Since day one, the Prime Minister of India Narendra Modi has been promoting the dream of cashless society in India, urging the people to use mobile banking and e-commerce technology in their day-to-day life. That’s an imminent future, but now a new question arises: how secure are e-wallets for the nation?
Since last 40 days, Paytm is making waves with its aggressive marketing strategies – by airing television commercials or by putting full-page advertisements (almost every day) in national newspapers. There is no denying of the fact that for such e-commerce companies, the demonetization-to-digitisation process has become an attractive business proposition.
In last two days, Paytm has made headlines for showing its weakest side of security compliance. On Thursday, thousands of customers all over India complained that Paytm servers were down for at least 1-2 hours, affecting transactions in large numbers.
Next day, in an official release, the company admitted that by saying, “Paytm has identified about 48 fraudulent users in the physical goods marketplace business, who was trying to game the company’s consumer friendly practices.” Paytm indicated that some users were misusing consumer-friendly return and refund policies.
However, Paytm also assured that its marketplace has robust risk management practices and regularly reports users who try to game the company’s fair usage policies.
Why Paytm still need credentials?
Surprisingly, one of the complaints was none other than internet-guru and senior cybercrime expert, Vijay Mukhi. He made a complaint with India Today saying, “Paytm for me was down for 90 minutes and for my wife 60 minutes. Lots of people faced the same problem on social media as well.”
He was quite critical on Paytm’s services. “I cannot trust Paytm because banking should be like electricity or water. It should work 24/7 without a glitch. The bigger problem was that inspite of filing a complaint, there was no response from Paytm.” He advocated that people should always carry cash as they cannot trust technology to be reliable.
Market analyst and vice president of Pratibhuti Viniyog Securities Ltd, Suniil Pachisia said, “Initial reaction was very encouraging but once the number of users is increasing we have already come across the scam. Besides, there are full chance of misuse of data and and legal action will have to challenge in origin country.”
Pachisia believes that it is very unlikely to stop frauds through such applications, which will be used through our mobile phones. He said, “Security breach is always going to happen and still we are way behind in the stopping of frauds happening in credit/debit and ATM cards.”
Even bankers are having their own fears. Meera Sanyal, former banker kept a point that United Payment Interface (UPI) launched by RBI itself, is more secure as it’s based on the IMPS platform developed by RBI/NPCI and uses double factor authentication.
What are the major concerns?
In last few months, at least one dozen e-wallet entities have emerged to get the bigger cake of digital business. Some are: Paytm, PayUmoney, Mobikwik, Citrus Pay, SBI’s Buddy, Vodafone’s M-Paisa, Citi Masterpass, ICICI Bank’s Pockets and SBI’s Mobicash.
Experts argue why for paying Rs 10/20/50/100 rupees, people in India require Paytm and others. “It shows inefficiency on part of RBI to put smaller currencies in system. It’s like a person moving in open market with a self-signed cheque”, a market analyst said.
“Indian money is not safe anymore with chances of more frauds and hacking happening. Stopping these cybercrimes would be a tedious task for mobile operators. And what happened in case of mobile phone is lost”, Pachisia feared.
The ownership pattern could become another major issue for Paytm in bad times. World’s largest e-commerce player and Chinese giant Alibaba is the single largest shareholder of Paytm.
Cyber Law & Security Expert, Advocate Prashant Mali said, “We have that slight risk of data exported to China about consumer spending and behaviour by Paytm, if China exerts pressure or threatens to pull out.”
Banking expert V S Girish has a similar opinion. According to him, the money would remain safe with such companies, but not the data. “It is the transaction history that is stored in the servers overseas. Money does not go out of India. The challenge is: will the Indian law enforcement agencies get access to the data?”, Girish noted.
What does Information Technology (IT) Act says?
When it comes to financial data, Indian IT Act 2000 has clearly mandated that any sensitive personal data of clients before sharing with a new legal entity requires permission of the client and this has to be done every time the data gets shared further.
“The ministry should behave as a regulator and implement these rules formulated in 2011. I think not sharing financial data with investors should be made a mandatory rider in India’s FDI policy for such e-wallet companies too”, Mali added.
Mukhi advocated that rules should be simple in India, pointing out that, “All e-wallets need to have their server and backup servers in India. We are going digital but the infrastructure to take care of digital does not exist. This includes relativity and security”, Mukhi said.
If experts are to be agreed with, e-wallets make money in two ways: one from transaction costs, and other called floating income. The money you put in your Paytm wallet stays in Paytm’s bank account. The interest earned out of it constitutes the floating income.
“UPI is therefore a far better option for Indians wanting to transact digitally-zero transaction cost and you earn interest on your money rather than Paytm”, Sanyal said.
A detailed questionnaire sent by India Today to Paytm enquiring about their security wasn’t replied by the company.
As of November 21, 2016 Paytm had registered 5 million new users and over 7 million transactions worth Rs 120 crore in a day. “The company is currently doing more transactions than the combined average daily usage of Credit and Debit Cards in India,” the company had recently claimed.
Also Read: Paytm lost over Rs 1500 crore in FY 16
Some tips for using e-wallets
Cyber Law & Security Expert Prashant Mali advocated some guidelines for using digital payment systems. They are mentioned as below:
— Keep up to Rs 2000 in your Paytm or any other mobile wallet. Its better keep money in two different wallets from two different companies.
— Whenever you require money you can immediately transfer it from bank account into wallet and use it. The risk is less here.
— Never store bank details in the wallet.
— Your wallet is linked to your phone number. So someone can block your SIM, withdraw money after procuring the SIM on fake papers from another gallery. So once the mobile is seen to be blocked or gets lost, immediately call the wallet company (and your bank) to get your accounts blocked.
— It is better to use different wallets than park all money with same wallet company and you can even use bank wallets to keep your data in relatively safer hands.