For some businesses, demonetisation of the Rs. 500 and Rs. 1000 notes has been great news, though for most people are finding it hugely inconvenient, and for a large number of people with no access to electronic payment methods, it’s been more than a nuisance.
One of the results of the drive is that more and more people are now paying using their credit or debit cards, while lots of people are also signing up for services such as UPI, and using their mobile wallets with more offline sellers. But getting so many new users onboard brings in a number of security risks over and above questions regarding how secure these apps really are.
Jaspreet Singh, Partner at EY Cybersecurity Solutions, whose focus is on telecom, media, and technology points out the following five risks that will come with the growing rise of digital payments.
“If you look at the last three weeks, we’ve observed a huge boom in the number of signups for wallets,” says Singh. “To give you the example of the nearby market in Gurugram, earlier, only one or two shops accepted Paytm. Today, only one or two still rely on cash-only. It’s a complete change. But we looked at how the companies handle vendor on-boarding, and realised that this was now becoming a problem area.”
Aside from the vendor awareness though, Singh points to another problem in the on-boarding process due to the huge spike in signups. “With the sudden growth in the number of installs, we’re seeing more challenges come in,” Singh explained. “The scale of it is very sudden, and this opens up the possibility for more security issues, fake signups, more devices also means more opportunities for breaches, and this could also lead to identity theft.”
In terms of fake identity, Singh cautions that making fake documents is now extremely simple – and it’s something that can happen with just a simple Google search for Aadhaar cards. “You don’t need specialised software or technical training, just a little patience and Google, and you can make passable fake documents,” says Singh.
Even if verification is being done properly, another genuine concern is the handling of peoples’ documents. People are queuing up with multiple copies of ID documents to do things such as withdraw their money from banks – it is a real problem, and one that generates a lot of documents.
“We are generally unprepared to live with security,” says Singh. To explain this, he gives the example of an audit that EY Cybersecurity did with a multinational corporation recently. “We did some phishing [sending fake mails and calls to get you to volunteer your confidential information] in a major organisation, to test their security preparedness,” he explained. “We were able to get the usernames and passwords of 13 out of 18 of the topmost executives in the company, and that required no hacking or high tech methods.”
“This is the top executives of an MNC,” he continued, “where they have defined information awareness campaigns. Do you think that the awareness is any better in the rest of the country?” This is a problem because with the huge growth in numbers of people, instances of misuse and fraud will also go up accordingly, and the companies will be hard pressed to meet this increased need for customer care and security as well.
Aside from all these problems, Singh says that there are other technological weaknesses to consider as well. Leaving aside the security features of the apps in question, he warns about viruses, malware, and key-loggers that the consumers could have installed on their phones without realising either.