10 Ways For safe Digital And Cashless Transaction
A digitally-empowered society has only one major nemesis
– breach of information security. The productivity and convenience of living in
a highly interconnected and digitised world do come at a price. The more
digitised data drives us in our daily lives, the more exposed we may get to it
being stolen or compromised. Naturally if not tended to as desired, such
security breaches lead to significant financial and reputational losses and emotional
distress.
India, a largely cash-based transactional society, has begun waking up to the
new world of digital wallets, micropayments, and cashless transactions in last
quarter or so. According to the government estimates, we will experience about
2500 crore digital and cashless transactions in 2017-18 to occur across digital
payment modes. Obviously, the risk exposure has just become even more profound
for end-consumers like you and me.
Here, we must remember an age-old adage that’s as clichéd as it can get – a
chain is only as strong as its weakest link. While financial institutes,
regulatory authorities, and technology platform companies would continue to
work with security experts and solution providers to safeguard our money
against risks, breaches, and thefts, the buck also stops with us.
Drawing from my individual and corporate experience of information security, in
addition to having stronger passwords etc, we would recommend ten ways to keep
us safe in the digital and cashless transactional society:
1.
I Improve your awareness: Lack of awareness exposes you to
a highly risky environment. You need to be clued into the latest developments
on the kinds of risks occurring around you, the modus operandi of perpetrators
to steal your belongings, and the features your financial institutes and
technology providers are adopting to keep you safe in the online world. Vishing
(voice phishing), phishing and other social engineering frauds can be only
dealt with the spread of awareness.
2.
Avoid complacency: Just as you would be careful
about your wallet in a crowded place, you should pay attention to how and from
where are you accessing your digital transaction platforms, such as digital
wallets, banks’ apps, Unified Payment Interfaces, Aadhaar-enabled Payment Systems
(AEPS), Netbanking (RTGS/NEFT/IMPS), and debit/credit cards. Similarly, you
need to be careful with your passwords, PINs, and OTPs.
3.
Don’t download from third-party
app stores: Established
and branded app stores or marketplaces for mobile apps are largely regulated,
monitored and sanitized. However, third-party app stores that are frequented
for gaming cracks, hacked version of paid apps and more, are usually the
breeding ground for vulnerabilities. Such apps may be riddled with concealed
backdoors that leverage software vulnerabilities to compromise data on your
devices.
4.
Don’t talk to strangers: Accepting apps, images or video
files from strangers on a communication platform such as WhatsApp may expose
you to similar vulnerabilities. Using steganography techniques, malicious codes
can be hidden in such files to infect and breach your devices.
5.
Don’t auto-download media on WhatsApp: Similar to the above point,
toggle the option to auto-download media on WhatsApp. It not only saves the
unnecessary bandwidth but also ensures that you don't inadvertently download a
compromised image or video file onto your smartphone.
6.
Update regularly: If you need to keep an auto
option on, then it rather should be the auto-update of the apps on your
devices. No software is completely secure straight out of the box. It’s an
iterative process and the developers release updates to remove bugs, improve
features, bolster security and plug vulnerabilities.
7.
Limit your exposure: While using digital payment apps
or wallets, limit your risk exposure by adding smaller amounts to your wallet
account. In the case of a breach, your loss would be limited to the amount in
the wallet.
8.
Accept security over convenience: Usually, there are two aspects of
digital transactions that plague us – remembering PINs and passwords, and
multiple-factor authentication processes. However inconvenient, these processes
are what keep us safe. Commit card PINs and netbanking passwords to memory and
not make these unnecessarily accessible to perpetrators by storing these in
your devices or writing it down. Avoid transacting on websites or on platforms
that do not subscribe to two-factor authentication i.e. a transaction would be
authenticated not just by a password but would need an OTP or biometric input
as well.
9.
Secure your wireless connections: From our Wi-Fi routers to our
computers, to our smartphones, and to smart home appliances, all are
increasingly interconnected wirelessly. As we progress into the new Internet of
Things (IoT) realm, we need to ensure that we secure the Wi-Fi connectivity
across such myriad of devices. To begin with, you should always opt for WPA
(Wi-Fi Protected Access) or WPA2 encryption standards instead of the weaker WEP
standard. Secondly, you must maintain a stronger alphanumeric password combined
with special characters. And, change it regularly. Avoid open Wi-Fi networks or
unsolicited Bluetooth connections.
10. If
attackedIf attacked or compromised, do report: Often victims of online frauds,
scams, breaches, or social engineering attacks avoid reporting the crime
because of three possible scenarios – fear of hassling with law enforcing
agencies, the quantum of financial loss is not quite significant, or lack of
time. Without sounding preachy, victims of digital crimes need to understand
that their reporting may or may not help them recover their losses, but will
surely inform us about such occurrences, their modus operandi, and improve the
overall awareness for stakeholders to significantly secure the digital and
cashless India.
