The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 1 to 7.
Paytm Payments Bank woos corporates with digital incentives
http://editors.cis-india.org/internet-governance/news/livemint-komal-gupta-remya-nair-january-24-2018-paytm-payments-bank-woos-corporates-with-digital-incentives
<b>Offerings will be an incentive to companies already using Paytm e-wallet services to shift employees’ salary accounts to the bank, says Paytm Payments Bank CEO Renu Satti.</b>
<p style="text-align: justify; ">The article was published by Komal Gupta and Remya Nair was <a class="external-link" href="http://www.livemint.com/Industry/10K7o13Xrfk9xsXF5lGpIL/Paytm-Payments-Bank-woos-corporates-with-digital-incentives.html">published in Livemint</a> on January 24, 2018</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">Looking to tap the ready customer base of salary accounts, Paytm Payments Bank is trying to attract corporate entities with digital offerings such as food and gift wallets for their employees.</p>
<p style="text-align: justify; ">The bank has set a target of reaching a customer base of 500 million over the next 2-3 years, managing director and chief executive Renu Satti said in an interview. The bank claims to have 170 million customers, including those using the Paytm e-wallet.</p>
<p style="text-align: justify; ">Satti said the offerings will be an incentive to companies already using Paytm e-wallet services to shift employees’ salary accounts to the bank. Around 500 corporate entities are using e-wallet services.</p>
<p style="text-align: justify; ">“These corporate offerings will ensure better accountability and convenience for both the employers and employees,” she said, giving the example of food wallets which are automatically debited when a customer buys food, due to the tagging of merchants done at the back-end by Paytm.</p>
<p style="text-align: justify; ">“We even offer customisation to the extent of restricting usage of food wallet to specific merchants like office cafeterias, basis requirement,” Satti said.</p>
<p style="text-align: justify; ">Food vouchers and gift coupons have been typically issued in a physical form by corporate entities, earlier as paper coupons and now as prepaid cards.</p>
<p style="text-align: justify; ">Paytm Payments Bank offers customers the convenience of using their food and gift wallets through the app across the merchant base of Paytm, Satti said. “It doesn’t require any card, which also does away with issues such as loss of card and expiry of coupons, plus avail the benefits of cashback running on any Paytm merchant,” she added.</p>
<p style="text-align: justify; ">Last week, Paytm Payments Bank launched physical debit cards for its customers to facilitate account holders to withdraw cash from ATMs and make offline payments. Hitherto, the bank had been issuing virtual debit cards which could only be used for online payments.</p>
<p style="text-align: justify; ">The bank also plans to set up around 100,000 banking outlets across the country in the next one year to cater largely to under-banked rural areas.</p>
<p style="text-align: justify; ">The list of these outlets will be available on the bank’s website where the customer will be able to access a range of services including net banking, National Electronic Funds Transfer (NEFT), Immediate Payment Service (IMPS) and Unified Payments Interface (UPI). There will be monetary incentives for these correspondents for every transaction they perform for the customer. These outlets could be a local kirana store or a chemist shop, Satti said.</p>
<p style="text-align: justify; "><span>“We will follow a stringent process to shortlist merchants. There will be screening, quality check, physical check to ensure whether the place is actually authorized to run a business,” she said.</span></p>
<p style="text-align: justify; "><span></span><span>The bank plans to onboard some from the existing merchant networks using Paytm wallets while others will be from areas where there is no Paytm presence as of now.</span></p>
<p style="text-align: justify; ">More than 6 million merchants are already a part of the Paytm ecosystem, primarily using wallet services.</p>
<p style="text-align: justify; ">Paytm Payments Bank was launched in November after receiving a payments bank license from RBI in January last year. Vijay Shekhar Sharma, founder of One97 Communications, holds the majority share in Paytm Payments Bank, with the rest being held by One97 Communications.</p>
<p style="text-align: justify; ">The bank currently has no minimum balance requirements and offers 4% interest on savings deposits. India has three other operational payment banks—Airtel Payments Bank, India Post Payments Bank and Fino Payments Bank. “The traditional banks that offer customized corporate services to its customers having a high amount of deposits would face competition from payments banks. They will have no other option but to offer those services to customers with deposits at the Payments bank limits, to stay relevant in the market,” said Udbhav Tiwari, programme manager at the Centre for Internet and Society, a Bengaluru-based think tank.</p>
<p style="text-align: justify; ">“Also, as a payment company, Paytm has data pertaining to the spending patterns of customers which help it be more competitive in the market,” he added.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/livemint-komal-gupta-remya-nair-january-24-2018-paytm-payments-bank-woos-corporates-with-digital-incentives'>http://editors.cis-india.org/internet-governance/news/livemint-komal-gupta-remya-nair-january-24-2018-paytm-payments-bank-woos-corporates-with-digital-incentives</a>
</p>
No publisherAdminDigital MoneyInternet Governance2018-01-24T23:52:36ZNews ItemWISER Lecture : Sumandro Chattapadhyay on Deregulation by Code
