ORF: Towards a Cyber-Security Roadmap for Digital Payments- Best Practices and Recommendations
Article Synopsis :
The Indian government’s desire to create a US $1-trillion digital economy by 2025 is going to take some doing. To be fair, India processed some 20.7 billion digital transactions in 2017–18 – an 89.5% increase on the previous year.
The digital ecosystem is growing and digital payments are being adopted by the nation’s 560 million internet users, 1.17 billion wireless users and 404 million smartphone users. At this rate, the government may achieve its objective by 2023.
This requires modernisation of legal, regulatory and institutional frameworks. It is Only in 2017 that the supreme court pronounced that an individual’s right to privacy should be fundamental to the Indian constitution This would include privacy of personal data and there followed a Personal Data Protection Bill in 2018.
The entire digital payments ecosystem needs to be secured while existing structures are reviewed for their efficacy and relevance.
Old fashioned fraud and cyber risks
Brazil, Canada and Japan have all highlighted identity theft and fraud when ‘card not present’ transactions – the vast majority in a digital economy – are made. The opportunity for fraud concerning credit and debit cards, ATMs and internet-banking has increased, as has the threat of malware installations, phishing attacks, SIM card swap attacks and devices and infrastructure that are not reliable
Malware caused a data breach in Hitachi systems that compromised the data of 2.9 million debit card holders. The breach had taken place a year before but went unnoticed. This highlighted low levels of coordination, incident response and information-sharing protocols which resulted in an environment that allowed the breach to take place.
A bug in National Payment Corporation of India’s (NPCI) unified payment interface resulted in INR 250 million losses among customers of the Bank of Maharashtra. NPCI at first denied the breach had taken place, but this highlights the need for consistent processes.
By contrast, Zomato was transparent in its disclosure when it suffered a breach of 17 million digital records in 2017 – one of the largest ever at the time.
With ransomware attacks experiencing a surge in the same year, and the fact that these attacks are global in nature – Yahoo in 2013, Equifax in 2017 – answers need to be found to protect consumers.
Manufacturers are also being targeted. Manufacturer onePlus admitted to its servers being breached and 40,000 credit card records being compromised.
Users are also likely to be their own worse enemies by using simple passwords that are easily bypassed by hackers.
Complete security is not possible, but risks must be minimised and regulators and policymakers work together to evolve a strategic approach to protect against cyber-attack. In a rapidly growing ecosystem that has started from a very low base, that will present the authorities in India with its own challenges.
An international approach
What’s needed is for India to ensure that information and network-security protocol standards are consistent with those developed globally.
A test lab for telecom security should be created in order to enhance testing for cyber resilience. There is a model that offers opportunities for collaboration with overseas jurisdictions.
Consultation on developing better security protocols for information security should begin and the government should speed up its collaboration with payments industry experts. Identifying strategies and promoting the Indian perspective on cyber-security within foreign networks will drive the debate. Countries such as Germany, Australia, China, Japan and South Korea should be used as examples of how policymakers might build these frameworks.
Link to Full Article:: click here
Digital Insurer's CommentsThe Indian economy is rapidly becoming digitalised. However, the digital payment infrastructure remains rather 20th century and requires a great deal of modernisation.
This paper focuses on the challenges faced by the policymakers, regulators and industry while offering a rational framework for setting the train in motion.
Link to Source:: click here