Security Risk of Cashless Economy in India



8th November,2016 was a great date for the entire world. On the one hand, Us election results were announced and on the other hand Prime Minister of India, Shri Narendra Modi Announced Demonetization in the country ( India ). If you are not from India, you might be thinking what do I mean by it. Well on 8th November the prime minister of the country Announced that from 9th November Rs 500 and Rs 1000 notes will no longer be used as legal tender and all the citizens needs to deposit it in their bank. Soon after the announcement, there was a big rush in banks as  Millions of people went to Exchange Old Currency Notes.

Long queue in banks


But soon after the announcement the government of India started setting up various rules. One of the major rule was that the citizen could only withdraw Rs 2000 per day. This became a huge problem as Rs 2000 is not enough and also as everyone was depositing their money there was a scarcity of physical notes. Government launched rs 2000 notes but since no one had change so it was almost useless at that time.

The Solution ?


Many started using online transactions as there were no restrictions in it. many people started using Third party apps like PayTm and Mobiwik etc to make payments. Over the past week, digital payments have hit record transactions: PayTM said there was a 200 per cent increase in its mobile application downloads and a 250 per cent increase in overall transactions; MobiKwik said its user traffic and merchant queries increased by 200 per cent within a few days of the government’s announcement. Companies such as Oxigen and PayU have also seen a rise in their service usage.


Demonetization came as a good news for these apps. Soon after few days of Demonetization, Paytm went to almost all the shops and local business firms and made them join Paytm by which they can take money from customers via the app.

Now Even the government is focusing on cashless economy. Many banks have already come up with their apps by which customers can make transactions. here in India everyday we can see ads by government where they ask people to use these app based service so that the country can go full cashless.

But is this a good step ?

Well I don't know at this point of time how successful or useful it will be but are we ready for a full cashless economy here in India ?

Lets see the security aspect of cashless economy.

The Risk.


The first ATM in India was setup In the year 1987 but still most of the people don't know to use it due to which we see a lot of fraud done in ATMs.  The weakest security link in any transaction is not the technology system, but the user, and their lack of understanding of security issues. To get a sense of this, to withdraw money from ATM’s, some people were giving others their card and PIN numbers. 

Now imagine if we ask those people to switch to these mobile based apps all in just 1-2 months how will they do it ? Now since their is a limit in cash withdraw, people are forced to use these apps .

One of the biggest financial data breaches in India, exposed in late October, had compromised the financial data of over three million users and victimized major banking companies. The breach occurred when a network of Hitachi ATMs infected with malware enabled hackers to steal users’ login credentials and make illegal transactions. Following this, companies issued new cards and asked customers to limit their ATM usage to those operated by their banks. However, a few weeks after the breach, the demonetization announcement pushed people to do just the opposite — rush to withdraw money from just any functioning ATM. Till date, there has been no communication from banks or the Reserve Bank of India assuring the public that the infected ATMs have been taken out of service or fixed to prevent further breaches.

Now since all are new to this mobile transactions and use of apps, it have become easy for hackers and fraudsters to fool these people and take away their money . I'll give you a small example here.

One of the fast food joint near my home have started accepting PayTm payments. Earlier he use to take only cash but now he accepts paytm payments too. But here is the risk. He is not much educated and he don't know much about security. Now if a fraudster calls him up and says that he is from PayTm and say him to transfer 20% of his money to that number else his account will get deleted. I'm 100% sure that he will do it.

This is the problem that we are facing right now. People of the country lacks awareness. We must first aware them about how to use it, what are the risk only then we can start using it.


These are the Physical risk. Now lets come to technical risk.

Now since everyone is dependent on these app based payment systems, it has become a prime target of hackers. One flaw in these apps and all our money is gone. Also since users are now aware it become very easy to hack them.

Last year Popular Bollywood singer papon mahanta's Official Facebook page was hacked and i helped him get back the page. While working on it I got to know that the hacker actually sent him a phishing page and his social media manager thought it was a legitimate one and gave away his login details. 


Now think if his social media manager who deals with online stuffs most of the time failed to recognize it was a phishing page then how can you expect a normal guy to distinguish between a normal login page of these money based apps and phishing page ?

Also Recently we have seen in that a hacker group called "Legion" is hacking into all high profile people like Rahul Gandhi ( Vice-President of the Indian National Congress party ), Indian National Congress, Barkha Dutt ( Indian television journalist ), Ravish Kumar ( Indian television journalist ) etc. In one of their interview they have said that Indian banking systems can be easily hacked. So how can we be sure that the apps that all the banks launched in the last 1 month are secure. How safe are our money ?

Conclusion


Demonetization is a good step by the government but I think this is not the right time to go cashless. today we use apps likes Ola and Uber because we like it and not because we are forced to use it. Right now people are using these payment apps because they don't have any other choice.  I think Government should focus on how they can aware  people on how to use it, its security and benefits etc and let the people them self decide if they want to go cashless or not.