http://editors.cis-india.org/internet-governance/news/wiser-lecture-sumandro-chattapadhyay-on-deregulation-by-code
<b>University of the Witwatersrand organized a talk by Sumandro Chattapadhyay on Derugulation by Code on March 8, 2017 in Johannesburg. </b>
<p style="text-align: justify; ">On November 08, 2017, the Government of India initiated a demonetisation process. It involved cancellation of Rs. 500 and Rs. 1,000 currency notes as legal tender, establishing of a time bound process for the notes to be returned to the banks, announcement of specific emergency services (such as hospitals and utilities) for which the canceled notes could still be used, and introduction of a new Rs. 2,000 note. While the purpose of the demonetisation move was publicly articulated in terms of removal of unaccounted wealth held in cash form, the state narrative quickly moved to being primarily focused on promotion of various forms of digital payments, especially mobile-based payments. The notion of a "WhatsApp moment" in Indian banking in particular, and in Asian banking in general, has been in circulation since 2015. Nandan Nilekani, a significant technocrat politician of India who has been CEO of Infosys (a major Indian IT company) and the Chairman of the UID/Aadhaar project, was one of the first persons to take note of this upcoming "revolution". In a lecture given by him on August 21, 2015, he described the technological and market forces, enabled by policy decision, that are going to disrupt the Indian banking landscape.</p>
<p style="text-align: justify; ">Sumandro's lecture discussed the linkages between this WhatsApp moment and the demonetisation move, and locate them in the context of institutional and technological changes happening in the Indian banking sector since 2008. The talk focused on the development and proliferation of the Unified Payments Interface - an universal, private-owned, government-backed, mobile-to-mobile payment infrastructure - as the key instrument through which the ongoing deregulation of banking in India is being driven.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/wiser-lecture-sumandro-chattapadhyay-on-deregulation-by-code'>http://editors.cis-india.org/internet-governance/news/wiser-lecture-sumandro-chattapadhyay-on-deregulation-by-code</a>
</p>
No publisherpraskrishnaDigital MoneyDigital IndiaInternet Governance2017-03-29T11:48:08ZNews Item50p and Digital Payments Masterclass Learning - CIS
http://editors.cis-india.org/internet-governance/50p-and-digital-payments-masterclass-learning-cis
<b>Sunil Abraham, Saikat Dutta and Udbhav Tiwari from the CIS team attended 50p on the 24 and 25 of January 2017 in Bangalore, India. We had the following learnings from the event, which will shape our work in the digital finance and payments space in the future. </b>
<p style="text-align: justify;" dir="ltr">Sunil Abraham, Saikat Dutta and Udbhav Tiwari from the CIS team attended 50p on the 24 and 25 of January 2017 in Bangalore, India. We had the following learnings from the event, which will shape our work in the digital finance and payments space in the future.</p>
<p style="text-align: justify;" dir="ltr"> </p>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Historical Developments of Digital Payments Regulation in India - The historical development of the digital payments ecosystem in India, starting with mobile/SMS banking around 2004, focusing mostly on high-end consumers. The widely varying implementations across banks led to the RBI taking an active regulatory approach, beginning with the introduction of compulsory two factor authentication in the form of mandatory PIN usage for credit and debit cards. This move helped secure “card not present” (CNP) transactions, which in turn allowed the e commerce, online streaming services and other digital services to rapidly gain customers. This serves as an example of how simple, targeted and uniformly imposed regulations can help secure widely used digital payment modes, securing customers while expanding opportunities for businesses. The Watal Committee report has also stressed on how the the industry and consumers alike, in the medium term, will benefit from focused sectoral regulation for the FinTech industry.</p>
</li></ol>
<p style="text-align: justify;" dir="ltr"> </p>
<ol start="2"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Expansion in the Modern Digital Payments Industry - The digital payments industry has expanded from having three main stakeholders (banks, card issuing agencies and customers) in mid 2000s to over eight distinct entities who take part in the same payments chain. These include Digital Wallet Providers, Payment Gateways, Payment Processors, Ticketing or Payment Service Providers Billers, all of which are operate with millions of transactions per day. This not only increases the potential attack surface for possible attempts at compromising them but also governance under traditional banking regulations difficult for the regulatory authority. The introduction of BBPS (Bharat Bill Pay System) to integrate the thousands of local utility bill payment system in India, into one centrally administered programme, is just one example of the vast amounts of data being generated (and integrated) by the digital payments industry. Therefore, the need for unique FinTech regulations and standards (maybe even a regulator) to handle the rapidly expanding and critical industry is quite strong in the booming space in India.</p>
</li></ol>
<p style="text-align: justify;" dir="ltr"> </p>
