With the increased take up of digital transactions, safety and privacy concerns have cropped up in recent times. To address such issues, the Reserve Bank of India (RBI), in its bi-monthly monetary policy said it will create a central registry to monitor digital payments related frauds.
This tracking would enable the central bank to keep an eye on such frauds on a real-time basis to improve consumer confidence in the digital channel. This registry will improve monitoring standards and analysis of the fraud and help RBI collate periodic data for customer awareness.
RBI governor Shaktikanta Das has said that payment system participants will be provided access to this registry for near-real time fraud monitoring. The aggregated fraud data will be published to educate customers on emerging risks.
The detailed framework on the proposed registry would be released by the regulators in October. At present, RBI’s Central Fraud Monitoring Cell is used to monitor frauds in banking system. The proposed registry will extend the platform to all payments operators.
“With the digital payment ecosystem making substantial progress in terms of growth of payment infrastructure as well as volume and value of digital payment transactions, fraud risk monitoring and management by the stakeholders have assumed importance,” Das said.
The development can be seen in the light of RBI’s strict stance on data localisation for payment companies. In April 2018, RBI had issued a circular asking all payment system operators in the country to store data – pertaining to their customers – within India. The move was geared towards ensuring that user details remain secure against privacy breaches. The payment system companies had been given six months to comply with the localisation norms.
While several players such as Paytm etc complied with the norms, even Reliance emphasised on the requirement and a framework for data localisation to ensure cyberattacks are prevented.
The constant concerns around the misuse of user’s personal data has raised talk about the frauds with the use of digital medium for payments. In May, reports surfaced that the user database of Truecaller is being sold on internet forums on the dark web. The alleged leaked database included names, phone numbers and email addresses of some Truecaller users, which the poster claimed to have acquired through a data breach.
A web privacy research group, vpnMentor had found data breaches in two Indian fintech startups — Credit Fair and Chqbook on July 24. vpnMentor said in blog post, “our team discovered that both Credit Fair and Chqbook’s entire databases were unprotected and unencrypted. Credit Fair uses a Mongo Database, while Chqbook uses Elastic Search, neither of which were protected with any password or firewall.”
In May, India was reported as the second most cyber attacks affected country between 2016 to 2018. The average cost for a data breach in India has risen 7.9% since 2017, with the average cost per breached record mounting to INR 4,552 ($64). The Reserve Bank of India too recorded a total of 2,059 cases of cyber fraud in 2017-18 as compared to 1,372 cyber fraud cases in 2016-17.