The cash crunch scenario during demonetization has made consumers switch to digital platforms more than ever before. The demonetization announcement has led people to use quick and hassle-free applications, such as Paytm, Freecharge, MobiKwik and even explore Bitcoin as a payment option. However, since the current digital platforms aren’t completely prepared to take the increasing volume of consumers, an amount of scepticism is also there with respect to how secure these platforms are and has raised a lot of concerns in the minds of the users and the service providers with respect to the security of their data too.
Sanjai Gangadharan, Regional Director, SAARC, A10 Networks speaks elaborately on the concerns and suggest best practices and measures that can be taken to keep the transaction data safe.
Does the ongoing cashless drive forcing service providers to rethink their security postures?
The rapid shift to digital transactions has increased the risk of cybercrime by far.
A number of such incidents have been encountered pre and post demonetization. In October 3.2 million debit card details were stolen in a malware related security breach. The cards belonged to customers of private as well as national banks. These stolen debit cards were then used in China. The case still remains unresolved and as the focus shifts to a cashless approach it is now extremely important to take into account these security considerations.
Now this rapid progression towards a digital economy potentially creates a vulnerability which could be exploited by cyber criminals and hence, calls for the need for advanced security infrastructure- which is capable of not just defending an attack but also identifying patterns to recognize attacks proactively and prepare the infrastructure to counter them.
According to a joint research by The Associated Chambers of Commerce and Industry of India (ASSOCHAM) and Ernst & Young (EY), mobile frauds is expected to grow by 65 percent in India by 2017 and almost 46 percent of these online complaints are related to credit and debit card fraud. This should be a matter of grave concern for the Government and also for banks and end consumers.
What kind of concerns are there?
Weak infrastructure- In order to be able to handle the huge surge of traffic on these online platforms, one of the biggest concerns of service providers is whether their infrastructure has the ability to scale to accommodate the increased traffic. Often, user experience is affected when traffic spike cause poor server response times and slows down application performance.
Also, since the increased number of users calls for larger infrastructure, smooth management of the infrastructure is also concern for the service providers.
Increased chances of exploitation- The increase in the popularity of digital payment platforms and the increase in the number of users mean greater risks of falling victim to fraud, identity theft and other forms of cyber-crime. Consumers may not always be technologically savvy and an attacker can gain access to their information by simply getting them to download a malware which is then used to exploit that digital payment system.
Policy implementation- Policies addressing cyber security need to be more streamlined in order to cater to specific issues that are most likely to turn up due to the increased number of consumers. Also there have been issues with regards to the implementation of these policies at some instances, so focus needs to be given to the implementation.
Government laws- Government laws now play a critical role, although there are laws put in place to ensure safety of the cyber world what needs to be looked upon is that these laws are monitored in order to address issues better.
Is the existing infrastructure ready/scalable enough to handle the pressure? If not, what do you suggest?
Although a cashless economy is much more economical and profitable, but it would sustain only if companies who provide these services have a strong and scalable infrastructure to take on this pressure. Current scenario has rendered a lot of these companies open to attackers with bugs and viruses strong enough to break through their infrastructure and gain access to user information.
There have also been episodes of companies not being able to take the load, which leaves users unsatisfied with the services and moving on to other platforms. This fuels the already existing scepticism in the user’s mind about the viability of digital platforms and in order to curb this, it is important to come up with infrastructures strong enough to hold any amount of load.
Companies need to start investing in resources to strengthen their infrastructure, deploy much stronger security measures on multiple levels and to start educating and training their employees and users about the potential threats and the measures that they can take on a basic level to ensure that their data is secure. This would make it slightly difficult for the attackers to gain access in the first place. Companies also need to look towards pattern recognition and behaviour analysis as a means to identify possible threats and take proactive steps to protect the data from any such attacks.
What A10 recommends to the users and the service providers?
-It’s always preferred to have a two factor authentication method for all online transactions. A simple username and password are often not enough to protect your information from attackers; this two-step mechanism would make it harder for attackers. It is always better to avoid using any platforms that do not provide this two-factor authentication method.
-Another useful method is to use biometrics measures for accessing any of your online or digital information, for example, a finger print authentication mechanism would ensure that only you would be able to gain access to the information.
-Token based authentication is another useful technique to keep all your information safe and hidden.
-Exercising caution while accessing websites and using digital platforms for making payments is critical.
-Do not share information requested through mail or phone calls by your financial institution.
-It is preferable to use payment applications that have an advanced and strong security mechanism for transactions.
-Use multiple security devices in order to ensure that no malicious content passes through.
-Create categories for the different content going through the web in order to ensure that confidential data remains encrypted and the safety regulations are not disrupted.
-Different security systems from different vendors should be implemented to ensure different layers of security.
-The web traffic needs to be monitored and controlled on a granular level to keep a check on what content is passing through.
-The compliance needs should be met to the maximum capacity.
Resilience to cyber crimes can be improved by maintaining strong partnerships with other organizations. These partnerships would ensure that any information related to attacks is shared between all the partners so that they can be prepared to face such scenarios in the future. In the long term this would help the industry to be prepared in order to defend from any such attacks.