Digital transactions have now become the need of the hour in Indian economy. Various factors such as better IT infrastructure, internet connectivity, demonetization drive by Govt of India and an increased number of players providing digital payment solutions have given a boost to digital payment system.
With the advent of this new mode of making payment, there needs to be enhanced emphasis on the issues such as cyber-security. Ensuring a fraud free mode of payment helps retain trust of the online users in adopting this mode of payment incessantly.
Keeping the concern of cyber-security in view, IIM Bangalore in collaboration with the Centre for Software and IT Management (CSITM) recently conducted a study at IIM Bangalore focusing upon the cyber-security risks that the digital payment solutions carry if any.
Rahul De, Chairperson, CSITM, and faculty in the Decision Sciences and Information Systems area at IIM Bangalore said that “We conducted experiments with five popular mobile payment systems, in four broad categories – wallets (PayTM, FreeCharge), direct link with user’s bank (BHIM), specific bank’s app for account holders (iMobile by ICICI Bank), and basic USSD service (dialing *99#).”
The study evaluated digital payment apps on the below mentioned six key security principles based on the Basel Committee's ‘Risk Management Principles for Electronic Banking’ and RBI norms for electronic banking transactions:
• The potential for confidentiality breaches
• The management of the transactions for subsequent repudiation
• The strength of the authentication process
• The data and transaction integrity procedures
• The extent of access and availability of services
• The procedures for maintaining privacy of customer information
Results of the Study
- The research study pointed out some serious privacy and security concerns. For instance, some e-wallet apps like PayTm allow automatic linkage with third party vendors. This can result in automatic amount deduction from the user’s account without the consent of the user.
- Confidentiality breaches were potentially possible for almost all the mobile payment solutions except USSD.
- Another major security concern was that many apps (such as PayTM, Freecharge) do not log the users out automatically. This means that anyone in possession of a phone with such apps can make digital transactions using that account, even if it is not the original owner.
- In contrast, apps like iMobile and BHIM come with a session time-out feature that acts as an auto-logout security mechanism.
Rahul De has also criticised the inadequate management of transactions in these digital solutions apps and termed them as a security violation. The study on digital payment apps was conducted from December 16 to January 17 and as far as limitations of the study is concerned that there might be changes made to these apps since then.
We hope that the research study conducted by IIM Bangalore will aid the digital payment service providers fix their existing loopholes and make the user experience more safe and trustworthy.
For more updates on the recent developments on IIM UPDATES, keep visiting MBA section of jagranjosh.com
Recent Developments in IIMs