How safe is digital India after demonetisation for NRIs?

Are their electronic and mobile transactions safe from cyber criminals in this rush away from cash?

By Allan Jacob

• Follow us on
• 
• 
• 

Published: Sat 24 Dec 2016, 9:26 PM

Last updated: Sat 31 Dec 2016, 12:20 PM

Many Indian expats in the UAE are heading home or are already there for the holidays. A cashless festive season awaits them with the scrapping of old Rs500 and Rs1,000 notes and the hasty drive to an electronic-mobile economy where cash is not king. But, are their electronic and mobile transactions safe from cyber criminals in this rush away from cash?

There has been a spurt in digital transactions after Indian Prime Minister Narendra Modi announced on November 8 that notes of the two denominations would be banned and new ones would be issued. Electronic payments are being promoted and people are shopping more online, paying for everything from car fares to groceries. However, much thought has not gone into the safety of these smart payments in the hurry to trap those stashing away illegal, unaccounted for funds, otherwise known as black money. Experts say India's digital economy has enormous potential but is fraught with security risks both at the individual and institutional level. There's little awareness about the cyber crime and only those who are regulars online, the so-called netizens, have some knowledge of what's lurking in the virtual shadows. And it's not just Internet payments, trouble starts from the ATMs that have witnessed long queues after the government put limits on cash withdrawals.

A lot of ATMs in India use the old operating system known as Windows XP, according to research done by Kaspersky Labs. This makes them easy targets for hackers and cyber criminals. "As most of these ATM machines are not updated with the latest operating system they have a high possibility of being compromised from inside or outside," said Altaf Halde, Managing Director (South Asia), Kaspersky Lab.

In a report, FireEye, another online security firm, echoed Kaspersky's fears and said ATMs in the Asia Pacific region could come under more attacks in 2017. "We have seen a big focus in the region, including in India. ATMs in underdeveloped countries are particularly vulnerable as those countries still have old software and are running Windows XP. This makes them the perfect target for an easier score," the report said.

Recently, some leading Indian banks were hit by a malware which compromised data and accounts. Millions of customers were affected, and the country's largest public sector bank, the State Bank of India blocked 600,000 debits cards of its customers after the incident. Other banks which reported the cyber attack included YES Bank, HDFC Bank, ICICI Bank and Axis Bank.

Halde said 'point of sales' machines like the ones used to swipe credit cards also use the old operating system, hence hackers could target these devices internally or externally.

"As far as our research suggests, E-wallets have not been compromised yet, but they can be hit by android malware, which can infect the system and keep track of your activities."

Sadly, most people in India are not aware of the latest cyber threats. It's also important that the government keeps itself updated and a step ahead to fight cyber crime.

FireEye said India's existing cyber security infrastructure is inadequate to deter the new generation of malware launched by hackers acting individually or backed by other governments.

So what's holding back a stronger electronic protection system in India? "The key roadblock to stronger cyber security is cost-conscious organisations that do not allocate the resources required to provide effective security and reduce risks," said Vipul Kumra, Systems Engineering Leader for India at FireEye.

This could explain the increase in online attacks post demonetisation. According to reports in the Indian media, there were 80,000 actual breaches between December 9 and 12. Security officials said there were 200,000 threats per day till November 28. This increased to 600,000 daily threats in December, most of which were neutralised.

"One of the interesting implications of demonetisation which is yet to be examined is the rise of immature digital payment providers. Many of these start-ups do not place the same emphasis on security that you expect from traditional financial institutions," said Kumra of FireEye.

India, with 220 million active smartphone users, is now the second biggest market for brands, according to Counterpoint Research -- which is still only 17 per cent of the population. Newer brands are flooding the country, prices are being slashed as digital is becoming king. This has come at the cost of security starting with roadside ATMs to the latest mobile devices. Software updates are being given the short shrift as Indians race to become smart digitally -- a dumb thing to do in the real world.
Worrying trend

600,000 daily cyber attacks reported in India during December

200,000 daily cyber attacks in India during November

3.2 million bank accounts compromised in India during October-November

$25.6 billion will be global online fraudulent transactions by 2020

Online fraud globally was $10.7 billion last year
allan@khaleejtimes.com

• India