Team SPOT Forum had the opportunity for a brief tete-a-tete with Mr. Harshad Mengle, who is Director Cyber Security at Capgemini. He has over 17 yrs. of experience in Information Security and Digital Security and has previously worked with Securities Trading Corp India, Wipro Technology, L&T Infotech, NSE and L&T Finance. Here he shares with us a few insights on payment security, risk and fraud management.
Q1. Do you feel that payment security and fraud will be one of the key trends that is going to define the Indian payments industry since we are moving to a less cash economy?
Harshad Mengle: Yes, I agree. Adoption of digital payments is clearly visible in India, for e.g. BHIM post its launch has been downloaded more than 15 million times. Moreover, IMPS transaction volume has reached 70 Mn Transaction compared to 36 Mn last year.
Since the economy is becoming increasingly digital, credit and debit card fraud cases are also topping the chart of cybercrimes and there has been a six-fold increase in such cases over the past three years.
In my opinion, digital innovation is also leading to increased security threats so a careful balance is required.
Q2. What are some of the key concerns on payment security and fraud in the Indian market at the moment?
Harshad Mengle: In my opinion there are 3 key concerns, firstly a lack of user awareness, secondly, a lack of collaboration within Financial Institution on data breaches or compromise and lastly the liability over damage due to malware and creating FI’s to coordinate efforts to prevent and remediate malware.
Q3. How is Capgemini Sogeti India working towards mitigating those concerns?
Harshad Mengle: We have specialized services to address End to End security. Our threat hunting service is a unique combination of human and automated data analysis. By combining the two, we reduce the risk of missing malicious intrusions.
With attack methods constantly evolving, it’s difficult for detection tools to stay on top of the threat. While SOCs base detection on a large perimeter for known threats, we consider the unknown and advanced persistent threats. And by accepting more false positives, we also greatly reduce false negatives.
Q4. What do you think are some of the key challenges towards mitigating those concerns in India?
Harshad Mengle: Information Security officers need to be more strategic than operational. They need to be more aligned to business and collaborate frequently with industry peers.
Q5. How have payment security measures and type of fraud changed in India since you first got involved?
Harshad Mengle: In my opinion OTP, Secure PIN and EMV were great steps to authenticate identity of transaction which has drastically changed the threat scenario. Basic hygiene of vulnerability management program has improved security posture.
I believe in the future, Risk and Security professionals should work in tandem with Law enforcement agencies to spread security awareness to avoid fraud.
Q6. What are some of the key insights and themes you are looking to focus on as part of the upcoming SPOT Forum (taking place on 29th Nov 2017 at Sofitel BKC in Mumbai)?
Harshad Mengle: I firstly appreciate SPOT Forum for bringing industry experts on table and addressing a key concern of collaboration. In my opinion the upcoming SPOT Forum should focus on what is the security roadmap for the Indian Payment industry and on how AI can help industry in early detection & mitigation of security threat and fraud.