India’s hesitation in going completely cashless is likely to give cybersecurity avengelists more time to develop technologies that eliminate the risks involved in digital transactions.
This demonetisation or notebandi, which will inscribe 2016 in golden letters (in Economics textbooks), ushured a transformation from a digitally-empowered to a (nearly) exclusively-digital, cashless economy in India. But washing hands in the cashless stream implies that users, finance companies and the government are clearly signing up for the vulnerable digital payment regime. This will also besour the efforts by Government in the direction of Digital India.
Recently, confidential data of nearly 3.2 million debit cards from the ATM network of Hitachi Payment Services, which serves various national banks including SBI, ICICI, Axis, was compromised. Fresh report by Google and BCG claim that cashless payments will exhibit an impressive 1000 percent growth to clock $500 billion by 2020 and contribute 15% of the GDP. But, with the rise in the number of digital transactions post demonetisation, increased flow of currency has the potential of becoming a gold mine for the hackers, risking loss of money via Points of Sale (PoS) or digital wallets.
Legion, an indigenous group of hackers responsible for hacking Twitter accounts of personalities in Indian media and politicians, recently claimed to have hold of confidential data stored in the servers of National Payment Corporation of India, as well as encryption keys used by various Indian nationalized banks for UPI and digital payments. This resulted in IT Ministry, led by Ravi Shankar Prasad, to solicit audits pertaining to the “entire IT infrastructure” in India. A new section for Digital Payments was, hence, added to the framework of CERT-In (Computer Emergency Response Team is a nodal agency which identifies breaches related to bank accounts and immediately notifies users) to ensure swift responses to incidents of cyber attacks on digital payment methods.
Although the IT ministry is gearing up for any major threat in the future, the consumers of tech have hardly any understanding of the potential of these risks on cashless modes of payment. Not only the users but even the representatives of these banking institutions are mostly unaware of the cybersecurity threats and the techniques for mitigating those. It requires a strong backbone of collaboration between banks, and networks of other sectors, such as telecommunication and power, on which banks rely for these online transactions.
India requires an investment in the knowledge industry to empower existing and future workforces to deal with threats spontaneously; formal education in this field is imperative. Additionally, banks need to deploy multiple layers of security frameworks to maximize resistance to such attacks. For a strong and secure economy, the Indian Government must put into place a national strategy for Cybersecurity.
While the initial process has been initiated with the establishment of Indian Cybersecurity Crime Coordination Centre (IC4), the cyber policies for cashless payments are still in mist. Besides, the government must incentivize private companies to pay close attention to security of data.
The Government of India is either significantly prepared or too ignorant with the launch of BHIM app for cashless UPI transactions. While the truth is subject to test under future security attacks, claims of hacker group Legion cannot be completely squashed. Security of user data and more importantly their money lies in Cyber situational awareness so that real-time actions can be taken in incidents of attacks to knock down cybercriminals hawking your money. As citizens, we must break the notion of learning only from our elders and teach using digital wallets or UPI apps to those who taught us how to balance our cheque books.
By the time they do learn, we will have a confident and secure protocol behind digital payments in India.