<ol start="3"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">UPI - The Unified Payments Interface (UPI) is a set of standards that allow for a single application to connect to and control multiple bank accounts (of participating banks), allowing users to use several banking services such as funds transfer (P2P), merchant payments, etc. Initially launched in August, 2016 with support from 16 banks and is gaining rapid acceptance among users, businesses and payment providers alike. While built on the same technological underpinnings as the IMPS system, the UPI standard allows for a wide variety of data, including credit scores, Aadhaar numbers and geographical location to be transmitted. While the standard itself seems reasonably secure, its diverse and closed source implementation allow for the usual closed source development risks of security and unresolved bugs. It is stipulated to become the most widely used digital transaction protocol in India and the backbone of the FinTech industry due to its interoperability and regulatory acceptance. A set of security guidelines and practices that allow for a uniform, secure and auditable implementation of the UPI standard as well as its operational usage will aid in faster and more secure development of the standard while simultaneously protecting consumer interest.</p>
</li></ol>
<p style="text-align: justify;" dir="ltr"> </p>
<ol start="4"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Need for Consumer Advocacy - The need for educating consumers about the technical operations of the digital payments industry, best practices to maximise user facing security and strategies for effective dispute redressal were tagged as key focus areas by various groups. The inadequacy of the Consumer Protection Act to deal with the labyrinth of digital payments and the relative lack of liability and breach notification laws (especially in the non-banking finance companies sector) have lead to bargaining power in consumer contracts to fall in the favour of the digital payments industry. While initiatives such as Cashless Consumer are attempting to rectify this, sustained and well planned initiatives implemented in a diverse and multi-lingual manner will be needed to keep up with the rapid pace of expansion in the industry and is burgeoning user base. Incidental benefits of such programmes (an increase in the demand for data protection and privacy aware practices) will also serve to further consumer interest in a manner that will have a positive impact outside the FinTech industry.</p>
</li></ol>
<p style="text-align: justify;" dir="ltr"> </p>
<p><span id="docs-internal-guid-a0d03bdc-abb4-587e-0c9f-186a5b07117c"></span></p>
<ol start="5"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">USSD - The recent push towards USSD based banking, which allows banking transactions to be carried using feature phones, has led to various concerns regarding its security, reliability and implementation. The varying levels of GSM encryption in the providers in India, the lack of open standards (such as HTTPS for Internet Banking) that allow consumers to verify security and the rapid but untested implementation by most banks have led to some players raising doubts about the possibility of exploitation of the particularly vulnerable section of users that will use USSD banking. The need for a detailed investigation into current practices, open and auditable standards unique to USSD banking in India and regulations that mandate a minimum level of compliance was expressed by multiple stakeholders.</p>
</li></ol>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/50p-and-digital-payments-masterclass-learning-cis'>http://editors.cis-india.org/internet-governance/50p-and-digital-payments-masterclass-learning-cis</a>
</p>
No publisherUdbhav TiwariFinancial TechnologyDigital PaymentBankingBitcoinDigital MoneyCyber Security2017-06-15T12:29:52ZBlog EntrySecuring Digital Payments: Imperatives for a Growing Ecosystem
http://editors.cis-india.org/internet-governance/news/securing-digital-payments-imperatives-for-a-growing-ecosystem
<b>A round-table conference was organised by ORF and Koan Advisory on “Securing Digital Payments: Imperatives for a Growing Ecosystem”, at “The Claridges”, APJ Abdul Kalam Road, New Delhi, between 11.30 - 13.30 on February 3, 2017. Udbhav Tiwari attended the round-table conference. </b>
<p style="text-align: justify; ">The discussion was very enriching, with stakeholders from the government, industry and civil society participating in the event. The discussions mainly focused on:</p>
<ul style="text-align: justify; ">
<li>Most Pressing Challenges - Convince v/s Security balance, Lack of Sector Specific Security Standards, User Digital Literacy (esp Security), Lackof economic incentives, Lack of clear liability guidelines, capable security talent.</li>
<li>Mobile proliferation - Massively, device dependent (Chinese models), increase in attack surface, fragmentation makes security harder toimplement and enforce, low amount high volume fraud, user literacy, etc.</li>
<li>Regulatory Harmonisation - Yes, they can and should be, current process is largely law based, only public consultation, needs to move to amultistage holder model, ISO model is ideal - allows for industry, civil society and governments to participate at equal level, knowledge and perspective sharing. Core legislation/regulations with minimum standards and principles with detailed document made by multistakeholder body.</li>
<li>Infrastructural liabilities - 4 main ones - - device, connectivity medium, payment and transfer switches (Gov & Private) and service provider server. Ways to overcome - Standards, Critical Infrastructure protection, Digital Literacy, High audit and liability requirements, Testing (Red Team/Blue Team)</li>
</ul>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/securing-digital-payments-imperatives-for-a-growing-ecosystem'>http://editors.cis-india.org/internet-governance/news/securing-digital-payments-imperatives-for-a-growing-ecosystem</a>
