Securing a cashless society

What is the issue?

Push towards cashless society via demonetisation in the environment of poor precautions and security policies, leave us vulnerable to cyber-attacks.

How good is the cyber-security in India?

• Many payment services like PayTM are certified under the Payment Card Industry Data Security Standard (PCI DSS) 2.0 certification.
• It is the current industry security standard set by American Express, Visa International, MasterCard and other international dealers.
• It is an essential certification for companies that store credit card information.
• PayTM and other such companies also use 128-bit encryption technology to crypt any information transfer between two systems.
• It is nearly impossible to crack a password under 128-bit encryption.

What are the problems?

• These precautions do not mean that the people are not vulnerable.
• The perpetrators not only try to hack the login credentials.
• They also deploy methods like creating fake mobile applications and spyware that steal information, or social engineering tactics that make you reveal your login credentials.
• Forums on the Internet are abundant with step-by-step instructions on how to create fake websites that imitate digital payment platforms.
• Apart from login credentials, hackers target other things like the database of the mobile company.
• They use the stolen data for underground sales, identity theft, or targeted personal attacks such as extortion.
• Right after demonetisation, digital payments via various platforms increased on an average of 200%.
• But the speed of technological development and its integration into our economy supersedes the speed of defence mechanisms and protocols to reduce cyber-attacks.
• Even companies like HDFC and ICICI recently experienced cyber-attacks.
• This makes the condition of new users like street vendors, who have been forced into the digital payments due to demonetisation, pitiful.

What should be done?

Companies, customers, and the government should collectively participate to reduce cyberattacks.

Companies

1. Increase awareness of the customers about the risks and educate them how to be secure.
2. Employ behaviour analytics and pattern analysis at their fraud prevention departments to predict suspicious behaviour.
3. Be proactive in looking out for any fake apps/websites that duplicates their service.
4. Monitor discussion boards, social media platforms, and forums that discuss hacking and fraud tactics, and implement measures to prevent such tactics.

Government

1. Should check if the current policies regulating these platforms are adequate and update them regularly.
2. People must be educated on the risks involved, strict policies must be enforced, and companies accountable for not meeting security standards must be held.
3. Benefits that come from overlooking security precautions must be minimised, and
4. Public-private partnerships on live information sharing about cyberattacks and fraud should be strengthened.

Customers

1. Should educate themselves about the risks involved and take precautions.
2. Must minimise vulnerability with two-factor authentication and change their password frequently.
3. Must check the authenticity of applications by looking for the number of downloads and read reviews by other users.
4. Must check for other application releases from that developer.
5. Must keep Web browsers updated so they can recognise illegitimate sites easily.