A digitally-empowered society has only one major nemesis – breach of information security. The productivity and convenience of living in a highly interconnected and digitised world do come at a price. The more digitised data drives us in our daily lives, the more exposed we may get to it being stolen or compromised. Naturally if not tended to as desired, such security breaches lead to significant financial and reputational losses and emotional distress.
India, a largely cash-based transactional society, has begun waking up to the new world of digital wallets, micropayments, and cashless transactions in last quarter or so. According to the government estimates, we will experience about 2500 crore digital and cashless transactions in 2017-18 to occur across digital payment modes. Obviously, the risk exposure has just become even more profound for end-consumers like you and me.
Here, we must remember an age-old adage that’s as clichéd as it can get – a chain is only as strong as its weakest link. While financial institutes, regulatory authorities, and technology platform companies would continue to work with security experts and solution providers to safeguard our money against risks, breaches, and thefts, the buck also stops with us.
Drawing from my individual and corporate experience of information security, in addition to having stronger passwords etc, we would recommend ten ways to keep us safe in the digital and cashless transactional society:
1. Improve your awareness: Lack of awareness exposes you to a highly risky environment. You need to be clued into the latest developments on the kinds of risks occurring around you, the modus operandi of perpetrators to steal your belongings, and the features your financial institutes and technology providers are adopting to keep you safe in the online world. Vishing (voice phishing), phishing and other social engineering frauds can be only dealt with the spread of awareness.
2. Avoid complacency: Just as you would be careful about your wallet in a crowded place, you should pay attention to how and from where are you accessing your digital transaction platforms, such as digital wallets, banks’ apps, Unified Payment Interfaces, Aadhaar-enabled Payment Systems (AEPS), Netbanking (RTGS/NEFT/IMPS), and debit/credit cards. Similarly, you need to be careful with your passwords, PINs, and OTPs.
3. Don’t download from third-party app stores: Established and branded app stores or marketplaces for mobile apps are largely regulated, monitored and sanitized. However, third-party app stores that are frequented for gaming cracks, hacked version of paid apps and more, are usually the breeding ground for vulnerabilities. Such apps may be riddled with concealed backdoors that leverage software vulnerabilities to compromise data on your devices.
4. Don’t talk to strangers: Accepting apps, images or video files from strangers on a communication platform such as WhatsApp may expose you to similar vulnerabilities. Using steganography techniques, malicious codes can be hidden in such files to infect and breach your devices.
5. Don’t auto-download media on WhatsApp: Similar to the above point, toggle the option to auto-download media on WhatsApp. It not only saves the unnecessary bandwidth but also ensures that you don't inadvertently download a compromised image or video file onto your smartphone.
6. Update regularly: If you need to keep an auto option on, then it rather should be the auto-update of the apps on your devices. No software is completely secure straight out of the box. It’s an iterative process and the developers release updates to remove bugs, improve features, bolster security and plug vulnerabilities.
7. Limit your exposure: While using digital payment apps or wallets, limit your risk exposure by adding smaller amounts to your wallet account. In the case of a breach, your loss would be limited to the amount in the wallet.
8. Accept security over convenience: Usually, there are two aspects of digital transactions that plague us – remembering PINs and passwords, and multiple-factor authentication processes. However inconvenient, these processes are what keep us safe. Commit card PINs and netbanking passwords to memory and not make these unnecessarily accessible to perpetrators by storing these in your devices or writing it down. Avoid transacting on websites or on platforms that do not subscribe to two-factor authentication i.e. a transaction would be authenticated not just by a password but would need an OTP or biometric input as well.
9. Secure your wireless connections: From our Wi-Fi routers to our computers, to our smartphones, and to smart home appliances, all are increasingly interconnected wirelessly. As we progress into the new Internet of Things (IoT) realm, we need to ensure that we secure the Wi-Fi connectivity across such myriad of devices. To begin with, you should always opt for WPA (Wi-Fi Protected Access) or WPA2 encryption standards instead of the weaker WEP standard. Secondly, you must maintain a stronger alphanumeric password combined with special characters. And, change it regularly. Avoid open Wi-Fi networks or unsolicited Bluetooth connections.
10. If attacked or compromised, do report: Often victims of online frauds, scams, breaches, or social engineering attacks avoid reporting the crime because of three possible scenarios – fear of hassling with law enforcing agencies, the quantum of financial loss is not quite significant, or lack of time. Without sounding preachy, victims of digital crimes need to understand that their reporting may or may not help them recover their losses, but will surely inform us about such occurrences, their modus operandi, and improve the overall awareness for stakeholders to significantly secure the digital and cashless India.
Article contributed by Rishikesh Kamat, Associate Vice President - Products & Services Netmagic.
