eWallet Sites Register Massive Growth Post Demonetization, Akamai Reports

From the demonetization announcement

Sidharth Shekhar
New Update

From the demonetization announcement last year to the launch of the Bharat QR code that enables digital payments without card swiping machines and the new draft rules on privacy policies for eWallet companies on their websites, a lot of conversations have happened around India’s transition to a less cash economy.


Akamai in India analyzed the growth in traffic volume to India’s eWallet sites on the Akamai Intelligent Platform, three months before and three months after the announcement. It also accounted for security attacks, a growing area of concern as more Indians went online from September to February.

Akamai’s data shows how hits to web pages on eWallet companies have grown from 512,115,015 per day in September to 1,264,470,283 per day in February per the graphs below. The peak was December with 1,521,020,583 hits per day.


There’s a difference in the overall trends observed by Akamai and NPCI based on transactions on UPI. While Akamai’s analytics showed an upward trend and a gradual decline in hits to eWallet companies, UPI gains in the number of transactions as well as the amount.

Month No. of Banks live on UPI Volume Amount (Rs. in Mn)
Sep-16 25 85,461 328.47
Oct-16 26 103,298 486.96
Nov-16 30 286,818 1,010.14
Dec-16 35 1,996,099 7,089.07
Jan-17 36 4,466,257 16,990.40
Feb-17 44 4,303,076 19,028.49

However, as more people have embraced transacting via mobile and eWallet companies see increased norms in traffic to their sites, there’s a corresponding increase in attacks on eWallet companies; more to steal data than to disrupt operations. Akamai’s security findings, based on what it sees on its platform, are listed below:

Security Data Analysis (September to December)

94% of attack attempts on mobile wallet companies were on the application layer (XSS and RFI Attacks) with intent to steal business-critical data


DDoS attempts on these wallets constituted less than 1% of the total number of attempts in this time period, emphasizing the fact that attacks were intended to steal data and not necessarily disrupt operations of mobile wallet companies

Security Data Analysis (December to February)

76% of attacks were Remote File Inclusion Attacks


17% of attacks were SQL Injection attacks

Distributed Denial of Service or DDoS attacks were insignificant in comparison to the overall number of attacks observed

An inference that can be drawn is that application layer attacks targeting data theft were observed on India's eWallet firms


This is in line with Akamai’s recently released State of The Internet Security report for Q4 2016 which found that India is 2nd in the list of countries in Asia Pacific that sourced the most web application attack traffic with nearly 86,38,666 attacks attributed as originating from the country, after China. While this is a significant number, India also ranks 4th in the list of target countries for Web Application Attacks, globally. A recent Visa Mobile Payments Readiness Survey asked 1,000 consumers about their attitudes towards using their mobile phones to make purchases. It found that 93 percent of respondents were interested in using electronic payments more often.

Clearly, as traffic to eWallet sites grow and consumer appetite to transact via mobile gains further momentum, organizations need to be as vigilant and proactive in providing security measures to protect consumers.

digital-payments ewallet demonetization cyber-security