Moneycontrol
Get App
you are here: HomeNewsTechnology
Last Updated : Jan 20, 2017 03:02 PM IST | Source: Moneycontrol.com

Cashless economy: An opportunity for cyber crooks to crack data

Cyber investigators say that high awareness is required as India is marching towards plastic money.


Himadri Buch
Moneycontrol


Cash transfers through e-wallets and net banking have taken off in a big way post the demonetization move, but cyber security experts say the payment infrastructure needs to be strengthened for a cashless economy to flourish.


They have warned that as the volume of online transaction has increased manifold, cyber criminals too have sensed an opportunity.

Close

India has already witnessed a steep rise in financial frauds over the past few years, and with more users and high-value transactions, the instances of digital frauds are bound to rise.


Cyber investigators say that high awareness is required as India is marching towards plastic money.


"As the cash holdings in bank accounts have grown manifold, there are more chances that criminals may attempt to siphon them off at one go,” explained Prashant Mali, a cyber security expert.


He further added that multiple mobile applications having digital wallet details are a cause for worry too. “There are many rogue apps which pose a huge threat to digital transactions through mobiles," Mali said.


At present, the mobile banking segment contributes the largest share of 49 percent in the Indian mobile payment market with over 386 million transactions worth Rs 4,000 billion in 2016.


Another cyber expert has already noticed a spurt in financial fraud. He said that so far, only the educated and technologically sound section of the populace were using digital modes of payment. But due to demonetisation, the poorer and rural sections have been forced to do online transactions, putting them at greater risk.


"As there is a currency crisis, people are using their credit/debit cards at every possible place, but most are not aware of what to check before making online payments and what details they need to keep secret,” said a cyber security expert who did not wished to be named.


A large section of technologically unaware people are now forced to use technology which will be misused by cyber crooks, warns the expert quoted above.


According to a study by ASSOCHAM-RNCOS, the digital payment sector might register unprecedented rise. It says that the volume of digital transaction in India is likely to witness an exponential compounded annual growth rate (CAGR) of over 90 percent to reach 153 billion by 2022 as against 3 billion in 2016.


Cyber security experts believe that alternative payment methods like Paytm, MobiWik, Freecharge are secure till as long as user ensures that only the required permissions are given, but they add that the regulation and legal framework governing alternate payment methods is weak as they are not completely controlled by RBI.


Experts recommend use of net banking and debit/credit cards for high value transactions and suggest restricting use of m-wallets for only low value transactions in order to limit impact in case of a financial loss.


Transactions using these apps are at high risk as compared to the online card transactions.


"All net banking and card transactions use more secure form of risk-based step-up authentication unlike most m-wallet applications that reside on client systems. [The latter arrangement] increases the chances of rogue applications being downloaded,” said Kartik Shahani, Managing Director - India & SAARC, RSA.


Additionally, experts say people should avoid carrying out any monetary transactions from insecure Wi-Fi hotspots as chances of malicious application getting installed are higher.


Compared to the Western countries like the US – where only 40 percent of transactions happen through cash, compared to 97 percent for India – the cyber security risk is much higher here.


"The primary reason is lack of acknowledgement of cyber threats by the board room professionals,” says Anuj Goel, Co-Founder, Cyware. “The hackers are also well endowed with resources at par with security professionals and often succeed in exploiting vulnerabilities in the alternate payment systems.”


Experts say the most common mistake that users make is storing bank details in an app: when the app is compromised or the mobile is stolen, there is a huge risk of the information falling in the wrong hands.


 This is not to say that India has not made any strides when it comes to ensuring the financial security of those undertaking digital transactions.


"India follows one of the best international practice and best security standards across the globe. The reality is we were the first to introduce second factor authentication and many such multiple options, which actually, today US has adopted,” said Bhavik Vasa, Chief Growth Officer, ItzCash.


The two factor verification – along with strong passwords – is a critical gatekeeper of privacy, says Anand Ramamoorthy, Managing Director - South Asia, Intel Security, and there should be a thrust towards creating greater awareness in implementing practices amongst customers.


"The single most important advice that we would like to offer is ‘Think before you click! Don’t click on a third-party link. Instead, access information directly from the original source or company websites to ensure you aren’t clicking on anything that could be malicious,” he said, summing up.

"Most companies in this space have robust frameworks and technology defence in place, consumers need to be educated on do’s and don’ts around cyber safety,"said Amit Jaju, Executive Director, Fraud Investigation & Dispute Services, EY India. 

He further added, "They can create a safety wall against perpetrators by changing passwords regularly, safeguarding their mobile devices, avoiding the same passwords on banking and social channels and other means, safekeeping of passwords and pin numbers, as they can deter risks to a large extent."


Dos



  1. Use strong password: Use a mix of numbers, alphabets, cases and characters. The longer the password, the more difficult it is to crack

  2. Download apps from authentic sources: Preferably from the company site, not third party sources

  3. Check your mobile wallet statement carefully: Hackers often don’t siphon all your money in one go, they take small amounts


 Don’ts



  1. Don’t use public Wi-Fi: Hackers can snoop into the connection and steal login credentials

  2. Use only registered wallet services: Don’t opt for a wallet only because if offers a higher cash-back. Check the RBI website to find out if the mobile wallet company has a licence

  3. Don’t add too much money: Even in the case of a security compromise, the amount you lose will be less

  4. Don’t save card details on mobile wallets: Every time you transact, make sure you uncheck the box that says, “save your card details for future use”


Time to show-off your poker skills and win Rs.25 lakhs with no investment. Register Now!

First Published on Dec 5, 2016 02:41 pm
Sections
Follow us on