India, a largely cash-based transactional society, has begun waking up to the new world of digital wallets, micropayments, and cashless transactions in last quarter or so. According to the government estimates, we will experience about 2500 crore digital and cashless transactions in 2017-18 to occur across digital payment modes. Obviously, the risk exposure has just become even more profound for end-consumers like you and me.
Here, we must remember an age-old adage that’s as clichéd as it can get – a chain is only as strong as its weakest link. While financial institutes, regulatory authorities, and technology platform companies would continue to work with security experts and solution providers to safeguard our money against risks, breaches, and thefts, the buck also stops with us.
Drawing from my individual and corporate experience of information security, in addition to having stronger passwords etc, we would recommend ten ways to keep us safe in the digital and cashless transactional society:
1.
I Improve your awareness: Lack of awareness exposes you to
a highly risky environment. You need to be clued into the latest developments
on the kinds of risks occurring around you, the modus operandi of perpetrators
to steal your belongings, and the features your financial institutes and
technology providers are adopting to keep you safe in the online world. Vishing
(voice phishing), phishing and other social engineering frauds can be only
dealt with the spread of awareness.
2.
Avoid complacency: Just as you would be careful
about your wallet in a crowded place, you should pay attention to how and from
where are you accessing your digital transaction platforms, such as digital
wallets, banks’ apps, Unified Payment Interfaces, Aadhaar-enabled Payment Systems
(AEPS), Netbanking (RTGS/NEFT/IMPS), and debit/credit cards. Similarly, you
need to be careful with your passwords, PINs, and OTPs.
3.
Don’t download from third-party
app stores: Established
and branded app stores or marketplaces for mobile apps are largely regulated,
monitored and sanitized. However, third-party app stores that are frequented
for gaming cracks, hacked version of paid apps and more, are usually the
breeding ground for vulnerabilities. Such apps may be riddled with concealed
backdoors that leverage software vulnerabilities to compromise data on your
devices.
4.
Don’t talk to strangers: Accepting apps, images or video
files from strangers on a communication platform such as WhatsApp may expose
you to similar vulnerabilities. Using steganography techniques, malicious codes
can be hidden in such files to infect and breach your devices.
5.
Don’t auto-download media on WhatsApp: Similar to the above point,
toggle the option to auto-download media on WhatsApp. It not only saves the
unnecessary bandwidth but also ensures that you don't inadvertently download a
compromised image or video file onto your smartphone.
6.
Update regularly: If you need to keep an auto
option on, then it rather should be the auto-update of the apps on your
devices. No software is completely secure straight out of the box. It’s an
iterative process and the developers release updates to remove bugs, improve
features, bolster security and plug vulnerabilities.
7.
Limit your exposure: While using digital payment apps
or wallets, limit your risk exposure by adding smaller amounts to your wallet
account. In the case of a breach, your loss would be limited to the amount in
the wallet.
8.
Accept security over convenience: Usually, there are two aspects of
digital transactions that plague us – remembering PINs and passwords, and
multiple-factor authentication processes. However inconvenient, these processes
are what keep us safe. Commit card PINs and netbanking passwords to memory and
not make these unnecessarily accessible to perpetrators by storing these in
your devices or writing it down. Avoid transacting on websites or on platforms
that do not subscribe to two-factor authentication i.e. a transaction would be
authenticated not just by a password but would need an OTP or biometric input
as well.
9.
Secure your wireless connections: From our Wi-Fi routers to our
computers, to our smartphones, and to smart home appliances, all are
increasingly interconnected wirelessly. As we progress into the new Internet of
Things (IoT) realm, we need to ensure that we secure the Wi-Fi connectivity
across such myriad of devices. To begin with, you should always opt for WPA
(Wi-Fi Protected Access) or WPA2 encryption standards instead of the weaker WEP
standard. Secondly, you must maintain a stronger alphanumeric password combined
with special characters. And, change it regularly. Avoid open Wi-Fi networks or
unsolicited Bluetooth connections.
10. If
attackedIf attacked or compromised, do report: Often victims of online frauds,
scams, breaches, or social engineering attacks avoid reporting the crime
because of three possible scenarios – fear of hassling with law enforcing
agencies, the quantum of financial loss is not quite significant, or lack of
time. Without sounding preachy, victims of digital crimes need to understand
that their reporting may or may not help them recover their losses, but will
surely inform us about such occurrences, their modus operandi, and improve the
overall awareness for stakeholders to significantly secure the digital and
cashless India.
No comments:
Post a Comment