ROUGE APPS CAN SPOIL THE DIGITAL PAYMENT LANDSCAPE
With demonetization, those who were brought into the financial fold are back into focus. The move has somehow pushed forward the digital drive. In an interaction with Dataquest, Kartik Shahani, Managing Director India/SAARC – RSA, discussed the growing se
How is RSA operating after the Dell acquisition? Is there any ground level change?
No changes at all. We used to report into EMC from RSA’s perspective. We were a business unit of EMC, but a very independent business. Our operation was almost as independent as probably VMware or Pivotal - which are slightly different from the core business of EMC. However, we were very important to the EMC business because in a large deal, we would become the differentiator as against any other contender. For instance, Hitachi, NetApp, even HP, that would not have the security stack required for the entire bid specifically in the government tenders or a very big tender. It used to work really well for us.
EMC used to provide access into those accounts for which they had a very large deployment. So our technology goes very well when you have a replication taking place between DC (data center) and DR (data recovery). Now, with Dell acquisition we are not reporting into EMC anymore. We now report directly and are another business unit of Dell. So instead of being a business unit of EMC, we are a business unit of Dell. What sort of security measures can be taken by the wallet players immediately to safeguard their platforms? Firstly, let’s try and differentiate between a wallet and a card transaction. If we look in terms of transaction, they are quiet similar. The technology, security measures everything is similar. However, there is one massive difference between the two and that is ‘you can’t control the end user in a wallet’. For a banking site, you have to log into the banking portal, authenticate yourself and then use the services. Plus, rouge apps are spoiling the sport. Users are getting cheated. The apps look very much like the original apps. If you download a rogue app, the bank or the merchant or whoever is providing the service cannot have any control on it. This malware is going to redirect users to a hacker. The biggest problem is, who is going to be able to authenticate whether the wallet app is good or bad. At RSA, we are doing it. We have a thing called rogue app detection, which informs our customers who have taken our services. We bring down those sites. The problem is that every day there is going to be a new such app. There will always be some gap between the time it’s detected as well as removed and the next one crops-up. What sort of opportunities does RSA see in the security space, specifically after the demonetization move wherein India is witnessing an upward surge in cashless transactions? The current landscape is outlined with 60% of the population residing in rural and 40% in urban areas. The 40% urban population has so far been addressed by the banks. The remaining 60% population living in rural parts was not addressed by the banking system since years. The government has been very keen on bringing those people into the banking system recently. This is the reason why the government began Jan Dhan Yojana scheme. In this scheme, many accounts were opened. With demonetization those who were brought into the financial fold are back into focus. The move has somehow pushed forward the digital drive. A number of Indian banks faced challenges with their mobile apps as fraudsters exploited the loopholes in them to steal money. What is the best way to address these things? How can banks bring these incidents down? At the end of the day, we have this belief called the gap of grief. And this gap is the fact that the problem is no longer related to the security technology. It has transitioned into a business problem in which due to technical snags, the banks are losing money. This is forcing banks to look for a solution to address the business problem.
At RSA, we believe that business drives security. All the security that exists in an organization is business-driven security. No security company can provide solutions for the entire organization. We try to address the business problems. Organizations identify their issues and hence look out for solutions. Do you think the RBI directive to all banks to report the security incidents immediately will help the banking ecosystem? Absolutely! Not only that, it is also helpful from a risk analysis perspective. It would be easy to find out how often cyber attacks are happening, how common they are, how many people are getting affected due to them and at what speed the attacks are taking place. This will not only help the RBI and the affected banks but also other banks to understand what sort of metrics are becoming the gateways to such attacks.
— KARTIK SHAHANI Managing Director India/ SAARC – RSA