Digital Payment Raising Cyber Threats In India

by Priyanka Pugaokar    Dec 07, 2016

Cyber criminal

In a historic decision to curb black money and corruption, prime minister Narendra Modi announced demonetization of INR 1000 and INR 500 currencies on November 8. While the decision evolved mix reactions among Indian businesses and common people, advocates of digital payment are flying high since the announcement was made. Fintech startups are proving to be the biggest beneficiaries of the government’s demonetization move. E-wallet platforms such as Paytm, MobiKwik, PayU India and Freecharge have witnessed a whooping growth of over 1000 percent in the last one month. 

While cashless economy is the way ahead and the country is already moving towards it, security continues to be a major concern in the digital payment ecosystem. An exponential growth in online transactions post demonetization has  attracted interest of cyber criminals, who can potentially target online payment platforms. Given the fact that more people will now inevitably opt for online payment, it is very critical both for users and digital payment solution providers to maintain a high level security posture to safeguard themselves from the menace of cyber criminals. 

Digital Platforms, Potential Target

Demonetization implies an incredible opportunity for online payment gateways and digital wallets, at the same time, it is an equally incredible opportunity for cyber criminals to wreak havoc. As the technology is comparatively new, it is prone to many undiscovered attack vectors. “As the Government initiates the creation of digital highway and smart platforms, hackers will also take advantage of the same to break the walls. Hence, embedding security measures at every step is the need of the hour,” says Nilesh Jain, Country Manager- (India and SAARC), Trend Micro. 

Post demonetization, while the use of online payment platforms has gone up, the incidences of fraudulent misuse of payment networks and data theft have also grown. Considering the recent incident of 3.2 million Debit Cards breaches, identity is the foremost of all threats. It must be noted that, people who use debit cards and credit cards are to some extent protected by banks or the credit card company. Nobody holds the card holder responsible for a fraudulent purchase. But this is not currently the case with mobile wallets.

“Unless one understands and owns the game of identity, companies will continue facing growth constrains caused because of frauds and attacks, resulting in lack of confidence. Similarly, while people are getting comfortable with mobile wallets and banking through apps and smartphones, WI-Fi networks continue to have major security flaws that can make it very dangerous to conduct transactions using a mobile device”says Amit Nath, Head of Asia Pacific (Corporate Business) F-Secure.

Also Read: Security Is No Longer Just CIOs’ Headache

Need For Holistic Security

Digital payment platforms are well aware about the potential threat of cyber attacks and they are committed to install best in class security architectural to make the entire process of online transaction seamless and highly secure. A majority of online payment companies are putting in efforts to encrypt, tokenize and authenticate user credentials before letting transactions to proceed on their platforms. Mobile wallet transactions are secure as mobile wallet companies guarantee foolproof security as a service protocol to wallet users. Adequate measures are put in place so that each transaction undergo stringent security check so that no breach and information leakage can happen at any stage whatsoever. 

PayU India, which witnessed upto 90 percent surge in its transactions, says that data security is the top most priority of the company to ensure secure and hassle free transactions. “The entire infrastructure of PayU India is built for security. All your transactions are secured with 128 bit SSL encryption and two factor authentication. We apply 100+ risk rules for each payment so you can focus on your business and rely on us for data security”, says Pradeep Shekhawat, Head, SMB Business, PayU India. 

Similarly, In order to protect the consumers from online frauds, the Reserve Bank of India had mandated banks to have a two-factor authentication process to strengthen the online payment system. However, security experts say that there is still a lot of scope for improvement as cyber criminal as much ahead in terms of leveraging modern technologies to launch sophisticated targeted attacks.

“There are some near term remedies such as enhanced level of security monitoring to detect advanced threats and frauds, going beyond the simple rule based system. Also, more real time assessment of security vulnerabilities across the network. On the longer term, the payment system need to evolve more secure protocols, with the block chain being a good example, where the authentication, non-repudiation and transaction integrity is built into the protocol,” says Rajat Mohanty, CEO of Paladion Networks.

Also Read: Why India Needs More Ethical Hackers In The Cyber Space

Security, Obligation Of All

People are always the weakest link in the security architecture. A major part of hacking is not technical skills, but the skill of tricking human beings. Security is a shared responsibility of users of digital platforms and not a sole responsibility of the creators and protectors of the platform. Therefore, it is essential for users of the technology to watch their online behavior and rigorously follow certain Do’s and Don’ts to keep themselves protected from hackers and cyber criminals. 

Use of good antivirus software is the foremost step towards defending oneself against cyber criminals. Second in line, yet a very significant move would be to befriend people online very carefully. Furthermore, creating separate email accounts for different purposes could prove to be helpful. Lastly, talking about online payment, it is important to note that, storing card details on websites could be dangerous. Therefore, taking a few extra seconds to feed in card details, when paying online, is a small price to pay for the entire security process.    

Similarly, the Government should lay down basic security standards for devices and non-compliant businesses won’t be allowed to operate. Many companies in India do not report breaches. This practice is to be done away with and reporting of breaches should be made mandatory. As the Government initiates the creation of digital highway and smart platforms, hackers will also take advantage of the same to break the walls. Online marketplaces will continue to be the prime target of cyber criminals. Hence, embedding security measures at every step is the need of the hour.