December 14, 2016 2:49:35 am
The Indian Computer Emergency Response Team (CERT-In), the nodal agency to deal with cyber-security threats, is conducting an audit of the National Payments Corporation of India (NPCI), as a preemptive measure in the backdrop of a surge in digital transactions, a senior official at the Ministry of Electronics and Information Technology said.
“We are taking a constant review of the entire IT architecture of the country. This includes audit, review, and hardening of security walls by several agencies including Intelligence Bureau, NIC, CERT-In and other security establishments. CERT-In is also undertaking a full-scale audit of NPCI,” the official said.
What Else is Making News
The NPCI manages various digital payments modes in the country including the Unified Payments Interface (UPI), National Unified USSD Platform, or the *99# banking service, and also operates the RuPay payment network. With an aim of monitoring various movements happening in the digital payments ecosystem around the globe, the government has also set up a ‘Digital Payments’ division within CERT-In, which is a five-member group to look into any incidents that could be a threat to the security of financial technology systems in India.
The official also said that CERT-In would also conduct two drills this month – one with NPCI, and other with banks – to take a stock of the measures taken by these organisations to close vulnerabilities pertaining to cyber-security issues. “The government has also issued a communication to all digital payment agencies to immediately report any unusual movement to CERT-In,” he added.
Meanwhile, chipset maker Qualcomm on Tuesday said that wallets and mobile banking applications in India are not using hardware level security which can make online transactions more secure. “… most of the banking or wallet apps around the world don’t use hardware security. They actually run completely in Android mode and users’ passwords can be stolen. Users use fingerprint which might be captured … in India that is the case for most of all digital wallets and mobile banking apps,” Qualcomm Senior Director Product Management Sy Choudhury was quoted by PTI as saying.
Experts have suggested that due to the shortened time frame for launch of financial technology products, there is high likelihood that all processes were not followed, thus raising possibility that appropriate testing for cyber-security was not performed.
This is likely to expose these products or services to various threats. Some cybersecurity companies, on back of these red flags, have also witnessed increased demand from their financial services clients to ensure any vulnerabilities are addressed before any breach occurs.
Panel formed to review IT Act
A closed group has been formed under the Secretary of Ministry of Electronics and Information Technology Aruna Sundararajan to review the Information Technology Act, in order to make it “more deterrent” to cyber threats. “If there is any need for reinforcement in the laws, this group will give suggestions,” a government official said.
“IT has a security angle as well. So there’s involvement of Cabinet Secretariat, National Security Advisor, then there’s a crime angle that involves the home ministry. So a review will be done in coordination with all these stakeholders,” the official said. ENS
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.