ROUGE APPS CAN SPOIL THE DIG­I­TAL PAY­MENT LAND­SCAPE

With de­mon­e­ti­za­tion, those who were brought into the fi­nan­cial fold are back into fo­cus. The move has some­how pushed for­ward the dig­i­tal drive. In an in­ter­ac­tion with Dataquest, Kar­tik Sha­hani, Man­ag­ing Di­rec­tor In­dia/SAARC – RSA, dis­cussed the grow­ing se

DQ Channels - - Front page -

How is RSA op­er­at­ing af­ter the Dell ac­qui­si­tion? Is there any ground level change?

No changes at all. We used to re­port into EMC from RSA’s per­spec­tive. We were a busi­ness unit of EMC, but a very in­de­pen­dent busi­ness. Our op­er­a­tion was al­most as in­de­pen­dent as prob­a­bly VMware or Piv­otal - which are slightly dif­fer­ent from the core busi­ness of EMC. How­ever, we were very im­por­tant to the EMC busi­ness be­cause in a large deal, we would be­come the dif­fer­en­tia­tor as against any other con­tender. For in­stance, Hi­tachi, NetApp, even HP, that would not have the se­cu­rity stack re­quired for the en­tire bid specif­i­cally in the gov­ern­ment ten­ders or a very big ten­der. It used to work re­ally well for us.

EMC used to pro­vide ac­cess into those ac­counts for which they had a very large de­ploy­ment. So our tech­nol­ogy goes very well when you have a repli­ca­tion tak­ing place be­tween DC (data cen­ter) and DR (data re­cov­ery). Now, with Dell ac­qui­si­tion we are not re­port­ing into EMC any­more. We now re­port di­rectly and are an­other busi­ness unit of Dell. So in­stead of be­ing a busi­ness unit of EMC, we are a busi­ness unit of Dell. What sort of se­cu­rity mea­sures can be taken by the wal­let play­ers im­me­di­ately to safe­guard their plat­forms? Firstly, let’s try and dif­fer­en­ti­ate be­tween a wal­let and a card trans­ac­tion. If we look in terms of trans­ac­tion, they are quiet sim­i­lar. The tech­nol­ogy, se­cu­rity mea­sures ev­ery­thing is sim­i­lar. How­ever, there is one mas­sive dif­fer­ence be­tween the two and that is ‘you can’t con­trol the end user in a wal­let’. For a bank­ing site, you have to log into the bank­ing por­tal, au­then­ti­cate your­self and then use the ser­vices. Plus, rouge apps are spoil­ing the sport. Users are get­ting cheated. The apps look very much like the orig­i­nal apps. If you down­load a rogue app, the bank or the mer­chant or who­ever is pro­vid­ing the ser­vice can­not have any con­trol on it. This mal­ware is go­ing to re­di­rect users to a hacker. The big­gest prob­lem is, who is go­ing to be able to au­then­ti­cate whether the wal­let app is good or bad. At RSA, we are do­ing it. We have a thing called rogue app de­tec­tion, which in­forms our cus­tomers who have taken our ser­vices. We bring down those sites. The prob­lem is that ev­ery day there is go­ing to be a new such app. There will al­ways be some gap be­tween the time it’s de­tected as well as re­moved and the next one crops-up. What sort of op­por­tu­ni­ties does RSA see in the se­cu­rity space, specif­i­cally af­ter the de­mon­e­ti­za­tion move wherein In­dia is wit­ness­ing an up­ward surge in cash­less trans­ac­tions? The cur­rent land­scape is out­lined with 60% of the pop­u­la­tion re­sid­ing in ru­ral and 40% in ur­ban ar­eas. The 40% ur­ban pop­u­la­tion has so far been ad­dressed by the banks. The re­main­ing 60% pop­u­la­tion liv­ing in ru­ral parts was not ad­dressed by the bank­ing sys­tem since years. The gov­ern­ment has been very keen on bring­ing those peo­ple into the bank­ing sys­tem re­cently. This is the rea­son why the gov­ern­ment be­gan Jan Dhan Yo­jana scheme. In this scheme, many ac­counts were opened. With de­mon­e­ti­za­tion those who were brought into the fi­nan­cial fold are back into fo­cus. The move has some­how pushed for­ward the dig­i­tal drive. A num­ber of In­dian banks faced chal­lenges with their mo­bile apps as fraud­sters ex­ploited the loop­holes in them to steal money. What is the best way to ad­dress th­ese things? How can banks bring th­ese in­ci­dents down? At the end of the day, we have this be­lief called the gap of grief. And this gap is the fact that the prob­lem is no longer re­lated to the se­cu­rity tech­nol­ogy. It has tran­si­tioned into a busi­ness prob­lem in which due to tech­ni­cal snags, the banks are los­ing money. This is forc­ing banks to look for a so­lu­tion to ad­dress the busi­ness prob­lem.

At RSA, we be­lieve that busi­ness drives se­cu­rity. All the se­cu­rity that ex­ists in an or­ga­ni­za­tion is busi­ness-driven se­cu­rity. No se­cu­rity com­pany can pro­vide so­lu­tions for the en­tire or­ga­ni­za­tion. We try to ad­dress the busi­ness prob­lems. Or­ga­ni­za­tions iden­tify their is­sues and hence look out for so­lu­tions. Do you think the RBI di­rec­tive to all banks to re­port the se­cu­rity in­ci­dents im­me­di­ately will help the bank­ing ecosys­tem? Ab­so­lutely! Not only that, it is also help­ful from a risk anal­y­sis per­spec­tive. It would be easy to find out how of­ten cy­ber at­tacks are hap­pen­ing, how com­mon they are, how many peo­ple are get­ting af­fected due to them and at what speed the at­tacks are tak­ing place. This will not only help the RBI and the af­fected banks but also other banks to un­der­stand what sort of met­rics are be­com­ing the gate­ways to such at­tacks.

— KAR­TIK SHA­HANI Man­ag­ing Di­rec­tor In­dia/ SAARC – RSA

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.