As India moves towards a cashless, digital economy, concerns about the security of digital payments loom large. Although advances in technology have resulted in banks and financial institutions taking up several cybersecurity measures, as India is fairly new to the concept of digital payments, there is always that impending threat of a cyberattack that could steal or alter the user information. Fortunately, the government of India is laying down several regulations that is helping India move steadily towards a highly secure way of making digital payments.
In a world where several transactions are being done online, allowing users to make a payment using just a username and a static password is not enough. Although this method of authentication is convenient, with online identity thefts becoming rampant, they do not offer a secure mode of payment. Security passwords built on strong authentication systems are needed to overcome the limitations of static passwords. They add an extra level of protection that make it extremely difficult for hackers or robots to access unauthorized information, networks or online accounts.
Security passwords incorporate an additional security credential – in the form of passwords, PINs and grid numbers – in order to protect network access and safeguard users’ digital identities. Here are 6 types of security passwords that are being used for carrying out digital payments transactions:
One of the most basic form of security password is the CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) code. CAPTCHA code determines whether the user is human and protects users against potential automated misuse of payment page submissions. By creating a barrier against spammers and robots, CAPTCHA codes require users to identify and input distorted and camouflaged characters in order to access a site and/or validate a transaction. Today, several Indian banks make use of CAPTCHA codes to avoid a password guessing attack in order to safeguard users’ data and improve digital payments experience, giving them the chance to be carefree.
OTP or one-time password is a highly secure way of safeguarding digital payments. As the name suggests, OTP offers a strong 2-factor authentication mechanism for making a digital transaction with a unique password that can only be used once. This prevents identity theft by making sure that a particular user attempting to make online payment is actually the one performing the transaction. Today, OTPs have become the authentication factor of choice for most of the payment service providers in India. Since OTPs are generally only sent to a user’s registered mobile number that usually expires within 5 minutes, they make digital transactions highly secure. Off late, banks have also started mentioning the merchant name and/or the transaction reference ID for which the OTP is sent, enabling users to know for what transaction the OTP has been sent.
IPIN is a popular password mechanism used for ensuring security and privacy while making transactions using a net banking account. Using an IPIN, users can log in to their net banking account, view account details and perform online transactions. When users open a bank account, an IPIN is randomly generated by the system and encrypted using industry-specified encryption standards. Users can then define their own IPIN – either through a mobile or web banking application or through an ATM. It’s an industry trend that IPIN and customer IDs are never communicated to the customer through same channel simultaneously. The level of security is further improved by ensuring the IPIN is known only to the customer.
With the number of mobile phone users in India expected to reach 813.2 million by 2019, the popularity of mobile banking is unquestionable. MPINs offer a high level of security for transactions carried out through mobile phones. Usually a 4 or 6-digit code, MPINs are a form of 2-factor authentication: the first being the user’s registered mobile number, and the second being the MPIN.
An ATM or debit card PIN is a form of security password used to authenticate a user to access an ATM or make an online or physical payment using a debit card. ATM PINs are extremely popular in India because of easy accessibility of ATMs, especially in rural areas. ATM or debit card PINs bring a greater degree of security, reliability and convenience to the digital payments space. Users need to simply enter their regular ATM PIN in the field provided on the bank’s transaction page to complete a transaction.
Grid authentication is a method of securing digital payments by requiring the user to enter values from specific cells in a grid whose content is known only to the user. Usually a grid consists of randomly generated letters and numbers in rows and columns and is provided to the user on a wallet-size card. When a user logs in, he/she is prompted to input characters from an arbitrarily selected cell in the grid. When the user enters correct character sequence, access is granted, and transaction goes through. Grid authentication safeguards users against replay attacks as the identical characters selected for one login cannot be reused.
Enabling 2-Factor Authentication
As the popularity of online transactions rises, there is an impending need for banks and other financial institutions to implement strong security measures to safeguard users from cyber attacks, phishing and identity thefts. Among the various security passwords, 2-factor authentication mechanisms are a great way of confirming genuine users using a combination of two different factors – something they know and something they have. This added layer of security ensures safe and seamless digital transactions.