factors to enhance adoption

70% 62% 61% 62%

Regulation – Are we doing enough to address cybersecurity risks?

Atul is a Partner with IT Advisory,

Preventive measures in digital payment to

The modus operandi

Client communications relating to invoicing and payment

Hacker tracks all key financial Hacker infects victims mail

Send an e-mail from the imitation

Malicious mobile application based attacks: An increasing The modus operandi

While anonymity is still achievable by cyber criminals, tracing

These include: Sudesh is a Partner with Forensic

Infographics: Digital payments and

Increase in volume of digital payments % Rise in Digital Payments Post Demonitization

Increase in value of digital payments % Growth in number of transactions

Mobile banking Digital wallet Credit card

Upsurge in transactions from Point of Sale (POS) system

Number of transactions Value of transactions

Oct Avg Nov Avg Oct Avg Nov Avg

300 Representative data updated as of 1 February, 2017 253.1