</p>
No publisherpraskrishnaDigital MoneyDigital PaymentInternet GovernancePrivacy2017-02-09T01:40:22ZNews ItemThe Dangers Of Aadhaar-Based Payments That No One Is Talking About
http://editors.cis-india.org/internet-governance/news/bloomberg-mayank-jain-january-17-2017-dangers-of-aadhaar-based-payments-that-no-one-is-talking-about
<b>Less than three months ago, India’s banking sector was hit by a data breach which compromised 32 lakh debit cards and led to fraudulent transactions worth Rs 1.3 crore.</b>
<p style="text-align: justify; ">The article by Mayank Jain was <a class="external-link" href="http://www.bloombergquint.com/business/2017/01/17/the-dangers-of-aadhaar-based-payments-that-no-one-is-talking-about">published by Bloomberg</a> on January 17, 2017. Sunil Abraham was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">The incident started a debate around security of payment systems. But the debate had just about begun when the government’s demonetisation decision dragged attention away from it. Now as the dust settles and as the government starts to push newer means of digital payments, the focus is back on the security of systems being seen as an alternative to cash.</p>
<p style="text-align: justify; ">One such system is Aadhaar-based payments which could potentially allow citizens to pay anytime anywhere with the tap of a finger.<br /><br />In theory, it sounds simple.<br /><br />The Aadhaar-based payment system runs on the existing Aadhaar infrastructure through which a person’s biometrics are used to authenticate the user. Once authenticated, the user can transfer funds directly from one bank account to another without going through a mobile wallet or a card.<br /><br />The payment system requires a smartphone, a working internet connection and a biometric authentication device with the merchant. The customer needn’t have a card or a phone as long as he or she has an Aadhaar-seeded bank account.<br /><br />National Payments Corporation of India has developed this payments infrastructure over the existing Aadhaar-Enabled Payments System, the railroad on which the public distribution system has been functioning for years now.<br /><br />Amitabh Kant, chief executive officer of the government policy think tank NITI Aayog said, earlier this month, that all cards and point-of-sale machines will become redundant in the country in the next two-and-a-half years as Aadhaar-based payments become popular.</p>
<p style="text-align: justify; "><img class="lazy" src="http://images.assettype.com/bloombergquint%2F2017-01%2Ff3e25ea3-f10b-4059-a95d-412cd4f32caf%2FKey%20Facts%20About%20Aadhaar%20Payments%20Payments%20Payments01.png?auto=format&q=60&w=1024&fm=pjpeg" /></p>
<h3 style="text-align: justify; ">A Double-Edged Sword</h3>
<p style="text-align: justify; ">While payments authenticated by biometrics sound like a good idea in a country where less than one in three people actually own a smartphone, there are fears that integrating biometrics with digital payments could prove to be a security headache.<br /><br />The first part of the problem is that Aadhaar, while effective, is not a fool-proof method of authentication and identification failures are not uncommon. Building a payment system atop the Aadhaar system will simply transfer some of these vulnerabilities.</p>
<p style="text-align: justify; "><img class="lazy" src="http://images.assettype.com/bloombergquint%2F2017-01%2F12a47aa6-10f1-4687-a471-a463f876e6d2%2FHow%20Aadhaar%20Payment%20Works.png?auto=format&q=60&w=1024&fm=pjpeg" /></p>
<p style="text-align: justify; ">The possibility of transaction failures due to a biometric mismatch are real, admitted a former high-ranking official from the Unique Identification Authority of India (UIDAI) who spoke to BloombergQuint on the condition of anonymity.<br /><br />Officially, the false reject rate – rejection of a biometric when it’s actually correct – is set at a maximum of 2 percent for devices that get certified from the UIDAI. On the ground, however, failure rates vary widely, said the official quoted above.<br /><br />According to the official statistics on UIDAI, more than 16 lakh Aadhaar-authentication requests failed in the past week. The type of errors encountered ranged from the biometric data not matching the database to demographic details not checking out.<br /><br />The failure rates on Aadhaar Enabled Payment System for interbank transactions (which is a part of all Aadhaar authentication requests) were found to be as high as 60 percent by the Watal Committee on digital payments which published its report in December.<br /><br />Additionally, newer security threats may also emerge if the scope of Aadhaar is widened. These include identity theft if a person’s biometrics are compromised from the payment system, phishing attempts, and the difficulty in revoking access once biometric information is compromised.<br /><br />Biometrics aren’t an exact science, the official quoted above said, while adding that possible glitches have to be weighed against the benefits of offering a widely accessible non-cash mode of payment to citizens.</p>
<h3 style="text-align: justify; ">How Easy Is It To Beat The System?</h3>
