In a recent conversation with Asia Business Outlook Magazine, Phoram Mehta, APAC Chief Information Security Officer at PayPal, shared his views and thoughts regarding digital payments in Asia. Phoram Mehta is a seasoned professional and technical leader with over two decades of experience in information security. Mr. Mehta has been instrumental in building secure technology solutions for multiple companies across a spectrum of sectors, including financial services, healthcare, telecommunications, and government, in North America and Asia-Pacific regions.
The increasing adoption of digital payments in Asia has also attracted more cyber threats. How should organizations respond to this growing challenge?
Cyber-attacks and online fraud are becoming, all at once, democratized and sophisticated. As soon as new technologies or solutions are leveraged to combat fraud, malicious actors seek new ways to elude them. E-commerce merchants, in particular, face mounting challenges in managing online frauds and attacks, which directly impact their business profitability. However, the ramifications of fraud and these attacks extend far beyond revenue lost. They can also significantly tarnish a brand’s reputation and erode consumer trust.
To navigate this evolving threat landscape, merchants need to monitor emerging cyber threats and invest in intelligence, real-time pattern detection, and modern payments analytics to help keep fraud under control. Embracing technologies like artificial intelligence (AI) and machine learning (ML) for early threat detection will become increasingly paramount for merchants to stay a step ahead of the game. With AI, extensive transaction data can be analyzed to identify fraud patterns that would have been challenging to discern through manual processes.
For instance, deploying predictive AI models that assign fraud likeliness scores to transactions help enable timely decision making and improve response quality through machine learning. Furthermore, enterprises can incorporate real-time assessment of customer behavior which distinguishes legitimate users and machines from fraudulent ones, ensuring seamless experiences for trusted users.
With the rise of mobile payments and fintech innovations, what steps should companies take to secure customer data and transactions effectively?
Securing data and transactions is the building block of trust between companies and their customers. Risk and security management starts first and foremost with collecting only the right data. Once this has been carefully managed, it then becomes primarily about establishing and maintaining robust security infrastructures, products and services that not just safekeep this data at rest, in-transit and use, but also constantly evaluating investments in predictive protection.
As an organization, PayPal is exploring how to fight AI-powered cybercrime with AI solutions. An AI-based fraud protection strategy monitors each transaction and dynamically adapts to evolving fraud patterns, processing vast datasets with multiple variables to identify intricate correlations, thereby ensuring precise fraud detection.
We are also excited by the potential of Generative AI (GenAI) in cybersecurity. GenAI is designed to foster adaptive learning and data augmentation, while handling diverse data sets and incorporating real-time fraud-related knowledge. This makes it ideal for implementation in threat detection systems and response capabilities, providing companies with the opportunity to augment their capabilities and drive greater customer value.
Incident response planning is critical for minimizing the impact of cyber-attacks. How should companies develop and test their incident response strategies specifically for digital payment platforms?
While a well-defined incident response plan helps organizations diagnose and contain the problem, implementing proactive and predictive prevention measures is equally crucial for mitigating future risks. Testing cyber resilience is also extremely important.
Leveraging advanced technologies like AI and ML enables the detection of suspicious activities in customer accounts. For example, PayPal leverages ML and rules-based methodologies, combining technology and human review processes for optimal outcomes. AI technology can also analyze vast amounts of data in real-time to spot trends. At PayPal, we utilize data from over 400 million PayPal consumers and 35 million merchants, along with data from merchant customers' end consumers. This comprehensive data analysis evaluates over 350 real-time data signals for each transaction, enabling more accurate risk decisions.
Staying updated on the latest security trends and protocols is also paramount, and regular system updates, independent audits, and comprehensive employee training on data and security policies are essential. Further, working with vendors that adhere to the highest data protection standards, such as PCI compliance, will help to ensure robust security measures are in place to keep customer data secure.
Finally, partnering with fraud management experts provides valuable support as new threats emerge.
The convenience offered by digital payments in Asia comes with inherent cybersecurity risks. How can industry leaders and policymakers collaborate to address these challenges and promote a culture of cyber resilience, particularly concerning the protection of digital payment infrastructures?
As payment infrastructures become more digitalized, integrated, and interdependent, they require ever higher degrees of resilience. Managing concerns around data privacy and compliance is a delicate matter, and both industry players and policymakers must work together to establish a robust payments ecosystem that does not compromise on security.
Promoting cyber resilience means prioritizing responsible data science and ensuring that innovations are deployed with due consideration for privacy concerns. PayPal’s own commitment to privacy-first principles, policies, and procedures is embedded at all levels of products and operations.
What recent trends have you observed in cyber threats targeting digital payment systems in Asia, and how do these trends differ from global patterns?
In the fight against the rise of cyber threats, there is likely to be a greater degree of collaboration between countries in Asia as compared to the rest of the world as we recognize that the ecosystem is only as strong as its weakest link.
On the other hand, the expansion of payments connectivity will continue to reduce payment friction and advance the digital economy in Asia. Due to the nature of this closely knitted ecosystem, the region will move towards a framework centered on interdependence and collective resilience to combat these new and evolving cyber threats.
This collective effort also helps to drive progress in cybersecurity technologies across Asia. As industry players collectively pool resources and expertise, they are pioneering data-driven, AI-centric solutions that empower response teams to effectively combat bad actors. Leveraging a wealth of data, including past incidents, customer interactions, transaction histories, and purchasing behaviors, these solutions enable proactive mitigation strategies to safeguard the integrity of digital transactions.
.jpg "Technology in Cancer Care: A story of evolving paradigms")
.jpg "Bringing Shop Floor to Manufacturer's palm: Smart Factory Solutions for tomorrow")
