Government promoting cashless transactions: But, Security woes and bad networks hamper digital banking dreams

3 days ago | Published by :
A customer gives her finger impression to update her smart card in Wavanje village of Raigad district, about 50 km from Mumbai 

The Modi government has promoted cashless transactions in the wake of India’s demonetisation drive to crack down on ‘black money’.

This may sound good on paper but challenges loom, especially in India’s villages where internet networks remain patchy and few people know how to use smartphones.

Sunil Abraham, executive director of the Bengaluru-based The Centre for Internet and Society (CIS), spoke to us about the hurdles for digital banking in India and why the government’s USSD (Unstructured Supplementary Service Data) and biometric methods are not entirely safe. Edited excerpts from the interview:

Q: How safe is internet banking in India?
A: There are two dimensions to internet banking – traditional bank-provided mobile apps and web applications, and new companies called fintech providing wallet service. Security standards are very varied. In case of banks also, research teams get constant alerts from hackers about some serious vulnerabilities in the system. We forward these complaints to the authorities and the banks. Now sometimes these problems are fixed and sometimes they are not. There’s very little information available in public domain about the security standards. Only recently the government has started systematic testing.

Q: What is the mechanism to ensure digital banking remains safe?
A: When it comes to banks, there are several master circulars on cybersecurity, privacy, data protection. All of these are published by the Reserve Bank of India. Banks are supposed to comply with those circulars … The problem is it’s fine to have norms, but we also need to have independent audits. When the banks or fintech companies pay audit firms for any kind of certification, then there is conflict of interest. So we need third-party auditing also.

Q: Does the government not conduct these audits?
A: The government does some audits, especially on hardware. But when it comes to the banking and financial sector, there’s a lot of software involved, so it’s not possible for the government to audit.

Q: How strong is the cybersecurity mechanism in other countries and what can India learn from them?
A: In India, we have a large number of players. While this increases the competition and makes the banking system resilient, it also somewhat compromises on quality. In many countries there’s a ‘breach notification law’ … In India both these features are missing – first, you don’t have immunity from the law for those who want to do testing. Secondly, the banks must be made to inform if there’s a security breach, and when the breach is massive, then it must be obligatory for them to inform the consumer.

Q: In India, a majority of bank account holders are in villages. Are they skeptical about internet banking?
A: In rural areas, because of limited bandwidth, the government is pushing for USSD. In villages, biometric applications are also being pushed. There is a big problem with the USSD. The government policy on encryption is not very clear. Due to this, telecom companies are not following uniform policy. There are even some telcos that are not doing any encryption. This makes the bank accounts vulnerable and they can be attacked locally. One cannot hack a USSD-driven bank account in Uttar Pradesh from Bengaluru, but he can hack it locally. Rural India will be using USSD, which is weaker than the mobile apps mostly used in cities and secured by encryption. Another problem is most of the rural people don’t understand English whereas the USSD system only supports English.

Q: Biometric is being promoted as another mode of banking in rural India. How safe is it?
A: There are a lot of problems with biometrics too. First is they are non-consensual. Second problem is biometric data can be stolen covertly. From a distance, I can take a photograph of you and steal your iris information. Similarly I ask you to show you a ‘victory’ sign, take a photograph and steal your fingerprint information. Fingerprint information can also be easily stolen when someone is sleeping. Once the biometric information is compromised, it cannot be re-secured again.

Q: Are villagers more vulnerable to mobile banking fraud?
A: Yes. People who are not familiar with technology might give their phone to another person for help and there’s a possibility that those people may cheat them. There are issues with the usability that’s why they [the government] cannot force people to go for mobile banking through this demonetisation. They should have let it naturally grow and allow people to gradually come to terms with it.

Q: What about poor connectivity in villages?
A: There may not be a security problem due to this issue but network problems will discourage villagers, already skeptical about mobile banking solutions, from using them.  It will make mobile banking unreliable. If people have cash in their pockets, they are sure that they can use it. While if you have money in your digital wallet, you may not be able to use it at a place where there is poor internet connectivity.

Tags: , , ,
Related News
Government of Puducherry to conduct three day Indian Panorama from Feb 6
Government asks Google Play Store to takedown 12 Android apps providng Aadhar illegally
Narendra Modi government is considering Cap on online transaction service fee likely
Government asks to capture foreign market in medical devices
Narendra Modi government considering ‘fat tax’ on junk food and sugary drinks
Tamil Nadu Jallikattu row: Government has to crackdown on those against Constitution, says Subramanian Swamy
Top