Image credit: Photography Talk
The COVID-19 pandemic has led to an increase in the usage of app-based payments which have doubled year-on-year (YoY) in the January-March quarter of 2021.
Data released by the Reserve Bank of India (RBI) showed that in January-March 2021, mobile transactions recorded a 96 percent growth in volume to 8.32 billion, while in terms of the value they saw an over 104 percent increase against the same quarter of 2020 to Rs 32 lakh crore, according to reports.
This growth is largely because of an increase in the shift towards the virtual world.
A Statista report titled ‘Impact of the coronavirus (COVID19) on digital payment app usage in India 2020’, as of April 2020.
The majority of the respondents used Paytm to make digital payments over 30 percent participating in the survey reported an increase in the use of online payments.
“The Covid-19 pandemic fuelled the proliferation of digital modes of payments. India’s digital payments ecosystem in this time frame has seen the kind of growth that might have happened over a 3-5 year horizon if not for the pandemic,” said Parikshit Chitalkar, Co-founder, StashFin.
He further added that the shift towards digital payments in India is particularly striking with the evolution of consumer behavior that can be seen among different segments, including older consumers who have traditionally preferred cash for transactions.
The transition to a fully digital India cannot happen overnight, but we can certainly say that digital payment solutions are here to stay.
“Due to the limitations that the pandemic has imposed, the relevance of digital modes of payment has been felt more intimately by people than ever before.
The convenience and flexibility that digitisation offers is something that people would certainly want to continue benefiting from. Digital payments are here to stay for sure,” pointed Vineet Singh, Founder and CEO, Castler.
Madhusudanan R, Co-founder, M2P Fintech further pointed out that people have increasingly adopted app-based payments due to the pandemic and a habit-forming has taken place.
Increase trust in Digital modes of payment
According to the latest data compiled by the National Payments Corporation of India (NPCI), which manages UPI, it has reported a threefold increase during the last fiscal (2020-21) in both the number of transactions and the value.
As of March 2021, the total volume has jumped to 2,732 million transactions, worth ₹5, 04,886 crores. At the beginning of the fiscal, in April 2020, the total volume stood at 999.6 million with the total value of transactions at ₹1, 51,141 crores, added a Fortune India report.
The number of banks that live on UPI has gone up to 216 from 153 in April 2020. When the platform began operations in April 2016, there were only 21 banks on board.
“In this era of rapid digitisation and the increased pace of businesses migrating online, public and private data are utilised extensively either individually, in combination, or as inferences drawn from the base data.
Every organisation needs to safeguard the data in order to protect public and private users’ interests.
For our digital lending industry, its lenders are striving continuously to ensure bullet-proof data protection by employing a combination of physical, electronic, and procedural checks,” said Chitalkar.
He further pointed out that companies need to adopt a ‘built on cloud’ infrastructure model for all their technology and data workloads, this will allow them to leverage advanced compliance and security feature sets that are now becoming the standard on most public clouds.
The cloud security alliance has published a list of all cloud providers and services along with their certifications under various compliance norms.
Having a duty towards their customers, a digital lender must ensure that they partner with third parties that maintain the best standards of data security to ensure their customer’s complete data privacy.
Using best of breed encryption (symmetric and asymmetric capable) standards like AES/PGP for both data in motion and at rest, advanced 2FA security models, regular VAPT/data security audits, and vendor reviews need to become baseline standards in all organisations who want to thrive in this new data economy.
“A robust verification process is a must. Digital payment catalysts need to ensure that every party that uses their platform for transactions is thoroughly vetted.
There should also be multiple levels of authentication for each transaction and a completely transparent process. These are primary aspects to consider if we want to fight cyber crimes in payment ecosystems both now and in the immediate future – this is what we focused on while building Castler,” added Singh.
“Building better security eco-system and ensuring highest data protection will be the first few steps in this direction.
Customer confidence will be built over a period of time and will be a process of continuous improvement,” pointed Deepak Ahuja, FinTech expert and CRO, SEHTEQ.
Madhusudanan R, added that when it comes to trust, it has more to do with awareness. Companies in this space are focusing on creating awareness. Trust is not a destination but a journey, one has to keep improving it and making it better.
Unlike the other parts of the world, in India, the information that has been passed on to the customers due to data breaches has been very low, because we are the first market globally to insist on two factors for all transactions.
It has its own downside, but from a customer standpoint, it has helped a lot.
Cyber Security Policy
Vinit Singh further pointed out that a cybersecurity policy would lay down the rules of data usage as well as activity on a digital payments platform for different stakeholders.
It’s no surprise that people generally don’t read through these policies (although they should), and having an established framework would help protect the interests of anyone whose security is compromised, regardless of whether they are aware of the policies or not.
This binding nature is essential so that action can be taken against cybersecurity policy violators.
“The current gold standard of policies geared towards personal data security is the European GDPR norms. In India, the government has made endeavours to increase the level of protection offered to citizens under the law,” said Chitalkar.
He further added that the IT Act, 2000 and the IT Rules, 2011 together form the regulatory mechanism to ensure personal data and privacy protection.
Additionally, personal data is protected under Article 21 of the Indian Constitution, which guarantees every citizen his/her right to privacy as a fundamental right.
In 2019, the government of India had issued the Personal Data Protection Bill, which when passed will be India’s first all-encompassing legislation on the protection of personal data.
While GDPR has seen adoption in the western world and we observe a clear movement of these norms traveling eastward with the likes of Apple and Google leading the charge, the role of the industry in delivering protections to its customers cannot be undermined.
With this paradigm legislation shift in the offing, digital lenders need to deploy a host of infrastructure, policy, and process changes in order to become compliant.
“It is critical to have a well-developed cyber security policy, which is reviewed and revalidated on a regular basis. Cyber security and Data protection will be some of the key drivers for increasing adoption of digital payment,” added Ahuja.
The current law lacks in some areas. As per the sensitive personal data and information rule (SDPI rules of 2011), the sensitive personal information of a person like a password, financial information, physical and mental health conditions, any bank related information, and others if shared by another entity it could lead to legal consequences according to article 43 A.
“From a financial institution standpoint, RBI has regulations and requirements around data localisation, what kind of audits needs to be done from banks own purpose and access from third parties, there are very strict guidelines around it.
Each and every entity involved needs to have a discipline around managing the customer data. Because in the end if any company does not have adequate control, the customer’s data is at risk. It is important to manage the customer data very well,” concluded Madhusudanan R.