Elements of Cyber Security - (BCY402)

Course Coordinator:
Prof. Yogesh N
Assistant Professor
Dept. of CSD
ATMECE, Mysuru

YN Prof. Yogesh N, Dept. of CSD, ATMECE 1

 Module 2

Mobile and Digital Payments Security: Security Challenges and types of attacks
on Mobile devices, Security for Mobile Apps, Mobile Device Management tools and
techniques.

Digital payments Security: Banking Cards, Unified Payment Interface (UPI), e-

Wallets, Unstructured Supplementary Service Data (USSD), Aadhar enabled payments,
Digital payments related common frauds and preventive measures.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 2

 Session 5

Mobile and Digital Payments Security

• Banking Cards

YN Prof. Yogesh N, Dept. of CSD, ATMECE 3

 Digital Payments
 Digital payment is referred to as those payments that take place using the various
types of electronic medium. These methods do not require payment to be made in
the form of cash or providing cheque.

 There are different modes and types of digital payments that are prevalent in India,
which are discussed in detail in the following lines.
1. Banking Cards
2. USSD (Unstructured Supplementary Service Data)
3. UPI (United Payment Interface)
4. AEPS (Aadhaar enabled Payment System)
5. Mobile wallets
6. Point of Sale Machines (PoS)
7. Mobile Banking
8. Internet Banking

YN Prof. Yogesh N, Dept. of CSD, ATMECE 4

 Digital Payments Security
 In 2022, Cybercrime cost UK business £4,200 on average, with the total cost of
cybercrime to the UK economy estimated to be £27 billion per year, with
businesses accounting for a significant proportion of this cost.

 In the first half of 2023, UK criminals stole £580 million through unauthorised and
authorised fraud, 77% of APP fraud started online and another 17% started through
telecommunications networks.

 Payment fraud has proven to be incredibly expensive on an international scale,

with the global average cost of a data breach in 2023 equating to US$4.45 million,
a 15% increase over 3 years, according to IBM.

 Businesses therefore need to be concerned about payment security and implement

it effectively.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 5

 Digital Payments Security
 Organisations must prioritise the security of digital payments to protect their
customers’ sensitive information and data, maintain customer trust, avoid data
breaches and unauthorised transactions and avoid costly financial losses.

 Security within the digital payment space covers multiple touchpoints, from
security of mobile payments and digital wallets, to the card, the app and the
device being used.

 This ranges from business-led security that ensures every aspect of a payments
solution is secure, compliant with industry standards and is aligned with
regulatory expectations.

 From PIN management and offering 3-D Secure (3DS), to encryption and Payment
Card Industry (PCI) compliance, a good payment platform can demonstrate how
many touchpoints are secure and how rigorously they are enforced.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 6

 Best practices for enhancing digital payment security
 The rise of digital payments has also given rise to an array of cybersecurity challenges.
With transactions occurring in the virtual realm, the potential for data breaches, digital
payment fraud and cyberattacks has grown exponentially.

 Businesses therefore need to focus on the security of digital payments for their own
financial security, and that of their customers.

 There are a number of key strategies and technologies to enhance digital payment
security, including:
• KYC (Know Your Customer)/KYB (Know Your Business) checks
• Transaction screening
• Confirmation of Payee (CoP) service

YN Prof. Yogesh N, Dept. of CSD, ATMECE 7

 Best practices for enhancing digital payment security
KYC (Know Your Customer)/KYB (Know Your Business) checks

 The Know Your Customer (KYC) and Know Your Business (KYB) require financial institutions
to establish who their customers are and understand what kind of financial activity they are
involved in.

 Both strategies are important to maintaining a financial system’s integrity and mitigate
financial risks.

 The importance of KYB and KYC screening include:

 Creating a holistic overview of the customer
 Identifying ownership structures
 Increasing efficiency by leveraging an automated screening solution
 Mitigating the risk of onboarding illegal or illegitimate companies
 Ensuring sanctioned entities are not onboarded or are swiftly offboarded/subject to
an asset freeze if a customer is designated

YN Prof. Yogesh N, Dept. of CSD, ATMECE 8

 Best practices for enhancing digital payment security
Transaction screening

 Transaction screening analyses transactions for suspicious or prohibited activity before

they are approved. Transactions will be stopped if analysis confirms risky or illicit
activity.

 Transaction screening filters out an individual or organisation to identify suspicious

behaviour outside of risk appetite. It also contributes to a layered, risk-based approach
in its anti-money laundering and counter-terrorist financing (AML/CFT) framework.

 Edenred Payment Solutions fraud prevention detects, alerts and mitigates fraudulent
or suspicious transactions that occur within the Mastercard network and banking flows
such as Faster Payments.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 9

 Best practices for enhancing digital payment security
Confirmation of Payee (CoP) service

 The account name-checking service Confirmation of Payee (CoP) helps reduce

misdirected payments, providing greater assurance that payments are being sent, and
collected from, the intended account holder for UK domestic payments. CoP is one of
the ways the industry is tackling digital payment fraud.

