Digital payment providers at great hacking risk, need upgraded security: Experts
New Delhi: With more and more people logging into e-wallets or m-wallets for daily payments, the target for hackers has increased exponentially, experts warn, suggesting that upgraded security is the only way to safeguard millions of first-time users and small and medium businesses from losing their hard-earned money.
The government's demonetisation drive and the resultant cash crunch have led to digital wallet firms witnessing an unprecedented rise in their usage and popularity -- with people using them for everything from buying groceries and vegetables to local travel.
The country's largest m-wallet, Paytm, registered over seven million transactions worth Rs 1.2 billion in a day after the demonetisation drive began as millions of consumers and merchants across the country started opting for mobile payments on its platform for the first time.
Another mobile wallet major, MobiKwik, which launched MobiKwik 'Lite' late last month, registered over two million downloads within the first two days of the 'Lite' offer. Global payment solutions provider PayU observed a hike in average daily transactions from Rs 1.2 million to Rs 2.5 million post-demonetisation.
Cyber experts emphasise that as the numbers swell, newer forms of vulnerabilities will be exposed in the payment gateways. "Unarguably, with the digitisation drive comes the responsibility to safeguard against cyber pickpockets (cyber criminals) who will be on the prowl against unsuspecting consumers.
Considering that cashless payments will become both a necessity and a huge convenience, it is imperative that security becomes embedded by design rather than a bolt add-on from mobile-wallet payment firms," Anand Ramamoorthy, Managing Director, South Asia, Intel Security, told.
This essentially means that data security infrastructure along with customer-redressal mechanisms will have to be well thought of and the purview of IT laws for cyber crimes will have to be expanded to include mobile-wallet payment systems.
This is how hackers can attack your money in e-wallets: Create multiple fake accounts to collect money in small amounts; cheat people who are digital novices by psychological manipulation; and breach servers and steal data.
According to Vidit Baxi, Director (Technology) at the IT risk assessment and digital security services provider Lucideus, e-wallets are at greater risk than ever as users grow and hackers identify digital payment gateways as a lucrative opportunity. "That being said, let's understand that even the largest banks on the planet have been digitally hacked, so there is nothing like 100 per cent security.
It's all about managing the risk and minimising it to whatever extent possible. It is clear that the benefits of digital payments far outweigh the risks but, at the same time, such risks have to be continuously monitored and managed," Baxi told IANS.
The time is ripe for e-wallet firms to adopt the latest technologies to safeguard their gateways before a major cyber attack hits them -- and the users' confidence in moving forward digitally. According to Upasana Taku, Co-founder, MobiKwik, the company takes security seriously and puts it at the centre of all user interactions with the platform.
"Mobikwik is PCI-DSS and ISO 27001 certified, takes care of the various information security measures to ensure the security of application and protect its business from emerging threats and frauds.
For us, security is not just a state, it's a process that is applied in every new feature or new product development. With great power comes great responsibility, and we take that responsibility very seriously," Taku told IANS.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organisations that handle credit cards, while ISO 27001 is the international standard that describes best practice for an information security management system (ISMS). PayU India says it has invested Rs 50 crore for the protection of data shared on its platform.
"At the end of the day, we are dealing with people's money, hence privacy and making data secure is paramount. Our payment gateway is PCI-DSS compliant, thus standing at par with industry standards of data security and integrity. We could seamlessly accommodate the hike [in user numbers] because technology has always been one of our strengths," B. Amrish Rau, CEO, PayU India, told.
--IANS