Bharat QR Calls for Enhanced Security
Cyber security and privacy become critical
The launch of Bharat Quick Response (QR) code to enable people to pay for things they buy without swiping plastic cards is welcome. It makes digital payments seamless, convenient for customers, and helps the government’s push towards moving to a less-cash economy. Merchants will be able to generate their own code that will be interoperable with banks, doing away with swipe card terminals. This will lead to some cost savings, and merchants will also receive money instantaneously. Sensibly, rival payment service networks — the National Payments Corporation of India, Visa, MasterCard and American Express — have come together to support Bharat QR. All banks must come on board to allow customers to use the QR code, given that more interoperability and lower merchant discount rates will drive digital payment adoption.
The QR code is innovative and conceptually simple: a customer only needs a smartphone and an internet connection to use the code. But it also makes the payment system dependent on technology more than ever before, raising the pressure on cybersecurity. If somebody wants to sabotage the economy, all that he needs to do is to mess up the data on assets held in bank accounts. The dangers of a connected world became evident in India, for example, after last year’s malware attack via a card-reading and money-dispensing and point-of-sale equipment that compromised over three million debit cards of at least five banks. Can malware capture debit or credit card details and replicate them as well? Are India’s telecom networks susceptible to snooping? Do banks have foolproof systems and protocols to protect data, say, of accounts linked to Aadhaar? Banks must invest in acquiring the needed hardware and software, train staff to adhere to strict protocols and educate customers. The country must have a robust legal framework for privacy and data protection. That is not the case now.
Everyone does not have a smartphone. Nor is spectrum plentifully available to make data networks ubiquitous. These problems will need to be addressed as well.