Security Snub Threatens to Derail the Great Indian Cashless Express

The rapid deployment of mobile telecommunications infrastructure and the emergence of the budget smartphone market has fuelled the cashless economy in India. The country's mobile phone subscriber base has already surpassed one billion and people are interacting with the digital world on a day-to-day basis through a wide variety of apps. We are shopping through apps, transactions are happening online and a lot more. But, are we completely secure? Are companies deploying multiple security layers and end to end protection to safeguard our interests? Interests which can further be classified into our private, financial, and social interests.

We are paranoid about the safety of our data which is filtered and stored. Data is the new oil and brands are doing everything to capture their respective market by deploying these harvested data sets. The entire market revolves around the data we generate and these big firms should ensure that they are secured with zero backdoors.

Growing usage of retail apps provides an insight into the future of app economy. According to App Annie survey report, downloads of the top 20 retail apps as of Q1 2016 have grown tremendously over the past two years as new players and apps rapidly surfaced, but growth has slowed as key players started to establish themselves and the ecosystem has started to mature.

The digital retail market is divided between brands which are available on multiple platforms catering to an entire marketplace or a chunk of it. Mobile wallet has been around us for quite some time. India witnessed a sharp increase in the overall online business and mobile wallet adoption post demonetization. Tormented by cash crunch we moved towards mobile wallets or card-based transaction. Mobile payment platform Paytm has seen a rise in the transaction to the tune of Rs 120 crores a day, following the demonetization.

Companies like Ola saw a 15-fold increase in the number of wallet recharges while India was moving towards a cashless economy, with small towns with high cash usage seeing 30 times jump. Food delivery players like Zomato and Swiggy temporarily stopped accepting payment by cash but tied up with multiple payment platforms to enable the digital transaction.

I strongly believe that cashless society can turn into a reality in future, however, our laws need to be re-structured and a certain degree of transparency is needed to win the confidence and trust of the consumers.

So it's imperative we resolve security concerns involving new payment technologies. Hackers are persistent and can adapt their techniques to breach payment technologies.

Are mobile wallets really secure?

Mobile payment app and security threat are like neighbors staying in a chaotic environment and all it takes is one backdoor for the pesky neighbor to trespass into our home with new types of risk. The mobile payment transaction is risky because several parties are involved in performing the payment service jointly. This may lead to a potential security breach if one unregulated party with no oversight applies a carefree approach towards standard security protocols.

This multiparty transaction environment is constantly under the watchful eyes of hackers and cyber criminals looking to exploit the platform. If the appropriate protection mechanisms and accountability controls are not established throughout the mobile payment ecosystem it's the consumers who'll be facing the heat.

Last year, Paytm rolled back its in-app PoS (point of sale) feature as customer data privacy and security issues were raised by payment network majors Mastercard and Visa. Paytm's in-app PoS was intended to let merchants accept payments from consumers by putting in their card details onto the vendor's smartphone but the firm did not carry out necessary certifications necessary for maintaining data privacy. The digital payments firm has been one of the biggest beneficiaries after demonetization but it has failed the people on many fronts. Many users have complained about payment failure and delay in the transaction while using Paytm. Perhaps, Paytm's CEO should focus on these critical issues and not get carried away by the newfound success and riches.

Similarly, State Bank of India (SBI) has stopped supporting PayTM, Mobikwik, FreeCharge, Oxigen and others on its platform since last June. ICICI Bank has stopped supporting Flipkart's PhonePe UPI application this month. Last year in September, nearly 100 customers of e-wallet FreeCharge lost Rs 8,000- Rs 10,000 across the country in cities like Chennai, Mumbai, Hyderabad, Delhi only to be restored later as the e-wallet's system met with a phishing attack. The attacks happened between June and August 2016.

Multiple stakeholders on one platform

Perhaps the time is ripe for all the stakeholders including the government and the private players to come together and make security an intrinsic element of all mobile payment systems.

The financial, payment and network service providers (FSPs, PSPs, NSPs) should focus on implementing appropriate safeguards and privacy and security governance programs. We do know that in India law regarding digital payments is not clearly defined but the lack of clear regulation should not be used as an excuse by the private players for not being proactive. Each organization involved in the chain of the transaction data should maintain a tight control on it to protect such data while in its custody.

Digital metamorphosis

We are living in a world that is witnessing a rise in mobile services based on smartphone technology. The mobile payments market is going through a transformation and it holds a very promising future for both consumers and providers alike. Collaborative and competitive models for mobile payment services are being created and the day is not far when we will find these businesses interacting and working across all the platforms in different countries.

For mobile payments to gain traction they require adaptations of existing business, security, and assurance models as well as revised or new interoperability standards and regulations.

To encourage widespread consumer adoption of mobile wallets, fin-tech firms should focus on the development of, and adherence to, best business practices within the mobile payments ecosystem with standard security protocols. Adoption of key innovations like NFC followed by multi-layered security and clean interface can keep the consumers in loop in the long run.In the current scenario, the future is promising and tempting, but uncertain.

In the current scenario, the future is promising and tempting, but uncertain.