In recent times, India’s financial systems have been heavily targeted by malicious cyber actors due to an indefinite cyber framework. This can be further explained through the cyber attack instances of millions of debit cards being hacked in the past few years.
About 70% of the organizations have experienced some form of cyber-attack with phishing, Distributed Denial of Service (DDoS) or spam. The rising incidents of cyber frauds in digital payments, the Hitachi ATM data breach in 2016, surge in ransomware attacks such as Wannacry and Petya, Yahoo data breach etc. signifies that India requires updated technologies as well as policies to protect millions of personal data.
The breach of the latter isn’t just a done to hinder daily activities, but also a carry forward to activities such as cyber-espionage which are an attack to a country’s national security.
Global Systems Of Hacking
The attackers today are progressively building advanced technologies to target core banking systems especially concerned with payments. Their activities are becoming more and more aggressive and assertive than before to interrupt the victim’s capability to respond. They are further collaborating across multiple geographies heightening the attacker’s anonymity by requiring no additional resources to carry out the attacks.
As hackers are operating globally and collaborating across multiple geographies, it is therefore fundamentally critical to ensure that jurisdictions and organisations across the world collaborate to counter this growing threat. In the new era of digital payments, where technologies are constantly changing and evolving, there are numerous cybersecurity challenges to consider.
Cyber-attacks are more sophisticated and now target the entire payments life cycle.
Need For A Coordinated And Integrated Approach
Silos that exist between lines of business, payment operations (across payment types, business functions, and geographies), cybersecurity, risk, compliance, technology, treasury, and business continuity hamper the carefully coordinated response needed to prevent, detect and respond to attacks.
The ability to collect and holistically analyse complex data sets across an organisation’s operational architecture is critical for a robust cyber security mechanism. This forms the bedrock of global cybersecurity procedures where such analysis is an essential part of their systems, especially in the case of financial data, as real-time transactions which happen at different time zones throughout the world require seamless integrations brought about by cross-border data flows.
One of the best examples is credit card fraud detection at the point of sale, where the domestic systems can analyse the purchase and location real time the moment a card is swiped. If any inconsistencies take place, the system can catch it and prevent the fraud from happening.
Patterns of fraudulent activity can only be detected on platforms that enable cross-border data flows. Moreover, many times organisations collaborate with private and public sector stakeholders towards external analysis, which is dependent on the free flow of data.
Risk Distribution Instead Of Risk Concentration
The digital payments revolution is slowly picking up in India, with developments such as the proliferation of smartphones enabling rural consumers, the introduction of zero balance account resulting in financial inclusion of larger population and the Jan-Dhan scheme to curb subsidy leakage.
This has enhanced the demand for emerging technologies and robust payment infrastructure that is secure and efficient at the same time and is able to meet the need of one of the world’s largest economies. This calls for storing all the information centrally, locally, will make the data for vulnerable to cyber threats and attacks, as opposed to distributing it across different infrastructure across the globe.
Concentrated storage increases the risk to data thefts by unauthorised actors as their increases their likelihood of breaching the ‘honeypots’ with large scale impact. While on the other hand, distributed data-sets, such as on the cloud, helps in the ‘distribution of risk’ where data is less vulnerable to attack and can be secured if one of the jurisdictions where its stored faces threat, while the overall breach is contained in one location by not providing the entire access to data sets.
Moreover, while going cashless will be beneficial for the nation, it requires the rapid building of a safe and secure digital payments infrastructure to facilitate this change at the back end, which can only happen if data is allowed to flow across borders.
End-to-end security through unbreakable encryption and multiple-factor authentication should be incorporated into payment systems by default. It will help protect against SIM takeover and phishing fraud through real-time fraud scoring during authorization which indicates the likelihood of any fraudulent transaction.
Moreover, understanding consumer behaviour, peer group analysis and a strong redressal system are a few measures that help in reducing risks. Additionally, the blockchain technology that helps firms migrate from centralised to decentralised models of business and operations not only reduces costs but also minimises risks, thereby helping prevent cyber attacks.
In the age of Industry 4.0, our digital payments ecosystem requires a sophisticated and nuanced approach to walk the tightrope of enhancing the access of digital payments to millions of people, improving services to seamless transactions, enhancing convenience, and doing all of this in the most secured manner.
This path can only be walked if the regulations and policies support models that apply next-generation technologies to counter the rise of cyber threat. To get there, we must ensure our cybersecurity roadmap integrates with the global payments chain, otherwise isolating ourselves from the rest of the world will only increase the risk.
The article is co-authored by Kazim Rizvi, the founding director at The Dialogue and Mrittika Guha Sarkar.
This is the third article of a five-article series and is based on a recent study around Digital Payments in India, conducted by The Dialogue, emerging research and public-policy think-tank. Check all the articles here.