 Since launching in 2020, over 100 organisations have already implemented

Confirmation of Payee (CoP), with more than 1.9m checks completed every day.
Edenred Payment Solutions platform supports the CoP feature.

 The widespread adoption of the CoP service, and the Payment System Regulator’s
mandate for almost 400 organisations to join CoP in 2024, demonstrate the value of
the service and its recognised importance as an anti-fraud tool.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 10

 Best practices for enhancing digital payment security
 Other measures to ensure digital payment systems are secure include:

• Understand your PCI compliance requirements

• Encrypt data with TLS
• Implement 3D Secure 2
• Multi- or Two-Factor Authentication
• Require Card Verification Value (CVV)
• Use payment tokenisation
• Implement a fraud detection tool
• Train your employees

YN Prof. Yogesh N, Dept. of CSD, ATMECE 11

 Banking Cards
 Banking cards offer consumers more security, convenience, and control than any other
payment method.

 The wide variety of cards available – including credit, debit and prepaid – offers
enormous flexibility, as well.

 These cards provide 2 factor authentication for secure payments e.g secure PIN and
OTP. RuPay, Visa, MasterCard are some of the example of card payment systems.

 Payment cards give people the power to purchase items in stores, on the Internet,
through mail-order catalogues and over the telephone.

 They save both customers and merchants’ time and money, and thus enable them for
ease of transaction.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 12

 Types of Banking Cards

 Various types of Cards used in the Banking System are

crucial in modern banking due to their convenience
and ease of use.

 They provide a hassle-free way for customers to access

their funds and make transactions without carrying
cash.

 Cards are accepted globally, allowing for easy

international transactions.

 They offer enhanced security with PINs and passwords,

protecting against fraud.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 13

 Types of Banking Cards

 Debit Card - make payments from linked account

 Credit Card - used to borrow money and make payments
 Forex Card - to hold foreign currency during international travels
 Prepaid Cards - load the money in advance and then make transaction
 Electronic Cards - Electronic cards can be considered as debit cards issued in specific
overdraft accounts that are in the nature of personal loan without any specific end-use
restrictions. Banks have been permitted to issue electronic cards to natural persons
having overdraft accounts so as to enable domestic digital transactions in such
accounts.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 14

 Types of Banking Cards

Debit Cards
 They allow the cardholder to transfer money electronically from their bank accounts
and can also be used as ATM cards to withdraw cash using the Automated Teller
Machine.

 Keep in mind that you’re not borrowing money using a debit card, you are using the
money deposited in the bank account linked to the card, whereas in credit cards, you
borrow money to make payment

 A deferred Debit Card allows the facility of payment to be done a few days later from
the date of purchase.
YN Prof. Yogesh N, Dept. of CSD, ATMECE 15
 Types of Banking Cards

Credit Cards
 Credit cards allow the user to borrow money from the bank and make purchases.

 Bank or companies issuing credit card creates a revolving account and grants a line of
credit to the cardholder, and then the user borrows money for payments or can also
withdraw cash at times.

 Companies issuing credit cards also set a minimum repayment amount for the amount
borrowed and also charge interest on delayed payments.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 16

 Types of Banking Cards

Forex Cards
 Forex Cards stands for Foreign Exchange Cards and are used for international travels to
hold foreign currency.

 There are two main variants- single currency cards and mlti-currency forex cards.

 Forex cards can also be used to withdraw the currency abroad.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 17

 Types of Banking Cards

Prepaid Cards
 Just as the name suggests in prepaid cards you can load the amount in advance and
then use the money to make transactions, they are not linked to any bank accounts.

 The most common example is prepaid gift cards.

 RuPay in India also brought prepaid cards in 2014 considering the huge opportunity in
the untapped, unorganized, corporate gifting and other business space.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 18

 Types of Banking Cards

Electronic cards
 Electronic cards can be considered as debit cards issued in specific overdraft accounts
that are in the nature of personal loan without any specific end-use restrictions.

 Banks have been permitted to issue electronic cards to natural persons having
overdraft accounts so as to enable domestic digital transactions in such accounts.

 For all purposes like security, Additional Factor of Authentication (AFA), Merchant
Discount Rate (MDR), etc., the instructions relating to debit cards are applicable on
such electronic cards as well.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 19

 Summary

• In today’s session, you all have gone through the following topics
• Mobile and Digital Payments Security
• Banking cards

YN Prof. Yogesh N, Dept. of CSD, ATMECE 20

 Discussion and Interaction

YN Prof. Yogesh N, Dept. of CSD, ATMECE 21

 Topics for Next Session

Mobile and Digital Payments Security:

• Unified Payment Interface (UPI)
• e-Wallets
• Unstructured Supplementary Service Data (USSD)

YN Prof. Yogesh N, Dept. of CSD, ATMECE 22

YN Prof. Yogesh N, Dept. of CSD, ATMECE 23