In today’s rapidly evolving digital payment landscape, security concerns remain a top priority for stakeholders across sectors.
At a panel discussion in the Business Standard BFSI Insight Summit 2024, Ashok Hariharan, founder and CEO of IDfy; Karan Sapra, head of consumer business (payments and financial services) Google Pay; Natasha Jethanandani, CTO of Kaleidofin; Ramesh Lakshminarayan, chief investment officer at HDFC Bank; and Sivram Kowta, president of banking at Zeta, shared their insights on the impact of digital fraud, along with strategies to strengthen security measures.
How do you think our lives can be safer in terms of digital payment?
Hariharan: Whenever I hear about fraud, it excites me because detecting fraud is my business. Fraud means more work for us to solve it.
In the 1990s, fraud prevention was simpler because opening a bank account required a physical recommendation.
Fraud was easier to control due to physical presence. In the digital age, attacks have increased exponentially.
To prevent fraud, we need better know-your-customer (KYC) processes.
For instance, if you search for a bank’s customer care number on YouTube, fraudulent numbers often appear.
These scams rely on social engineering to deceive users.
Another example is increasing friction for high-value transactions.
One-time passwords (OTPs) alone are not enough, as they are vulnerable to social engineering.
Adding face recognition can prevent fraud because social engineering cannot replicate facial likeness. Some friction is acceptable, especially for higher-value transactions.
Over the past year, we’ve seen a 100-200 per cent increase in frauds.
Five years ago, they were a negligible 3-4 per cent. This trend is visible in both background verification and bank KYC.
Higher friction for high-value transactions, such as face-match alongside OTPs, can help reduce fraud effectively.
As a lending platform, what types of fraud do you notice?
Jethanandani: The more you do, the further ahead fraudsters get. Loan application frauds are common.
These range from identity theft, where fraudsters apply for loans in another person’s name, to ghost accounts created for fictitious borrowers.
Fraud also occurs in loan disbursements.
Fraudsters often trick businesses into transferring disbursements into specific large bank accounts. This can also be an insider-driven fraud.
Loan repayment fraud is particularly tricky for customers we work with.
Many are not very tech-savvy, and phishing attacks are common.
Fraudsters can create fake loan applications (apps) that look quite realistic.
When an app follows up with the user, it appears professional and asks for repayment.
The user makes the payment, but not only does the fraudster take the money, but the loan account remains unpaid, affecting the credit score.
Fraud spans the entire credit lifecycle, not just the application stage.
What are your views on OTPs and authentication methods in preventing fraud?
Kowta: In India, we are excited about the opportunities of the digital wave but concerned about security.
OTP on SMS is prone to phishing, and so are passwords and personal identification numbers (PINs).
Most people use the same password for every site, and many choose easy-to-guess combinations.
Biometrics are becoming more common, but the problem is that biometric authentication depends on transmitting biometric data.
Once transmitted, it can be stored at a fraud point, making it vulnerable.
We should adopt silent mobile authentication more aggressively... The only reliable phishing-proof option is fast identity online-compliant devices, which are still expensive.
However, if the industry focuses on making these devices more affordable, they could become as common as Bluetooth devices.
Moving away from authentication based on knowledge (passwords, PINs) is essential, as they are easily compromised through social engineering.
As a representative from HDFC Bank, how has digital fraud impacted the banking sector?
Lakshminarayan: The past nine to 12 months have been challenging for the banking industry due to the rise in digital fraud.
While figures aren’t publicly shared, fraud is omnipresent.
The banking system faces sophisticated swarm attacks, where fraudsters target one bank before moving on to others.
Legacy technology systems are a major constraint.
Many banks rely on rule-based engines and static data for fraud detection, which aren’t effective against modern threats.
While artificial intelligence and machine learning are promising, they must be supported by real-time technologies, like graph databases and streaming data platforms, to make fraud detection more dynamic.
Does Google Pay lose sleep over digital fraud?
Sapra: Yes and no. Fraud is a serious issue, but it’s important to acknowledge our progress.
In the past, people relied on cheques and waited days for funds to transfer.
Now, payments are real-time, multimodal, and interoperable, processing over half a billion Unified Payments Interface (UPI) transactions daily.
However, this rapid growth has introduced vulnerabilities.
Fraud has also become more complex with multimodal commerce.
Mobile security is another major concern.
© 2025