<p style="text-align: justify; ">Sunil Abraham, executive director of Bangalore based research organisation Center for Internet and Society (CIS) said that one way to assess how secure a system is to understand the cost and effort that goes into breaching it.<br /><br />In the case of Aadhaar-based payment systems, the costs may not be high.<br /><br />“There’s the gummy finger method which essentially requires some Fevicol or gum to duplicate someone’s fingerprint which can be enough to transact on someone’s behalf without them being there,” said Abraham in a phone conversation with BloombergQuint. “An average person can’t clone a smart card. Just fevicol and glue can help you make a gummy finger. The biometric lobby will say that advanced scanners defeat the gummy finger attack but more advanced scanners are also more expensive.”<br /><br />Also, using more sensitive devices could push up the instance of false rejection of transactions, said Abraham.<br /><br />There are other concerns. Like the fact that devices used for Aadhaar identification could store personal information, which, in turn, could be susceptible to a breach.</p>
<blockquote class="quoted" style="text-align: justify; ">There are five main components in an Aadhaar app transaction – the customer, the vendor, the app, the back-end validation software, and the Aadhaar system itself. There are also two main external concerns – the security of the data at rest on the phone and the security of the data in transit. At all seven points, the customer’s data is vulnerable to attack. <br />Bhairav Acharya, Program Fellow, New America</blockquote>
<p style="text-align: justify; ">Acharya, who works at a U.S.-based think tank called New America and focuses on cyber-law, said the key concern is that Aadhaar data can be stolen and misused.</p>
<p style="text-align: justify; ">“The app and validation software are insecure, the Aadhaar system itself is insecure, the network infrastructure is insecure, and the laws are inadequate.”</p>
<p style="text-align: justify; ">The biometric data collected on the authentication device at a merchant location can potentially be stored on the device as well as the smartphone of a merchant for a long time. Abraham added that there is a possibility that non-certified devices will enter the market, which can store data and use it in the future to do fraudulent transactions.</p>
<p style="text-align: justify; ">The concerns over potential misuse of biometric data by private agencies has also been highlighted by the Supreme Court of India. Earlier this month, the apex court refused to expedite the hearing on a petition regarding Aadhaar being utilised for multiple use cases by private companies. It, however, <a href="http://economictimes.indiatimes.com/articleshow/56352843.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst" target="_blank"><ins>observed</ins></a> that private agencies collecting biometric data “is not a great idea”.</p>
<h3 style="text-align: justify; ">Deficient Privacy Laws</h3>
<p style="text-align: justify; ">Apar Gupta, a Delhi-based lawyer working on cyber security, says that the lack of strong privacy protecting provisions is another concern that should be kept in mind while moving towards an Aadhaar-based payment system.</p>
<p style="text-align: justify; ">“The data stays for a long time with the stakeholders in the system. The requesting agency can keep it for seven years and the UIDAI can store it for five years. There are insufficient safeguards and there’s an absence of privacy law and an independent privacy regulator,” he said.</p>
<p style="text-align: justify; ">Acharya agreed.</p>
<p style="text-align: justify; ">India does not have the necessary laws to deal with a decentralised, biometrically-authenticated, mobile payments system, according to Acharya.</p>
<p style="text-align: justify; ">“Moreover, current laws and policies regarding the Aadhaar project, particularly the centralised database, are inadequate from the point of view of data security and end-user privacy,” he said.</p>
<p style="text-align: justify; ">Abraham of CIS said the issue is wider than Aadhaar. The problem is the lack of a strong data security law.</p>
<blockquote class="quoted" style="text-align: justify; ">We only have a minimal data security law under the Section 43A of the Information and Technology Act which only applies to the private sector. There’s no law that applies to the government. Even 43A has not been applied consistently. There’s no place for you to go and complain if your identity has been compromised.<br />Sunil Abraham, Executive Director, Centre for Internet & Society</blockquote>
<p style="text-align: justify; ">Gupta noted that, in the event of an identity threat, avenues of recourse are also limited. He said the best option is an appeal in the civil court, which is a long drawn out process.</p>
<p style="text-align: justify; ">In final analysis, according to Abraham, credit and debit cards are easier to secure as access can be revoked quickly.</p>
<p style="text-align: justify; ">“The trouble with biometrics is that the chain of trust is harder to establish because too many people can get access to biometrics and then you need to devise these convoluted solutions like hardware secure zones,” Abraham said.</p>
<p style="text-align: justify; ">“So the advantage of going with a smart card is that it can be easily re-secured, but with biometrics, once I compromise it, it’s lifelong.”</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/bloomberg-mayank-jain-january-17-2017-dangers-of-aadhaar-based-payments-that-no-one-is-talking-about'>http://editors.cis-india.org/internet-governance/news/bloomberg-mayank-jain-january-17-2017-dangers-of-aadhaar-based-payments-that-no-one-is-talking-about</a>
</p>
No publisherpraskrishnaDigital PaymentPrivacyInternet GovernanceDigital MoneyDigital IndiaAadhaar2017-01-17T14:39:53ZNews ItemThe soon-to-be launched Aadhaar Pay will let you make purchases using your fingerprint
http://editors.cis-india.org/internet-governance/news/economic-times-indulekha-aravind-january-15-2017-the-soon-to-be-launched-aadhaar-pay-will-let-you-make-purchases-using-your-fingerprint
