payments modernization company - evolvus · my own credit card fraud • acquire card details •...
TRANSCRIPT
www.evolvussolutions.com
Payments modernization company
Evolvus is committed to ensuring that financial institutions and their customers are able to stay current with business, regulation and technology changes
across the payments ecosystem.
1
Topic
Risk mitigation in digital payment processing – changing trends and future challenges
2
Objective
• Risks • Case study • Payment system - Comparison • Best practices • Fraud patterns analysis • Advancement • Future of payments fraud prevention
3
Types of Risks
4
Corporate Risk comprises of
Market risk
Credit risk
Liquidity risk • Funding liquidity
Operations risk • Fraud risk • People risk • Other risks
Risk and Data
Scenario : Your customer’s data is with you
5
Data is core to all corporate risks
• More than necessary - Risk of accountability
• Less than necessary – Weak decisions, Traceability, and evidence collection issues
Quantum of data Financial and Non-Financial data
Location of Data
Scenario : Your data with vendor / service provider
Effect : You are vulnerable
Effect : You are accountable
Topic
• Data Integration
• ETL • Interfaces • Reporting
6
Case Study
Financial Hack - Union Bank of India
7
Payment Attack - Case Study
Bank Muscat • 2013 • Pre-paid cards • Limits changed • Cards cloned • ATM withdrawal • Friday evening
8
Data Hack - Zomato
• 17 million user records • Card and other payment
information intact • Data priced at $ 1,001.43 • Source of the breach –
Developer account compromised
9
May 2017 – Zomato hacked and customer information stolen
Payment Attack - Case Study
My own Credit Card Fraud • Acquire card details • Set up multiple card
payments • Siphon off in less than
20 minutes
10
Remedy • Card limits • Deny storage of card data • 2 factor authentication • Virtual card accounts
(need support by the issuing bank)
• Authorization based payments only
Operations Attack - Case Study
Corporate - Operational attack • Email intrusion • Social media intrusion • Domain intrusion • Website intrusion
Remedy • 2 factor authorisation • Email monitoring for phishing attack • Captcha login • Periodic password change • Professional malware protection measures • 3rd party certification of cloud solutions • Enterprise grade security for Wireless access points
11
Topic
• Data Integration
• ETL • Interfaces • Reporting
Payment systems Comparison
12
Global Payment trends
13
Details India UK USA
Name Immediate Payments
Faster Payments Real Time Payments
Year of launch 2010 2009 (limited) 2017 (soft launch)
Fund availability 15 seconds A few hours 15 seconds
Types of payment Credit transfer Credit transfer Credit push, request to pay
Limit Rs. 200,000 GBP 100,000 USD 25000
Participation All banks Limited banks Limited banks
Card payments - India vs US
14
Details India USA
Technology Chip and Pin Magnetic stripe, Chip and pin
2 Factor Mandatory (OTP) Only PIN
Limits Apply Apply
Fraud coverage Provided by bank Provided by bank / card provider
Usage level Limited Primary mode of non-cheque payment
Alternate mode IMPS, UPI, BBPS Zelle, Venmo (limited, private)
IMPS and UPI
IMPS features • Authorization based payment • Limits apply • OTP based 2 factor authentication
UPI features • Authorization based payment • Limits apply • Account number & IFSC code not required • OTP based 2 factor authorization • Recipient authentication • Payment can be limited to claim amount • APIs available for integration
15
Topic
• Data Integration
• ETL • Interfaces • Reporting
Corporate Payments
Best Practices
16
Corporate payment – Best practices
• Maintain separate account dedicated for payment
• Use smart funding mechanisms for payments
• Maintain short limits on corporate cards
• Limit authorization to specific value for mandate based payments
• Integrate QR codes on UPI tags
17
Sending Account Receiving Account
Pool Account
Consolidate Payment
Consolidate payment management to one system
18
Corporate
Dealer
Consumer
• Supplier Payment • Set up debit authority • Frequency based
collection
ACH Network
UPI Network
Payment Consolidation
Internal systems
Internal systems
Internal systems
Consolidated Payment automation
19
NPCI
Bank 1 (Scenario 1)
Interface
Bank 2 (Scenario 1)
Flux Corporate
Bank 3 (Scenario 2)
Interface
Corporate Sender 1
Corporate Sender 2
Corporate Sender 3
Payment Consolidation
Flux Corporate
Interface
Topic
• Data Integration
• ETL • Interfaces • Reporting
Fraud pattern analysis Conventional method
20
Payment trend analysis – Suspicion analysis
21
Fraudsters approach
Artificial Intelligence
It is machine vs man
22
Topic
• Data Integration
• ETL • Interfaces • Reporting
Fraud pattern analysis Advancement
23
Cognitive Analysis and Prevention
24
Power of Artificial Intelligence • Case study : JP Morgan – Legal
document • Facebook : Polling campaigns • Twitter : Suggested handles to
follow
Technology Direction
• Unstructured data compatibility • API integration
• UK – API Banking : Case Study
• Emotion tracking • AI based analytics • Fraud intention vs Fraud detection
25
Digitization and Pattern analysis
26
Distributed Ledger for digital integration
Case : Ripple vs SWIFT Case : UAE Government
VS
Future of Fraud Prevention
Artificial Intelligence
27
Distributed ledger
Machine Learning
+1(201) 993-5327 + 971 56 136 6821
Contact us
www.evolvussolutions.com
+ 91 9845218948
28
Global Payment trends
29
Details India UK USA
Name Unified Payment Interface
? ?
Year of launch 2017
Applicability Individuals & corporates
Types of payment Credit push and request for payment
Limit Rs 200,000
Participation All banks
Topic
• Data Integration
• ETL • Interfaces • Reporting
Retail Payments Best Practices
30
Retail Payment - Best practices
Use payment mechanisms that enable the following security features • Authorization based payment • Transaction limits and value limits • Account number & IFSC code not
required • OTP based 2 factor authentication • Use virtual cards (one time cards) on
internet
31