By Ibu Sanjeeb Garg
Beating the Rhetoric
On November 8, the NDA Government announced the new demonetisation policy. Barring a few exceptions the Rs. 500 and Rs. 1000 currency notes ceased to exist as legal tender thereby losing their value. This move announced by the Government stands on two stated objectives, (a) to curb black money and (b) to push India towards a cashless economy. Since then there has been a massive drive towards opening of accounts as well as payments and receipts through cashless medium including online payments and plastic cards. In a nation where 86% of the transaction happened in cash this indeed is a brave stance as well as a tectonic shift.
Since the declarations, much has been written on the aspects of whether this move would be effective towards curbing black money or not. Others have spoken about how some countries of the world rely heavily on plastic money for example the US while other equally developed nations prefer the cash route like Germany. Steps have been taken by the government to promote cashless economy further by announcing rebates when payment is made by plastic money. The Ministry of Human Resource Development has unveiled a plan to enrol Digital Ambassadors. The NITI Aayog has plan to incentivise districts that promote cashless economy. A Chief Ministers’ Group to boost digital payment and prepare a roadmap has been formed.
In the backdrop, however, one issue that has not evoked much interest is the security challenges to cashless payments both plastic as well as those conducted via internet and the legal issues attached to them. In October this year the country was rocked by the news of 3.2 million debit cards being compromised. These included cards of Visa and MasterCard stable and belonging to various banks including ICICI, Axis bank among others. While the exact extent of damage of the same could not be gauged it clearly indicates the vulnerability that digital money faces. Another report on May 17 this year by cyber security firm Symantec revealed that the cyber threats in India have increased exponentially over time and that it had traced breaches to several Indian organisations back to a cyber espionage group called Suckfly. A week later, another cyber-security firm, Kaspersky Lab, announced that it too had tracked at least one cyber espionage group, called Danti, that had penetrated Indian government systems through India’s diplomatic entities.
These examples show that the threat of cyber damage is real and it could wreck the country’s economic strength if it gains access to either the bank accounts or the stock market. Thus it is important to look at the vulnerable areas as well other gaps that have to be filled and prepare ourselves for these new set of challenges. As the Symantec report would tell us a large number of organisations were breached because the malware ( a form of virus ) was able to sign in with stolen digital certificates. A similar modus operandi was launched when the Stuxnet virus was triggered. Hence protection of digital certificates must be the most important step that must be taken .Organisations must ensure that digital certificates as well as digital signatures are safe in their custody .
The second aspect that must be looked at is the safety of the RBI so that money cannot be siphoned off. Recently attempts were made in Bangladesh to siphon off $ 800 million from the Central Bank of Bangladesh,. While the heist could not be completely successful it does brings into sharp focus of central banks. Stronger digital safety measures should be introduced and organisations like RBI , SEBI and other major agencies should have a dedicated cyber security staff off its own including a Chief Cyber Security Officer.
Thirdly while India has been a powerhouse when it comes to software technologies its contribution towards homegrown cyber safety softwares has been negligible. The Make In India would be a good platform for start-ups to focus on cyber security. The “2016 Cost of Data Breach Study: India” reported that the average total cost of a data breach paid by Indian companies increased by 9.5 percent, while the per capita cost increased by 8.7 percent and the average size of a breach grew by 8.1 percent. Additionally, 41 percent of Indian companies experienced a data breach as a result of a malicious or criminal attack — the most common root cause of a data breach. Thus cyber security can offer a great avenue for start ups to work upon.
Fourthly India needs a comprehensive separate legal paradigm to deal with cyber security. Cyber threats as we know them have changed their format in the last decade and hence the effects vary. Cyber threats may range from email hacks to siphoning off bank funds or crashing the stock market by dumping stocks at the fraction of a cost. These are different levels of crime and hence the treatment must be meted out in a differential manner. Yet at this point the legal paradigm does not recognise these nuances in totality. Hence a comprehensive Cyber Security/Threat bill must be introduced which would recognise each of these threat levels and address them in proportionate manner. The proposed Singapore Cyber Security Bill can provide a good template in this regard.
The fifth most important aspect however is education of the masses. A large number of people are being pushed into digital transactions as well as other mediums of payment like PayTM. The people must be educated effectively as to how these mechanisms operate . Simple steps like urging people not to share their ATM PIN or net-banking password would go a long way in ensuring no security breach. While those who use other online forms of payment must be educated about permissions and what they can allow the applications ( popularly called apps) to do or not do. For example some apps read all contacts while others automatically read the phone text messages. Users should be made aware of these provisions as well as helping them in making correct choices. The government must also vigorously push its own payment mediums like UPI interface or the use of RuPay cards.
Cyber security poses a major challenge to the security of the nation. With the economy of the nation now being hardwired into the digital medium cyber threat emerges as a larger challenge than ever before. Hence it is time India rises up to the challenge and combat it effectively.
( Views expressed are personal)