<b>Paying for your groceries and other goods by using your biometrics instead of an e-wallet, debit card or cash seems to be the next phase in the Centre’s ambitious push to shift the country to a “less cash” economy, as its mandarins term it.</b>
<p style="text-align: justify; ">The article by Indulekha Aravind was <a class="external-link" href="http://economictimes.indiatimes.com/news/economy/policy/the-soon-to-be-launched-aadhaar-pay-will-let-you-make-purchases-using-your-fingerprint/articleshow/56542475.cms">published in the Economic Times</a> on 15 January 2017. Sunil Abraham was <a class="external-link" href="http://economictimes.indiatimes.com/et-now/experts/sunil-abraham-on-aadhaars-misuse-during-demonetisation/videoshow/56544492.cms">consulted for this</a>.</p>
<hr />
<p style="text-align: justify; "> </p>
<p style="text-align: justify; ">Ajay Bhushan Pandey, CEO of the Unique Identification Authority of India (UIDAI), says it will be rolling out Aadhaar-enabled payment system, or Aadhaar Pay, for merchants in the next few weeks. This will be an app for merchants that enables them to receive payments through biometric authentication of the customer, provided their bank accounts are linked to their Aadhaar number. "A pilot is under way in fair price shops in Andhra Pradesh where shopkeepers are accepting payments from PDS beneficiaries. The results are very encouraging," says Pandey.</p>
<p style="text-align: justify; ">The idea takes off from the existing Aadhaar-enabled payment system (AEPS) used by bank business correspondents (BCs) in rural areas to disburse and accept cash, using micro ATMs. "We are trying to tweak this so that a similar device can be used by a local merchant," says Pandey. Adoption will depend on two factors: merchants’ acceptance of it and whether they can use an app rather than a micro ATM. The biggest advantage through this method of payment, says Pandey, is that the customer will not need a credit or debit card, or even a smartphone.</p>
<p style="text-align: justify; "><img alt="The soon-to-be launched Aadhaar Pay will let you make purchases using your fingerprint" class="gwt-Image" src="http://img.etimg.com/photo/56542603/page-19-1.jpg" title="The soon-to-be launched Aadhaar Pay will let you make purchases using your fingerprint" /></p>
<p style="text-align: justify; ">The limits for transactions using AEPS, such as the number of daily transactions, will be left to the discretion of the banks. In the long term, the AEPS will be migrated to the BHIM (Bharat Interface for Money) platform but the rollout of Aadhaar Pay will happen before that. Post demonetisation, banking BC’s number of transactions using AEPS has leapt from 4-5 lakh to 14-15 lakh, says Pandey. According to Reserve Bank of India data on electronic payment systems, the total volume of such transactions jumped from 671 million in November 2016 to 957 million in December. USSD-based payments, which can be done using a basic feature phone, are among the biggest beneficiaries: the volume rose from just 7,000 in November to 1,02,000 in December, and value of transactions from over Rs 7,000 to over Rs 1 lakh. Prepaid payment instruments — mainly mobile wallets — rose from 59 million to 88 million in the same period (and value from Rs 1,300 crore to Rs 2,100 crore).</p>
<p style="text-align: justify; ">While Aadhaar Pay is likely to ride the demonetisation wave if it is launched soon, certain concerns remain, as the list is how secure such a payment system will be. The UIDAI CEO says it is a paramount concern for the organisation, too. "We are using the latest technology to ensure the information stays encrypted end to-end, so that information is not leaked or misused. In the months to come, we will strengthen the security."</p>
<p style="text-align: justify; "><b>Wary About Security</b> <br /> Sunil Abraham, executive director of the Centre for Internet and Society, a think tank that has been analysing the Aadhaar project for six years, outlines several reasons why Aadhaar-based biometrics is inappropriate for authentication in payments, unlike card-based payments that use cryptography. <br /> <br /> "With biometrics, there is always an error ratio. It is imprecise matching, whereas with cryptography (smart cards), there is no false positive or negative. You either have the key (PIN) or you don’t. It is also very cheap to defeat biometric authentication — even an unlettered person can do it," says Abraham. It would be easy enough, he says, to replicate someone else’s fingerprint by pressing it against lukewarm wax and filling the mould with glue to get a dummy finger. In contrast, compromising a smart card requires more cost and effort, from tech-savviness to machines such as a skimmer that will read the card. "And once you are compromised,you are compromised forever. You can’t change it, like a debit card PIN."</p>
<p style="text-align: justify; ">Using Aadhaar for authentication had proved to be a failure during the exchange of currency notes following demonetisation, he adds, pointing to how the poor and the middle class stood in queues for money while stacks of new currency were recovered from the homes of businessmen and bureaucrats. "When you have bank officials who are corrupt, giving them your biometrics is giving them more ammunition for corruption." To catch the criminals, law enforcement agencies had to resort to CCTV footage,a relatively older technology, he says. Others point out that while it may be secure, certain factors stand in the way of making biometrics-based payment authentication a large-scale success. Amrish Rau, CEO of PayU India, a payment gateway provider, cites a list of reasons why it would inevitably take off but only in 5-10 years.</p>
