Going digital is good, but beware of risks
Since demonetization was announced, the government has put its weight behind digital transactions. But before you go digital, know how to stay safe online
With the government’s move to demonetize high-value currency notes in early November also came a push towards digital transactions. According to data released by the Reserve Bank of India (RBI), the volume of smaller value transactions, largely represented by modes like Point of Sale (PoS), Unified Payments Interface (UPI), Immediate Payment Servic (IMPS) and mobile e-wallets saw a strong growth. Even though all electronic transactions’ combined value saw a growth of over 10%, the volume growth was in excess of 42%, indicating that various small value transactions were made through digital channels.
While the shift towards less-cash is encouraging, there remains an aspect of vulnerability when it comes to digital transactions. “The convenience that digital payments have brought to an individual is massive. On the other hand, there is a cost in the form of risks. So the consumers need to be informed and educated about being intelligent in their usage,” said Saket Modi, co-founder and chief executive officer at Lucideus Tech, an IT risk assessment and digital security services provider. At this juncture, it is important for consumers to know the dos and don’ts when it comes to safety of information while transacting digitally. It is imperative to understand that large-scale adoption of digital transactions also attracts cyber criminals who wait for opportune moments to exploit a system’s vulnerabilities.
Types of frauds to be aware of
Cyber security experts are of the opinion that with the use of online payment platforms, the fraudulent use of payment networks and data theft has also gone up. “While people are getting comfortable with mobile wallets and banking through apps and smartphones, Wi-Fi networks continue to have major security flaws that can make it very dangerous to conduct transactions using mobile devices,” said Amit Nath, head of Asia-Pacific (corporate business) F-Secure, a cyber security company.
Following are the major types of risks that you should be aware of:
Malware: These are specifically designed applications and programs that compromise the security of mobile phones and computers. It gives cyber criminals access to devices, and hence also to sensitive consumer data. Therefore, download and install applications only from authentic sources and that too from developers having a good reputation.
Phishing: In this case, the user is trapped using fake emails or websites and is made to enter account-related sensitive information. Those who are new to the world of electronic transactions are more prone to such traps. Do not click on attractive or suspicious links that you get through SMSs or emails.
Public networks: Using a public network can expose your mobile device and information to cyber criminals. Avoid doing digital transactions on public computers and networks like a cyber cafe or a public Wi-Fi hotspot.
Ransomware: In this security issue, the hacker gains remote access to the device as well as the data of the victims, and can block access to the device until a sum of money is received.
There are also other forms of cyber attacks where cyber criminals look for vulnerabilities within a technology and turn it to their advantage. “Some of these security breaches are much harder to detect and can only be identified using advanced security systems,” said Rajat Mohanty, chief executive officer, Paladion Networks, a cyber security firm.
What should you do?
“There is nothing called 100% secure. Anyone who says that their system is 100% watertight neither understands technology nor risk management. You can only manage and minimize the risk,” Modi said. At the institutional level, mechanisms have been put in place for constant monitoring of the systems. Certainly, more needs to be done. “When a customer makes a purchase (online), the business loses control of a large portion of the transaction interaction as customers use a variety of devices, operating systems and browsers to access e-commerce sites,” said Rana Gupta, vice-president, Asia-Pacific, identity and data protection, Gemalto, a digital security firm.
Gupta said that mobile e-wallet companies must look at a layered approach to data security that provides protection at every stage of the payment and business service ecosystem, such as: better access control techniques, stronger authentication measures and use of end-to-end encryption and proper key management.
While financial institutions like banks and mobile e-wallet companies take steps on their part to safeguard information, users too need to take precautions. After all, even a single negative experience could harm your trust in digital transactions. “There will be millions of users who have poor security awareness and low level of security protection of their devices. Attackers will target them to carry out frauds— these will be low value per individual but the volume will be high,” Mohanty said.
If you end up being a victim of cyber fraud, immediately get in touch with the bank or e-wallet company. If reported in time, the damage can be minimized. According to RBI, banks are responsible for security of the debit cards they issue and hence, in case of any monetary loss on account of breach or failure of security, the bank is liable to bear the loss. However, if a fraud takes place and “customer reports beyond 7 working days, customer liability will be determined based on bank’s Board approved policy,” RBI had said in a circular.
That being said, basic cyber hygiene helps in keeping trouble at bay. You must never share passwords with others nor should you save them on public computers. Use security measures such as receiving a one-time password (OTP) for every transaction.
This adds another layer of much-needed protection to the entire transaction process. Do not click on links that come through SMSs or emails as these may lead to inadvertent downloading of malware programs that can steal sensitive data from your mobile device or computer. Malware attacks can also be avoided by steering clear of untrustworthy websites and unverified apps.