With more and more people opting for e-wallets for making daily payments, targets for hackers have increased exponentially, experts say, while warning that upgraded security is the only way to safeguard millions of first-time users and small and medium businesses from losing their hard-earned money.
The government's demonetisation move and the resultant cash crunch have led to digital wallets witnessing an unprecedented rise in their usage and popularity — with people using them for everything from buying groceries to paying for their commute.
Digital Payment Providers Witness Surge in Daily Transactions
The country's largest e-wallet company, Paytm, has registered over seven million transactions worth Rs 120 crore a day after demonetisation was announced as lakhs of consumers and merchants across the country started opting for digital payments on its platform.
Another mobile wallet major, MobiKwik, which launched MobiKwik Lite late last month, registered over two million downloads within the first two days of the Lite offer. Global payment solutions provider PayU saw average daily transactions go up from Rs 12 lakh to Rs 2.5 lakh post demonetisation.
Cyber experts emphasise that as the numbers swell, newer forms of vulnerabilities will be exposed in the payment gateways.
Unarguably, with the digitisation drive comes the responsibility to safeguard against cyber pickpockets (cyber criminals) who will be on the prowl against unsuspecting consumers. Considering that cashless payments will become both a necessity and a huge convenience, it is imperative that security becomes embedded by design rather than a bolt add-on from mobile wallet firms.Anand Ramamoorthy, Managing Director, South Asia, Intel Security
This essentially means that data security infrastructure along with customer redressal mechanisms will have to be well thought of and the purview of IT laws for cyber crimes will have to be expanded to include mobile wallet payment systems.
This is how hackers can attack your money in e-wallets: Create multiple fake accounts to collect money in small amounts; cheat people who are digital novices by psychological manipulation; and breach servers and steal data.
According to Vidit Baxi, Director (Technology) at the IT risk assessment and digital security services provider Lucideus, e-wallets are at a greater risk than ever as users grow and hackers eye digital payment gateways as a lucrative opportunity. However, he added:
That being said, let’s understand that even the largest banks on the planet have been digitally hacked, so there is nothing like 100 percent security. It’s all about managing the risk and minimising it to whatever extent possible. It is clear that the benefits of digital payments far outweigh the risks but, at the same time, such risks have to be continuously monitored and managed.
Need For E-Wallet Firms to Adopt Latest Technologies
The time is ripe for e-wallet firms to adopt the latest technologies to safeguard their gateways before a major cyber attack hits them –and the users' confidence in moving forward digitally.
According to Upasana Taku, Co-founder, MobiKwik, the company takes security seriously and puts it at the centre of all user interactions with the platform.
Mobikwik is PCI-DSS and ISO 27001 certified, takes care of the various information security measures to ensure security of the application and protect its business from emerging threats and frauds. For us, security is not just a state, it’s a process that is applied in every new feature or new product development. With great power comes great responsibility, and we take that responsibility very seriously.Upasana Taku, Co-founder, MobiKwik told IANS
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organisations that handle credit cards, while ISO 27001 is the international standard that describes best practices for an information security management system (ISMS).
PayU India says it has invested Rs 50 crore for the protection of data shared on its platform.
At the end of the day, we are dealing with people’s money, hence privacy and making data secure is paramount. Our payment gateway is PCI-DSS compliant, thus standing at par with industry standards of data security and integrity. We could seamlessly accommodate the hike (in user numbers) because technology has always been one of our strengths.B Amrish Rau, CEO, PayU India
As the cash holdings in bank accounts have grown manifold, it is extremely important that we put the best security practices in place while investing efforts in educating people as they are gradually picking up pace on their cashless journey.Bhavik Vasa, Chief Growth Officer, ItzCash
E-wallet firms must ensure that user credentials are tokenised, cryptographed and authenticated before the transaction takes place.
"Since most of the user data is stored in cloud, the service providers should ensure that their servers are well-protected with standardised firewall and server security," said Amit Nath, Head of Asia Pacific (Corporate Business) at F-Secure, a European cyber security provider.
Masking user details on the mobile phone while transacting will be an added advantage. "Educating people to use a technology, a good antivirus on mobile phones, Wi-Fi protection, anti-malware and banking protection on mobile devices gives an added protection to users," Nath said.
"Since people with less digital experience like small-time street vendors are thronging e-wallets, providing proper training and frequent messages to customers to make them aware of fraud techniques is the need of the hour," added Ankush Johar, CEO, BugsBounty.com.
Establishing if a cardholder is shopping from a recognised payment device can help merchants and issuers distinguish between ‘good’ and ‘bad’ transactions.
"It is simply no longer acceptable for the time of detection (of the cybertheft) to reaction to containment to take hours or even minutes. To accelerate this process and keep up with the enormous volume of sophisticated threats, security architectures and processes must evolve and be automated," Ramamoorthy told IANS.
(Nishant Arora can be contacted at firstname.lastname@example.org)
(This article has been published in an arrangement with IANS.)