Modi government’s thrust upon Digital India and a cashless economy has brought ethical hackers and cyber security start-ups to the fore-front. (Photo: iStock)
| 5 min read

Cashless Already? Thank Ethical Hackers for Protecting Your Money

India is the third biggest target for global hackers and cyber criminals after US and Japan.

More than a week after demonetisation, as the country remains cashless and most people living in metros switch to online banking and e-wallets, they are also the ones who are the most susceptible to banking frauds and falling prey to hackers.

So, who safeguards Indian banks and customers from consistent cyber attacks?

‘Hack it Yourself, Before You get Hacked’

The fear of failure in a Chemistry exam prompted a young boy to hack his school's computer system and get the question paper. As he succeeded in doing so and got the answer data, the young man was also intrigued by the possibilities of hacking.

I thought, if I could do this in a couple of hours, four hours, then what might I be able to do in four days, four weeks, four months?
Saket Modi, Co-founder Lucideus, a cyber security firm.

Saket Modi’s hacking skills are now being used by none other than the Reserve Bank of India. He is one of the cyber security specialists hired to safeguard the Indian government's Unified Payments Interface (UPI), that allows easier transfer of money between bank accounts, using smartphones.

Modi government's thrust upon Digital India and a cashless economy has brought ethical hackers and cyber security start-ups in India to the fore-front. Cyber experts that hack your systems to disclose the loopholes. Picture this:

From brick & mortar banks, the fraudsters now follow banking customers on internet. (Photo: Parul Agrawal/The Quint)
From brick & mortar banks, the fraudsters now follow banking customers on internet. (Photo: Parul Agrawal/The Quint)

Convenience vs Security

Twenty-three-year-old school dropout Trishneet Arora is one of the youngest ethical cyber security experts in India. At the age of 19 in 2013, he founded TAC Security Solutions, a start-up that offers web security solutions to corporates, banks, governments and law enforcement agencies. TAC Security provides emergency services to customers who have been hacked or are anticipating a cyberattack.

The hacker doesn’t care whether he is attacking an Indian or a US company. It is bread and butter for him and he wants to eat it wherever he gets it from.
Trishneet Arora, founder, TAC Security Solutions

Banks have moved to the digital space to offer convenience, minimise costs and enhance accuracy in monetary transactions. We have various channels available to interact with our banks – the automated teller machines (ATMs), the internet, call centres, branch offices and mobile phones. A simple text message or a few mouse clicks can initiate transactions worth lakhs and crores. As customers go digital, fraudsters have followed them on internet.

Indian banks are known for their robust authentication systems, but none of the banks in India still have an early warning hacker detection system in place. They rely on reactive measures, rather than being proactive in dealing with threats that may lie ahead.

India is the third biggest target for global hackers and cyber criminals after US and Japan. (Photo: Parul Agrawal/The Quint)
India is the third biggest target for global hackers and cyber criminals after US and Japan. (Photo: Parul Agrawal/The Quint)

Who is Responsible In Case of a Banking Fraud?

In 2013, a Bangalore-based programmer Yash KS, released three videos on vimeo.com, showing how easily the banking systems of HSBC, ICICI and Citibank could be hacked. His aim was, 'to create awareness about a glaring hole in the payment gateways of leading banks.' The videos set a storm amongst the customers and the banking sector in India, however, the banks sent a legal notice to Yash, alleging he was trying to “force-sell” them a security product, by black-mailing.

If anybody loses money online the end users are liable for the loss not the banks, unless the user proves to the bank that the fraud was ‘not’ a result of negligence. Negligence means a user’s system had malicious programme that stole credentials or the user logged into an unsafe system. These things are extremely difficult to prove. So, ultimately it becomes a user problem. The banks do not take responsibility. 
Yash KS, Software Architect Qualys in an interview

In one of the biggest data security breaches in Indian banking, about 32 lakh ATM cards were hit by cyber attack in October this year. ATM cards of the customers were blocked en-masse to avert financial damage, but it raises serious concerns over safety of online banking in India.

While the sources of trouble are yet to be traced, what is clear is that the hackers and cyber criminals are getting proficient, working with teams of experts and cyber specialists.

Fraudsters Cash in on Demonetisation, This is How You Can Protect Yourself:

  1. Don’t fall prey to schemes, SMSs asking for your bank details/passwords to convert your money easily.
  2. Phone calls that claim to verify your eligibility to deposit or withdraw money from bank are fake.
  3. Your debit card does not need to be refurbished to be “eligible” to withdraw the new notes.
  4. Use of unsecured portals, unverified apps and wallets risks your banking details.
  5. Spurt in the demand for PoS devices (card machines) has increased the risk of tampered devices being sold to shopkeepers. Check before you use them for transactions.
  6. Report any unauthorised activity immediately to your bank or the police station.
Modi government’s demonetisation decision has pushed the country towards plastic money an digital payments. (Photo: Reuters)
Modi government’s demonetisation decision has pushed the country towards plastic money an digital payments. (Photo: Reuters)

Demonetisation is a developing story and it is hard to predict its exact outcome. What is clear though is the fact that none of us want to lose our hard-earned ‘legitimate’ money.

90% crimes in the cyber space happen due to lack of knowledge rather than the expertise of the hacker.