Security of digital payments, wallets needs attention
Post demonetization, there has been a monumental surge in digital transactions in India. As per report, wallet payments have soared by 300% after November 8, 2016 and some of the transactions statistics are an eye opener. The number of e-wallet daily transactions has shot up from 1.5 million to 7 million transactions per day, and, in value terms daily from 500 mn to nearly 2 billion. While all this is happening, in a rare incident, the largest player in the market recently had to approach enforcement agencies for a hack and defraud perpetuated. While the details are still under investigation, needless to say, security of digital payments and wallets is now a paramount concern.
The mobile phone is getting increasingly more important in our day-to-day life and given this hyper-surge in digital transactions, the attention of all has now turned to one of the most important aspects of security and safety of usage of digital payments. One needs to understand this aspect well as digital payments are no longer one of the payment options, but are becoming a must. Wallet companies have built a host of security features, making wallet transactions as secure as one uses web portals. For a user, a mobile wallet is more or less like an electronic prepaid card and in the popular imagination the replacement for the physical wallet. To get started, one has to sign up for the app on iPhone or Android phone’s App store. From loading the wallet through debit/credit card or net banking or receiving money through P2P money transfer, to making money transfers, paying bills, booking tickets and shop, it is a straight forward policy backed by cutting edge technology developed under a strict regulatory regime. However, there are now increasing instances of breaches and frauds being reported from time to time.
One of the biggest reasons for above has been the race to acquire customers and making transactions as easy and convenient as possible, often doing away security features such as second factor authentication, not getting logged out after a certain time of inactivity and compromising on the security regulations as mandated by RBI’s mandates.
In general, the wallet service providers have to undergo stringent and strict technology platform security tests, periodically. The first technology system audit happens at the time of going live. This is known as CISA audit – Information Systems Audit. This is one audit which is done every year by external agencies. CISA audit is a globally recognized certification in the field of audit, control and security of information systems. CISA gained worldwide acceptance having uniform certification criteria, the certification has a high degree of visibility and recognition in the fields of IT security, IT audit, IT risk management and governance. Mobile Wallets which are certified are safe from all vulnerabilities and attacks including backdoors, denial– of-service attacks, direct access attacks, eavesdropping, spoofing, tampering, phishing and click-jacking.
Then there is annual and regular inspection by RBI with daily, weekly and monthly reporting to both RBI and the Frauds Investigation Unit of Ministry of Finance. Despite the best of systems and methodologies, there has been a spate of increased instances