India’s banks and mobile network operators are joining forces to tackle this challenge. One of the most widely adopted fraud-prevention techniques used today is SMS OTP (one-time password).

India’s e-commerce market is one of the fastest growing in the world. Deloitte recently predicted that this market will be worth $100 billion by 2020.

As the country’s online retail sector continues to grow, an increasing number of internet banking, online payment services and digital wallets are appearing in the marketplace. But as more customers use the internet to make purchases and manage their financial affairs, banks are under pressure to provide secure authentication and reduce the risk of fraud. Nielsen’s Global Connected Commerce Survey found that cash-on-delivery is still the most widely used option for e-commerce payments, especially due to consumer concerns around credit-card fraud. Indian consumers are increasingly demanding new and improved ways to protect their personal data, without detracting from their online experience.

India’s banks and mobile network operators are joining forces to tackle this challenge. One of the most widely adopted fraud-prevention techniques used today is SMS OTP (one-time password). This enables banks to verify transactions by sending a text message to the customer and asking them to input an OTP. It is a more secure method of authentication than traditional passwords and is easy and cost-effective for banks to roll out. The Reserve Bank of India (RBI) mandated that email could also be used as a similar means of authentication, but found that the real-time nature of SMS makes it much more effective.

However, the SMS verification method is flawed, as it can be compromised by account takeover fraud. In this scenario, fraudsters use personal data to access an individual’s online banking details, changing the mobile number associated with the account so that it matches a phone in their possession and thus allows them to verify transactions.

SMS OTP is also susceptible to hacks on the phone itself. In order to mitigate the consumer inconvenience of using traditional SMS OTP, several applications will now read the SMS and populate the OTP automatically. It is very easy for such an application to go rogue and read OTPs sent from a bank, for example, to gain access to online banking accounts. In most cases, this will happen so fast that the user will not even suspect something is amiss. All that the user will see is that the OTP she wants to use is no longer valid, so will request another one—by which time the account has already been compromised.

Globally, banks are also trying the use of geo-location data to make transactions easier when a customer travels abroad. A bank can contact the customer’s operator when a payment or withdrawal is made in foreign climes—the operator can then confirm whether that person is in the same country as the card being used. This trial demonstrates the huge potential for different types of data to be used as a means of authentication, and the significant role operators can play in working together with banks to protect consumers.

Operators could soon play a key role in preventing fraud in India. They can leverage user data such as location, account and usage history, which, in turn, can be used to help verify transactions. Moreover, this rich data can also help minimise instances of account takeover fraud. If someone tries to change the mobile number associated with a bank account, the operator can determine if the original mobile number is still in use, helping the bank to alert customers to any suspicious changes in personal details.

When banks and operators pool their knowledge and expertise, they are able to create a more secure environment for transactions. In fact, the GSMA has already begun working with a number of operators and service providers in India to roll out Mobile Connect, an operator-based authentication service which provides a convenient and secure log-in solution with privacy protection. Given that 85% of Indian consumers use their smartphones for browsing e-commerce websites, mobile authentication solutions offer an extremely convenient way to verify your identity online.

The high percentage of online fraud in India has made consumers wary of internet transactions, leading to a surge in more traditional forms of payment such as cash-on-delivery, where customers must wait at home to collect goods and pay for them on receipt. This example demonstrates the lack of trust between Indian consumers and payment providers, which is, in turn, stopping India’s e-commerce market from developing as quickly as it could. It’s down to banks and operators to work together to develop the right solutions that combine security and convenience in order to win back consumer trust and spur economic growth.

The author is vice-president and head of Technology, APAC, GSMA