GoI to enhance security framework for digital payments

By Vishal Chawla Dec 6th 2017
GoI to enhance security framework for digital payments

Among rising cyber-attacks and data breaches, the Indian government has been working to strengthen the legal framework for cybersecurity standards.

Since demonetization, the volume of digital transactions in India has been increasing by leaps and bounds. The country witnessed an all-time high of 965 million digital transactions in the month of October 2017 as per RBI data. In fact, the Indian digital payments market is expected to grow past USD 500 billion by 2020, according to the 'Digital Payment in India 2020' report by Google. 

 G. Narendranath, Deputy Director General (Security Assurance), Department of Telecommunications, Government of India

In addition to making tampering of IMEI numbers a cognizable offense, we are working on a central repository of IMEI numbers across the country. This will help stop digital frauds.”

G.Narendranath, DDG (Security Assurance), Government of India

Earlier, the government’s focus had been centered on expanding the digital infrastructure and propelling India towards a cashless economy. Now, it is shifting to the safety of sensitive data stored on the same infrastructure. With help from the public and private stakeholders, the government has taken up the initiative of strengthening the security framework for smooth movement of electronic funds and prevention of fraud across financial platforms, told G. Narendranath, Deputy Director General (Security Assurance), Department of Telecommunications, Government of India, speaking at the Financial Inclusion Global Initiative (FIGI) symposium held recently in Bangalore. "Chief Ministers Committee on Digital Payments recommended that we have a separate body to examine the security aspect. Presently, there are two groups actively working on security, one to make payments system more secure and robust, and the other looking into the underlying technology. Their reports, which are due in a short time, will be submitted to the government." 
 
Service license amendments 
For the expansion of telecom services across different zones in India, the department of telecommunication has added various amendments in license agreements so that service providers strictly follow the security guidelines. "When you look at the infrastructure part, we have improved the license conditions through amendments. The subsequent licenses have security-related clauses and ensure that each service provider has a security policy as well as other measures to check the network is secure. It is mandatory that network elements are tested before they are put into place. We have also issued guidelines on logging and reporting of security events," told Narendranath. 
 
Central Equipment Identity Register (CEIR)
The Department of Telecommunication is also implementing a Central Equipment Identity Register (CEIR) that will connect the International Mobile Equipment Identity (IMEI) database of all mobile operators, and serves as a central repository of all operators' blacklisted mobile terminals. This has been done for the purpose of preventing blacklisted devices in one network from working with other networks, even if the SIM card is changed. This renders the device useless for criminals to carry out any fraudulent activity. "In addition to making tampering of IMEI numbers a cognizable offense, we are working on a central repository of IMEI numbers across the country. This will help stop digital frauds," added Narendrnath.
 
What RBI brings to the table?
Being the apex bank, the Reserve Bank of India has also been playing an active role to ensure the safety of digital payments in India. In June 2016, RBI issued guidelines asking banks to strengthen cybersecurity protocols and asked them to report all incidents of breaches. However, the banking system was attacked by one of its biggest security breaches in October of the same year, when more than 6 million debit cards were reported to be compromised. 
Considering the severity of the situation, in February 2017, RBI constituted an inter-department Standing Committee on Cyber Security to establish an ongoing system of security review and analysis of the emerging threats. Then again, in the month of August of 2017, RBI issued a specific cyber-security framework in banks, mandating them to put in place a board-approved security policy, which covers the risks from cyber threats and the measures needed to address those risks. 
 
Embracing digitization in the time of cyber-attacks
For the past couple of years, the world has witnessed cyber-attackers exploiting numerous security vulnerabilities present both on devices and in the operating systems. The Indian Computer Emergency Response Team (ICERT) reported more than 27,000 security threat events in India during the first half of 2017. Due to such high volume of security incidents, it has become imperative on the government’s part to help formulate an ecosystem where transactions can take place smoothly, and without large security threats. Poised at a nascent stage of embracing digitization, India certainly needs a comprehensive security framework. 
“There is a framework in the country that is actively working on the cybersecurity aspect and there is a rigorous and continuous examination of financial products with the increasing evolution of technology,” told Narendranath.

LATEST