India’s e-commerce industry is on a phenomenal growth trajectory and is expected to reach USD 99 billion in size by 2014, growing at a CAGR of 27 percent during 2019-24 as per ‘Global Internet: e-commerce’s steepening curve’- a report by Goldman Sachs.
COVID-19 is undoubtedly driving a significant share of the current e-commerce transactions through digital payments, preparing consumers for a long-term shift. The surge in e-commerce and digital payments in 2021 will be consistent across the country. This exponential rise has deepened concerns about potential cybersecurity risks for consumers and businesses, as well as new kinds of data security breaches. More than 900,000 spam messages, 700 malware attacks, and 48,000 malicious domains were discovered in the first four months of 2020, according to an Interpol report — all related to COVID-19.
Online data and payments security, whilst acknowledged, needs laser-sharp focus from e-commerce businesses. Let us first understand the entities involved in e-commerce payments through the following illustrated model:
With important payment information being passed between these entities, data security at every step needs to be managed. Some important security protocols include – TLS encryption through SSL certification, ensuring PCI DSS compliance for encryption and storage, tokenizing card credentials, managing two-factor authentication. Additionally, with India moving to a GDPR equivalent legislation, storage, and usage of critical personal data whilst managing data localization and data transfer restrictions is paramount.
As more and more customers get more comfortable storing card and VPA (Virtual Payment Account under UPI) details online, the security of the underlying database needs to be ensured. Most companies use an online, or cloud, storage system with encryption to store customer payments vault. If these details are compromised thru vulnerabilities, for the average fraudster, buying card details on the dark web is the easiest and fastest way to get card information. The Breach Level Index, a global database that tracks data breaches, reported over 14 billion data records that have been leaked since 2013.