The Hindu Business Line
Securing cashless India
The Centre needs to give data safety top priority even as it promotes a cashless economy
The Centre’s push to promote digital payment is a welcome move that will help reduce use of cash in the economy. While reducing cash transactions in the economy is a wholly desirable objective, equally important is the need to protect consumers and businesses from frauds that can happen on electronic and digital platforms. There is no such thing as hack-proof technology, as recent high profile security breaches have demonstrated. The threat of cyber attacks — by both state and nonstate actors — is a reality the Government needs to acknowledge even as it aggressively pushes digital payment over various platforms. There is a plan to make the Aadhaar enabled payment system (AEPS) widespread. AEPS has certain unique safety features — an individual’s biometrics will serve the same function as the personal identification number. That frees the individual from the need to remember a PIN and also change it periodically. Given that each individual’s biometrics are unique, the Government assumes payment transactions as well as balances in accounts will remain absolutely safe. But an AEPS also exponentially increases the risks in case of a security breach, since Aadhaar now covers nearly the entire population.
After all, there are plenty of instances of the most secure and firewalled databases being hacked into — not just for financial profit but for political or ideological ends. From Wikileaks to US Democratic presidential campaign to email service provider Yahoo, all have suffered data breaches, as have networking site LinkedIn and blogging site Tumblr. Closer home, Twitter accounts and emails of businessmen, politicians and journalists were hacked recently by a group of hackers calling themselves Legion. Government websites have been hacked into and defaced several times in recent years. More significantly, a breach of debit card information of millions of people was discovered in October, just weeks before the demonetisation announcement.
The usage of digital payments is expected to rise as more point of sale terminals are installed across the country — the Centre has already announced very ambitious targets. That could mean many more people, and many new users, would be swiping their cards to make payments. How safe will their data be and what preventive measures are being taken for data security? ATMs and POS terminals can be hacked with malware. Those with RuPay debit cards — about 200 million with Jan Dhan accounts — could become vulnerable to card-not-present crimes if they are not made aware of security measures they need to take. While users of payment cards are the most vulnerable, both in India and globally, others are not exactly safe. Mobile wallets are relatively new worldwide, yet over 100,000 people reported mobile wallet frauds last year. As mobile wallet usage increases, so would threats from cyber criminals. Hackers such as Legion claim India’s cyber security is weak and that they already have access to mountains of sensitive data. That should have us worried about the security of our financial data.