Free Press Journal

Digital payment providers vulnerable to hacking


New Delhi: With more and more people logging into e-wallets or m-wallets for daily payments, the target for hackers has increased exponentially, experts warn, suggesting that upgraded security is the only way to safeguard millions of first-time users and small and medium businesses from losing their hard-earned money.

Also Read: Mobikwik offers loans to wallet users to push digital payments

The government’s demonetisation drive and the resultant cash crunch have led to digital wallet firms witnessing an unprecedented rise in their usage and popularity – with people using them for everything from buying groceries and vegetables to local travel.

The country’s largest m-wallet, Paytm, registered over seven million transactions worth Rs 1.2 billion in a day after the demonetisation drive began as millions of consumers and merchants across the country started opting for mobile payments on its platform for the first time.

Another mobile wallet major, MobiKwik, which launched MobiKwik ‘Lite’ late last month, registered over two million downloads within the first two days of the ‘Lite’ offer. Global payment solutions provider PayU observed a hike in average daily transactions from Rs 1.2 million to Rs 2.5 million post-demonetisation. Cyber experts emphasise that as the numbers swell, newer forms of vulnerabilities will be exposed in the payment gateways.

“Unarguably, with the digitisation drive comes the responsibility to safeguard against cyber pickpockets (cyber criminals) who will be on the prowl against unsuspecting consumers. Considering that cashless payments will become both a necessity and a huge convenience, it is imperative that security becomes embedded by design rather than a bolt add-on from mobile-wallet payment firms,” Anand Ramamoorthy, Managing Director, South Asia, Intel Security, told IANS.

This essentially means that data security infrastructure along with customer-redressal mechanisms will have to be well thought of and the purview of IT laws for cyber crimes will have to be expanded to include mobile-wallet payment systems.

This is how hackers can attack your money in e-wallets: Create multiple fake accounts to collect money in small amounts; cheat people who are digital novices by psychological manipulation; and breach servers and steal data.

According to Vidit Baxi, Director (Technology) at the IT risk assessment and digital security services provider Lucideus, e-wallets are at greater risk than ever as users grow and hackers identify digital payment gateways as a lucrative opportunity.

“That being said, let’s understand that even the largest banks on the planet have been digitally hacked, so there is nothing like 100 per cent security. It’s all about managing the risk and minimising it to whatever extent possible. It is clear that the benefits of digital payments far outweigh the risks but, at the same time, such risks have to be continuously monitored and managed,” Baxi told IANS.

Also Read: M-payment is a key enabler for m-commerce – Report

The time is ripe for e-wallet firms to adopt the latest technologies to safeguard their gateways before a major cyber attack hits them – and the users’ confidence in moving forward digitally.

According to Upasana Taku, Co-founder, MobiKwik, the company takes security seriously and puts it at the centre of all user interactions with the platform. PayU India says it has invested Rs 50 crore for the protection of data shared on its platform. E-wallet companies must ensure that the user credentials are tokenised, cryptographic and authenticated before the transaction takes place.