Dear Reader
Welcome to 2017 and hopefully, a new India!
After demonetisation was announced on November 8, the government put considerable emphasis on educating the public to transact digitally and thus till December 27 India logged an astounding cumulative growth of electronic transactions among various instruments such as POS, Rupay Cards, e-Wallets, UPI and USSD (*99#) ranging between 95 per cent and 4,025 per cent!
While it is good that we are learning to be less dependent on cash and do more digital transactions in the new formal economy, it is equally important to be aware of the risks of the digital world since a rising proliferation of digital payments opens doors for cyber criminals globally to now focus on India.
While the government rolls out the first phase of the multi-stakeholder National Cyber Coordination Centre (NCCC) involving the creation of a ‘Threat and Situational Awareness Test Bed’ to generate triggers on existing and potential cybersecurity threats, CERT-In – the Indian Computer Emergency Response Team that acts as a nodal agency in dealing with cyber threats is also setting up a Botnet Cleaning and Malware Analysis Centre. Its purpose is to detect computer systems infected by malware and to notify and enable cleaning and securing systems of end users to prevent further malware infections. A digital payments division has also been set up under CERT-In to monitor any potentially harmful activity that occurs on any of the channels on which electronic payments are taking place in the country.
But will such measures be enough? Maybe not, as cyber criminals are known for their innovation and technological competence. To deter them we must upgrade the technological skills of our police forces and investigating agencies to comprehend the crimes that are reported and take swift action to solve such cases. The fear of getting caught and being brought to book will serve as a deterrent only if the prosecution under our cyber laws results in sentences that are considered to be punitive enough by the criminals.
Today, transactions between a user and a mobile wallet service provider are merely contractual agreements which can always be repudiated. There’s a heightened need to legally back digital payments in India, not only to ensure the safety of consumer money but also for the safety of these companies. As per cyber law experts, there are no legal mechanisms available should there be disputes pertaining to digital payments. There are no effective remedial mechanisms available in case money in the digital payment ecosystem gets lost, hacked, stolen or misused.
The lack of basic privacy and security laws pertaining to digital payments in India puts the onus on consumers who use such services. Today people are more than willing to give up their personal information and data for access to apps, connectivity, information – this can easily be exploited. And they are willing to trust that these application developers will make sure they’re safe and secure.
While the issue is not being completely ignored by the authorities, some of the proposed workarounds such as creating a virtual sandbox around digital payment services is viewed as a stop gap measure by many. Virtual sandboxing allows technology users to run unknown or suspicious programs in a controlled environment without sullying their entire network. Only time will tell if these measures are going to be enough for a nation of over a billion digital savvy Indians!
As SECURITY TODAY heads to Dubai for the Intersec Show, I wish all our readers a wonderful year ahead. I am sure we are in for some exciting times.
Cheers and happy reading.
G B Singh
Email: editor@securitytoday.in
Follow me on @EditorGB
Connect with me on Linkedin