Digital payment firms pad up against hacker attacks
A spurt in digital deals and payments in the wake of demonetization may have spelled to digital wallets and mobile payment companies, but it has also increased threats from hackers. This kind of has prompted many such companies to conduct special audits with their security as recommended by the Reserve Bank of India and add extra levels of security on their platforms.
RBI recently put out a notification recommending all prepaid payments device players or PPIs to carry out a special audit of their security systems on a concern basis through security auditors empanelled by CERT-In and take steps to conform to the findings of the audit report.
The government also knew as for an audit of the financial sector, beginning with the National Payment Corporation of India, as well as the review of the IT Act in the light of threats of cyber attacks and hacking by groups such as Large group, which recently claimed to have hacked into several high-profile Twitter accounts.
“The scope of the device review includes analysis of the hardware structure, systems, and critical applications, security and controls in place, including access controls on key applications, disaster recovery programs, training of personnel controlling the systems and applications, documentation, ” RBI said in the notice to any or all prepaid payments companies, including mobile wallet companies.
“We have initiated a comprehensive audit of our systems as per RBI instruction to ensure that the system is fully secure and no vulnerability is present, ” said Jitendra Gupta, founder of Citrus Pay out. “We will undertake a check into our prepaid wireless systems, access, user authentication, virus scan, external gain access to and server security”. Rohan Khara, director of products at MobiKwik, said the company has begun the procedure with an RBI-approved company to conduct an audit. “We are about to close the review process soon, ” this individual said. RBI has asked payment companies to discuss the names of auditors by December 21.
“Our platform complies with PCI DSS and other requirements and we have started the procedure to conduct the audit as per assistance received from RBI”, said Transerv CEO Anish Williams. “Additionally, we continue to closely monitor customer interactions and strengthen our risk management framework on an ongoing basis. ”
“While our existing measures give a watertight security to our systems, we are still on the lookout for unknown threats to treat, for which we also invite white-hat hackers to find potential threats in our systems, ” a Paytm spokesperson said.
MobiKwik and Paytm have added additional security features to their platforms in recent times, especially to avoid fraudulent deals in case the phone is misplaced or stolen. Paytm recently up-to-date its Android mobile application to allow users to the phone’s screen-lock security password while making payments through the app.
MobiKwik also launched a security pin number on its Android software a week ago wherein the end user will have to get into a six-digit pin. “On iOS, we have a biometric authentication, which makes the user himself the password, ” Khara said.
The companies said they may not have confronted any complaints or opinions of frauds or cyber attacks on their platforms so far, even as they scale up rapidly to capitalize on the cash crunch induced by demonetization.