With leaps and bounds in technological progress, it was always known that mankind would eventually move towards a cashless society. Demonetization was the step that brought us closer to this reality in India. Today, the public is urged to make the big move with a number of ads, demos, tutorials and videos. This has led to a huge migration of financial transactions online, making the economy of the nation soar.

Today, eCommerce stores process transactions beyond their websites — via mobile and social platforms too, literally altering the way people shop.

India’s mobile wallet industry is expected to rise from $22.41 million in 2015-2016 to $4.37 billion in 2022. This means a huge jump in the value of mobile wallet transactions from $3 billion to $800.35 billion during the same period, as per a July forecast by Assocham-RNCOS titled Indian M-wallet Market: Forecast 2022. Every second, three more Indians experience the internet for the first time, and by 2030, more than 1 billion will be online.

2015-16 has witnessed some exciting moments in the e-Commerce sector. However, with the growth of digitization, there’s a valid risk of cyber threats too. The right cyber security stance is the need of the hour as cyber threats are bound to evolve and pose huge risks to businesses.

Securing OTT e-subscriptions:
Let’s take the case of OTT platforms like Netflix, Amazon Prime, Hotstar and others. There’s a demand for paid content, and subsequently the need to secure it. Authentication, geo-blocking and control of account sharing are the three key areas of security for OTT content. Instead of using HTTPS protocol to secure communications, Netflix, as a provider, uses a message security layer. Being tied to SSL and TLS, HTTPS suffers from fundamental security issues unknown at the time of their design.

MSL is a cryptographic protocol that utilizes the latest cryptography technologies and knowledge. It supports the following basic security properties:

• Integrity protection: In-transit messages are protected.
• Encryption: Message data is protected from inspection.
• Authentication: Trusted messages to come from a specific device and user.
• Non-replayable: Messages containing non-idempotent data can be non-replayable.

MSL has pluggable authentication and may leverage any number of device and user-authentication types for the

message. The initial message will provide authentication, integrity protection, and encryption if the device supports it. Future messages utilize session keys established as a result of the initial communication.

With e-Commerce websites in a risk-laden landscape, additional layered security and specialized visibility are the need of the hour

Netflix has done away with many issues they faced with HTTPS and platform integration with MSL. Due to its flexible and extensible design, it will also be able to efficiently adapt as Netflix expands and as the cryptographic landscape changes.

Securing Trust in e-Commerce
Given the scenario of demonetization, preparing for cyber risk is extremely important for e-commerce companies of any size. Cyber security incidents like payment frauds, disputes in B2B and B2C transactions, bogus deals and purchases, trademark and copyright infringement, FEMA violations, issues of web content ownership, contract violation, cyber stalking, hacking, phishing and cyber-squatting are common.

The fact that nearly 45 percent of transactions are done via mobile doesn’t help its cause. Cyber-crimes in India have surged around 350 percent between 2011 and 2014, as per a joint study by Assocham and PwC released in August 2016.

Fraud leads not only to financial loss, but also a huge loss of reputation, leading to severe losses.

Addressing the Risk of Fraud:
I believe that network security, confidentiality and authentication are three main components of an e-commerce website. Several companies such as PayTM use 128-bit encryption SSL security to store information. It’s essential that front-end payment card validation wherein MOD 10 checks, BIN checks, authorization responses, customer profile checks, security questions, login analysis, basic site rules such as number of orders placed through one account, value of orders or back-end manual order reviews be promptly implemented. Digital signatures and dynamic IP protection are other exemplary methodologies.

Payment gateways store financial information of small and medium businesses, while larger platforms prefer to have their own security parameters and store the data themselves, as it gives more control and security over extremely sensitive data.

Hosting providers like Amazon Web Services and DigitalOcean offer full access to their security profiles, but require skill and expertise to stay ahead of the game. Credit data should be locked by strong encryptions to ensure its protection.

Encrypted data equals protection:
Encryption lets you scramble information using a mathematical formula which is tough to break without a 'key'.I strongly believe that encryption of data equals protection. Implement technologies like SSL (Secure Sockets Layer) and SHTML (Secure-HTML), with web forms. Encryption can also be incorporated in your email package through S/MIME (Secure/Multipurpose Internet Mail Extensions). These are necessary as they prevent vulnerable network attacks.

Firewalls stop attackers and potentially malicious traffic from unauthorized access to and from private networks. Since e-Commerce websites get a lot of inbound traffic, they require firewalls to protect themselves against malicious entry. Major certifications reiterate credibility, while a secure environment boasts measures like virtual private cloud, encrypted data storage, identity and access management, and Multi-Factor Authentication (MFA).

To conclude, with e-Commerce websites in a risk-laden landscape, additional layered security and specialized visibility are the need of the hour. All businesses with a digital presence should have security and constant vigilance on their main agenda; thus ensuring a seamless transition to a digitized India.