<p style="text-align: justify; ">"For one, the technology is not yet good enough. There are also bandwidth and data constraints in sending biometric data," says Rau. Even in more mature markets, it has yet to find widespread acceptance, he says, pointing to the slow adoption of Apple Pay and Samsung Pay in the US. "It’s not the answer today.” This is in contrast to NITI Aayog CEO Amitabh Kant’s recent remarks that cards and PoS machines would become redundant by 2020 because Indians would be making payments using their thumb (biometrics). "... my view is that in the next two and a half years, India will make all its debit cards, credit cards, all ATM machines, all PoS machines totally irrelevant,” Kant had said at a Pravasi Bharatiya Divas session in Bengaluru.</p>
<div style="text-align: justify; ">UIDAI’s Pandey is more circumspect. “I wouldn’t say who would replace what. But from the government’s side we are encouraging all modes of digital payment. India has a diverse population and some people might prefer using a card, others a wallet. Collectively, they will contribute to a less-cash society.”</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/economic-times-indulekha-aravind-january-15-2017-the-soon-to-be-launched-aadhaar-pay-will-let-you-make-purchases-using-your-fingerprint'>http://editors.cis-india.org/internet-governance/news/economic-times-indulekha-aravind-january-15-2017-the-soon-to-be-launched-aadhaar-pay-will-let-you-make-purchases-using-your-fingerprint</a>
</p>
No publisherpraskrishnaDemonetisationDigital PaymentDigital GovernanceDigital EconomyPrivacyInternet GovernanceDigital MoneyVideoAadhaarBiometrics2017-01-16T03:14:22ZNews ItemMillions of Indians move from cash to digital payments. But some ask whether it’s safe
http://editors.cis-india.org/internet-governance/news/washington-post-january-14-2017-rama-lakshmi-millions-of-indians-move-from-cash-to-digital-payments
<b>Minutes after Indian Prime Minister Narendra Modi began an ambitious new mobile-phone-payment application in December, several clones of the app popped up at Android smartphone stores.</b>
<p style="text-align: justify; ">The article by Rama Lakshmi was <a class="external-link" href="https://www.washingtonpost.com/world/asia_pacific/millions-of-indians-move-from-cash-to-digital-payments-but-some-ask-whether-its-safe/2017/01/13/e807ebf0-ae9b-488b-9eb1-1dcba80ba984_story.html?utm_term=.fc710ade922b">published by Washington Post</a> on 14 January 2017, Sunil Abraham was quoted. Annie Gowen contributed to this report.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">In the first few days, users were flooded with <a href="http://www.livemint.com/Industry/Q1z2di95uWbhcSMUKcx1SK/BHIM-app-users-raise-security-concerns-within-first-week.html">spam</a> requests for money.</p>
<p style="text-align: justify; ">The Bhim app sponsored by the government was rushed out after Modi’s abrupt <a href="https://www.washingtonpost.com/world/asia_pacific/india-invalidates-large-bank-notes-in-crackdown-on-crime/2016/11/08/cc705ee2-a5c6-11e6-ba46-53db57f0e351_story.html?tid=a_inl&utm_term=.1e0d0920f753">withdrawal</a> of large currency bills two months ago. More than 10 million people downloaded it in just 10 days, but in a country where awareness and regulation of <a href="https://www.washingtonpost.com/world/asia_pacific/privacy-concerns-grow-in-india/2012/01/26/gIQAyM0UmQ_story.html">privacy</a>, data protection and digital <a href="http://timesofindia.indiatimes.com/business/india-business/None-of-mobile-payment-apps-in-India-fully-secure-warns-Qualcomm/articleshow/55967778.cms">security</a> are low, the number of cyberattacks is rising.</p>
<p style="text-align: justify; ">“We are rushing toward launching and using these plethora of financial tech apps without the exhaustive security testing and education that is needed,” said Sunil Abraham, executive director of the Center for Internet and Society. “We are operating in a bit of a regulatory vacuum.”</p>
<p style="text-align: justify; ">Modi’s ambitious move to swap old bills for new was intended to fight the hoarding of <a href="https://www.washingtonpost.com/world/asia_pacific/india-targets-tax-evaders-who-hide-black-money-at-home-and-abroad/2015/09/04/2532b7c2-50c4-11e5-b225-90edbd49f362_story.html?utm_term=.6a8c7baf45d0">illicit</a> cash reserves. But it was derailed by shoddy implementation, left citizens in Asia’s third-largest economy without <a href="https://www.washingtonpost.com/world/panic-anger-and-scramble-to-stash-cash-amid-indias-black-money-squeeze/2016/11/10/32cb222a-565a-4c6f-8d40-59257c042109_story.html?utm_term=.6316c5fcb192">cash</a> for weeks, slowed <a href="https://www.washingtonpost.com/world/indias-currency-crisis-is-stalling-small-industries-and-sending-workers-home/2016/12/24/5a2d3aea-c7b2-11e6-acda-59924caa2450_story.html?utm_term=.ad60424e45f2">manufacturing</a> and sent workers home, and is now likely to significantly affect the country’s economic growth this year, economists say. It was acutely painful for a country where 80 percent of transactions were conducted with cash.</p>
<p style="text-align: justify; ">Modi quickly responded by turning the adversity into a call for Indians to kick their overwhelming dependence on <a href="https://www.washingtonpost.com/world/asia_pacific/indians-like-to-pay-cash-the-government-is-now-forcing-them-to-swipe-cards/2016/12/16/58a5a42c-c0a6-11e6-b527-949c5893595e_story.html">cash</a> and opt for digital payments overnight. The Bhim app is just one of many available. But in this leap, experts say, security concerns are being overlooked.</p>
<p style="text-align: justify; ">The new payment apps and e-wallet companies are governed by India’s outdated information technology law of 2008 and central bank guidelines.</p>
