How cyber attacks can derail digital payments systems

cyber-sec-reu-1

The Indian banking and financial services sector has seen its digital infrastructure expanding exponentially in recent years. Digital services such as Pradhan Mantri Jan Dhan Yogna, Inter-bank ATM transactions through National Finance Switch (NFS), Immediate Payment Service (IMPS), etc., have brought banking to the customer’s doorstep like never before. At the same time, cyber threats are also increasing and the nascent ecosystem is already facing sophisticated cyber attacks. For instance, a Rs 25 crore heist at a bank recently was traced to a bug in a digital payment application that allowed pilfering small amounts from multiple accounts. Again, a mobile wallet company suffered a loss of Rs 19 crore due to vulnerabilities in its own online payment system. These incidents require stakeholders to gear up, prepare and collaborate to provide secure and reliable prepaid payment instruments to end-consumers.

It was in this backdrop that Data Security Council of India (DSCI) and PayPal jointly launched a report titled ‘Securing India’s Digital Payment Frontiers’. The key objective of this study was to analyse India’s journey in digital payments and its cybersecurity dynamics, prevailing cyber threat landscape, policies, regulations, standards along with future trends and best practices at the enterprise level. The report suggested various recommendations to secure the digital payments modes. As per the report, companies need to establish and maintain an appropriate governance and cyber security risk management framework to address the risks related to their IT systems and processes. To protect the interests of the public, the government makes policies meant for assuring the data protection and privacy related to the information collected or processed by the service providers, while regulators like RBI set the framework to conduct the business.

The cyber security best practices to be followed will have to integrate the elements of corporate security, rules and regulations along with the other elements of physical security. Government agencies such as CERT-In called the report very timely and said it would help in making the security framework more robust and resilient. Appreciating the efforts taken by DSCI and PayPal, Gulshan Rai, National Cyber Security Coordinator, government of India said, “To secure digital payments we have to focus on infrastructure as well as end-user tools. It is also important for service providers like Mastercard and Visa to step forward in this direction. The fintech sector in India will be under major attacks, the financial sector was under massive attacks last year and this year too. Hence, this report will help us to set the directions for the stakeholders.”

PayPal, which started its India operations last year, is looking to make the digital infrastructure for financial services more robust. Today, 85% of financial transactions are cash-based, and with the new government focused digital policies, there are untapped opportunities for PayPal and more players to explore in the Indian market. According to Edwin Aoki, global vice president, chief architect and technology fellow at PayPal, India has emerged as one of the fastest growing digital economies with a vision of becoming a cashless society. The cyber crime landscape is a rapidly evolving global threat, and the success of the industry requires investment in best practices, training and effective regulation. “With global expertise from our presence across 200 markets, we are geared up to help India secure the digital payments space,” he added.

Sanjay Bahl, director general, CERT-In said, “At CERT-In, 38 commercial banks are using our services. We are quite stretched with our resources for securing the financial services . One after another, we are carrying out mock drills, hands-on training on handling the new threats for banks. The fintech sector will always be under massive cyber attacks. We are investing in creating awarness around technology and process for banks and end-consumers.”