Stay Safe in Cashless World

LV Sastry

By Invitation LV Sastry 

Post demonetization, there has been a monumental surge in digital transactions in India. As per report, wallet payments have soared by 300% after November 8, 2016 and some of the transactions statistics are an eye opener.

The number of e-wallet daily transactions has shot up from 1.5 million to 7 million transactions per day, and, in value terms daily from Rs 500 mn to nearly Rs 2 billion. While all this is happening, in a rare incident, the largest player in the market recently had to approach enforcement agencies for a hack and defraud perpetuated. While the details are still under investigation, needless to say, security of digital payments and wallets is now a paramount concern.

The mobile phone is getting increasingly more important in our day-to-day life and given this hyper-surge in digital transactions, the attention of all has now turned to one of the most important aspects of security and safety of usage of digital payments. One needs to understand this aspect well as digital payments are no longer one of the payment options, but are becoming a must.

Wallet companies have built a host of security features, making wallet transactions as secure as one uses web portals. For a user, a mobile wallet is more or less like an electronic prepaid card and in the popular imagination the replacement for the physical wallet. To get started, one has to sign up for the app on iPhone or Android phone’s App store.

From loading the wallet through debit/credit card or net banking or receiving money through P2P money transfer, to making money transfers, paying bills, booking tickets and shop, it is a straight forward policy backed by cutting edge technology developed under a strict regulatory regime. However, there are now increasing instances of breaches and frauds being reported from time to time.

One of the biggest reasons for above has been the race to acquire customers and making transactions as easy and convenient as possible, often doing away security features such as second factor authentication, not getting logged out after a certain time of inactivity and compromising on the security regulations as mandated by RBI’s mandates.

In general, the wallet service providers have to undergo stringent and strict technology platform security tests, periodically. The first technology system audit happens at the time of going live. This is known as CISA audit – Information Systems Audit. This is one audit which is done every year by external agencies. CISA audit is a globally recognized certification in the field of audit, control and security of information systems. CISA gained worldwide acceptance having uniform certification criteria, the certification has a high degree of visibility and recognition in the fields of IT security, IT audit, IT risk management and governance. Mobile Wallets which are certified are safe from all vulnerabilities and attacks including backdoors, denial–of-service attacks, direct access attacks, eavesdropping, spoofing, tampering, phishing and click-jacking.

Then there is annual and regular inspection by RBI with daily, weekly and monthly reporting to both RBI and the Frauds Investigation Unit of Ministry of Finance. Despite the best of systems and methodologies, there has been a spate of increased instances of security breaches.

Fortunately, this has now the maximum attention of the RBI which sprang into action and has now mandated that apart from other regular inspections and security audits of the systems, there would be enforced CERT-IN testing and audit. CERT is a more comprehensive test alongwith audit mechanism which evaluates Hardware Structure, Operating Systems and Critical Applications.

The ambit also includes, business-overlapping areas like business continuity, access control, training of personal and other related documentation. In addition to the above, there is the method of encryption that makes the wallet transaction secure while the data is at rest or in transit. The entire transaction from wallet to the bank/merchant etc. are always encrypted and not exposed. The data that is sent from the front end to the back are in garbage format and unusable without the right keys to it. This is also true for all other modes of digital payments; i.e. POS, NFC, Card Swipe etc.

The Govt. on its part has also called for an Audit of the entire financial sector along with a review of the IT Act. This has gained emphasis on the importance of IT and Financial Transactions. Both of these are going to help make wallet payments more secure for the users and merchants.

The general users can however, take some precautions on their own while using their mobile phones

• Lock the phone with a password, PIN or pattern lock
• If the phone gets stolen, first get the SIM card blocked and block the mobile wallet
• Install an antivirus software on the phone
• Do not sell old phone without scrubbing
• Use only one card for loading the wallet

The situation is similar to any other race between the law makers and law breakers. The security systems are ever evolving, staying ahead in this race and wallet service providers are here to stay dynamic and ahead of the hackers to keep our digital transactions safe and sound. While there is nothing like 100% security and we have seen large banks and companies digitally hacked, it is about staying ahead at all times and managing risks in a manner which keeps consumers hooked onto digital wallets and government keep pushing cashless transactions.

The author of this article, LV Sastry is VP & Business Head, Banking and Commerce, Aircel Limited