Map Check: Latest Episode of Data Leak Exposes Vulnerability of Indian System
The government may be selling Digital India on the basis of a robust digital payment infrastructure, but the point is, without proportionate security it will be difficult to maintain. CERT-In has advised organizations on security threats, and banks have been diligent. Yet Indian user data breaches have increased in recent years. The most recent leak concerns information about 1.3 million bank cards available for sale on the dark web. Reports indicate that 98% are owned by Indian banks, of which 18% are owned by a single banking entity. Although the RBI has taken action, asking banks to replace all cards and look into the matter, Indian banks need a more proactive approach to security as this is the key to security. third major violation in as many years. As of October 2016, 3.2 million cards compromised in a similar breach were reported.
From a user perspective, it would be preferable to migrate to online payment systems and options. A virtual card or QR code is much more difficult to decode, but banks are also having to push for end-to-end encryption for PoS terminals. As most thefts occur in PoS and ATM terminals, banks need to develop a system where only certain information is exposed and this too in encrypted form. Most importantly, cyber checks should be in place quarterly, not after a crisis. With UPI reaching one billion transactions and surpassing debit / credit cards, and AEPS becoming a convenient mode, the government is moving towards more secure modules. But, until complete change occurs, safety must be the top priority.