Are B2B transactions on online marketplaces secure?

The Indian government is likely to adopt an online marketplace model for all government purchases—from paper clips to power plant turbines. While this initiative is expected to curb corruption, improve transparency and competitiveness, and incur savings of at least 10%, the bigger question is—how safe will this marketplace be?

Online payments and material procurement have been identified as areas vulnerable to fraud risks in e-commerce transactions, according to survey respondents of our 2014 and 2016 India Fraud Survey reports. Procurement of materials online is likely to be considered risky in India, due to concerns over performance, availability, and security of the materials purchased.

Often, sellers may not disclose data related to the product quality, legality of use, and warranty. Each merchant can follow different standards for representing product related data, making it challenging for buyers to estimate the quality and legitimacy of products on sale. Fraudsters may also sell counterfeit products at cheaper prices, causing loss of revenue to the original merchant/manufacturer and duping the customer with an inferior product.

Several states in India that have already implemented e-procurement are facing such challenges, including misleading information shared by companies bidding for work, among other issues. Organizations/government may also run the risk of leakage and loss of confidential data (such as bank account passwords or citizen data), fraudulent transactions, and inadequate security at payment gateways.

In light of the above, it would be advisable for organizations and the government to take measures to mitigate potential frauds. Some measures that may help have a safer e-commerce experience include:

1. Establish anti-fraud policies and procedures: The government should have a clear policy on aspects such as bidding, awarding of contracts, online payments, and returns/dispute management. Further, a manual that identifies potential fraud risks and noncompliance may help weed out suspicious bidders. Buyer organizations can have a similar policy that details how to identify genuine government e-commerce websites and guidelines on conducting business online, including a section on identifying and reporting fraudulent sites.
2. Form a dedicated team to monitor e-commerce marketplace frauds: An in-house team/third party can research new frauds and communicate them to the organization/government, challenge business processes with an aim to unearth gaps in controls, and undertake periodic checks to report any suspicious incidents.
3. Due diligence: Given the large third party ecosystem that supports e-commerce in India, the organization/government needs to ensure that they conduct adequate due diligence before associating with business partners/bidders/contractors. Bidding organizations can also conduct due diligence on requests for proposal to ensure that they are transacting with government departments and not fraudsters.

While India is in process of developing a legislation which can be enforced on both buyers and sellers in terms of a framework within which business needs to be conducted, cues can be taken from The United Nations Commission for International Trade Law (UNCITRAL–a model law on e-commerce which serves as a benchmark for national and international legislation) and UK’s Electronic Commerce (EC Directive) Regulations 2002.

You can read more about online marketplaces and related fraud risks here.

If you have any comments or would like to share your views, please write to us at inforensic@deloitte.com or on talk to us on Twitter by following us @deloitteindia.