<p style="text-align: justify; ">“India urgently needs a new digital payment law that regulates all these mobile payment apps that have sprung up overnight,” said Pavan Duggal, a cyber-law expert. “We are right now in a completely uncharted and unsupervised territory legally. The norms for wallet companies are undefined. If I lose my money due to a fraud, I can go round and round in circles with no remedy.”</p>
<p style="text-align: justify; ">The central bank recently issued guidelines asking payment banks to carry out security audits, but Duggal said “there is no penalty or punishment for noncompliance.”</p>
<p style="text-align: justify; ">The problem is compounded by the fact that education about security risks online is abysmally sparse, especially in India’s small towns and villages. Indians are complacent about cyber risks in their online behavior, according to the Norton Cyber Security Insights <a href="http://indianexpress.com/article/technology/tech-news-technology/indian-users-complacent-when-it-comes-to-cyber-security-norton-report/">Report</a>. India does not have a privacy law.</p>
<p style="text-align: justify; ">India reported more than 39,000 incidents of cyberattacks in the first nine months of 2016, <a href="http://164.100.47.190/loksabhaquestions/annex/10/AS16.pdf">according</a> to the government, including phishing, scanning and probing, website intrusions, defacements, virus and malicious code, and denial-of-service attacks.</p>
<p style="text-align: justify; ">“The Pentagon got hacked, right? You haven’t closed down the Pentagon as yet,” said Piyush Goyal, a minister. “These things will happen, and we have to be one step ahead of the hackers and the so-called security breaches and continuously improving and improvising as they do in America or other developed economies.”</p>
<p style="text-align: justify; ">In October, top banks had to fix the security codes of about 3.2 million debit cards in one of the biggest data breaches in India. Some users complained that their cards had been used in China.</p>
<p style="text-align: justify; ">Last month, <a href="https://www.washingtonpost.com/news/worldviews/wp/2016/12/12/the-man-hacking-indias-rich-and-powerful-talks-motives-music-drugs-and-next-targets/?utm_term=.33bc426ae67a">hackers</a> attacked Twitter and email accounts of prominent politicians and journalists and defaced the website of the National Security Guard, an elite commando force.</p>
<p style="text-align: justify; ">“The focus of global hackers has shifted to India. The cyber risk is a direct fallout of the growth in the number of digital users,” said Saket Modi, the chief executive of Lucideus Tech, the firm that conducted the security audit of the government’s Bhim app.</p>
<p style="text-align: justify; ">Since the cash crunch began, the largest private e-wallet company, Paytm, has experienced a 400 percent jump in new downloads.</p>
<p style="text-align: justify; ">But only <a href="http://gadgets.ndtv.com/telecom/news/mobile-internet-subscribers-in-india-reached-34265-million-in-march-sinha-863186" shape="rect">342 million people</a> access the Internet on their mobile phones. The government has introduced dial-in service for those who have basic cellphones to make digital payments.</p>
<p style="text-align: justify; ">The government is airing radio jingles telling citizens not to share their personal identification numbers and has a toll-free helpline to teach people how to make online payments.</p>
<p style="text-align: justify; ">“Officials understand how security worries can be a big dampener in their campaign to get people to go digital,” said Vinayak Godse, senior director at the Data Security Council of India, an industry body that advises the government.</p>
<p style="text-align: justify; ">But in a trade-off between convenience and security, the central bank recently <a href="http://tech.economictimes.indiatimes.com/news/internet/payment-firms-applaud-rbis-move-to-relax-2-factor-authentication-for-small-value-transactions/55858515">waived</a> the mandatory two-factor authentication for transactions less than $30 online.</p>
<p style="text-align: justify; ">Some cybersecurity experts say that Indians are not ready for this step.</p>
<p style="text-align: justify; ">The police recently arrested a gang in the eastern state of Jharkhand; operators were calling people posing as bank executives and tricking them into sharing their card details. They used the cards to do online shopping and transferred money into their e-wallet accounts.</p>
<p style="text-align: justify; ">“People are gullible and can be threatened or lured to part with their bank details easily. We need as many safeguards as we can have,” said Surendra Kumar, a senior police officer in New Delhi who busted the gang.</p>
<p style="text-align: justify; ">But the biggest problem people face is that police in one state get very little cooperation from those in another state in digital-crime complaints, said Rakshit Tandon, a cybersecurity expert who trains police, military members and school students.</p>
<p style="text-align: justify; ">“Only in big-ticket frauds will police departments from different states coordinate their investigations,” Tandon said. “If a person loses a relatively smaller amount digitally, the case won’t go far. Even though that amount may mean a lot in that person’s life.”</p>
<p style="text-align: justify; "> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/washington-post-january-14-2017-rama-lakshmi-millions-of-indians-move-from-cash-to-digital-payments'>http://editors.cis-india.org/internet-governance/news/washington-post-january-14-2017-rama-lakshmi-millions-of-indians-move-from-cash-to-digital-payments</a>
</p>
No publisherpraskrishnaDigital MoneyInternet GovernanceDigital GovernanceDigital Economy2017-01-16T02:52:33ZNews Item