(Source: BloombergQuint)

Debit Cards Hacked: How Safe Are Mobile Banking And Digital Wallets? 

Editor's Choice

  • PARA, PAMC, NAMC: Decoding The Alphabet Soup Of Stressed Asset Resolution Proposals
  • More Layoffs Likely As India’s Manufacturing Sales Shrink
  • A Billion Identities At Risk Even As Modi Seeks To Make Aadhaar Compulsory 
  • What The New SEBI Chairman Must And Must Not Do
  • Valuations Do Not Justify Where Markets Are Today: Andrew Holland
  • In the last four years, the value of mobile banking transactions has increased 222 times to Rs 4.04 lakh crore in 2015-16, according to data available with the Reserve Bank of India (RBI). The RBI data also shows that the number of transactions through Prepaid Payment Instruments (PPIs) such as, Paytm, FreeCharge and MobiKwik has risen to 74.8 crore in 2015-16, as compared to 29.8 crore transactions the previous year.

    Banking apps and mobile wallets are changing the way Indians pay. The recent incident of debit card breach has raised serious apprehensions about the usage of physical cards in India and raised alarm bells for customers and banks. This large scale breach also raises the question – how secure is mobile banking, or digital wallets for that matter? Are they susceptible to breaches too?

    With apps like Paytm, MobiKwik and FreeCharge, the user base for digital wallets is expanding. Banks are catching up as well – there are now more than 20 different apps launched by banks for their own customers as well as those of other banks.

    Cyber security experts say that so far, India has enjoyed the privilege of not being the focus area for hackers, but that’s slowly beginning to change.

    With a booming economy and online migration of banks, there has been an increase in hacking activities, Saket Modi, co-founder of cyber security firm Lucideus Tech said in a telephonic conversation.

    Over the last six months, some of the biggest hacks have happened in Bangladesh and Nepal. It is about time that we have a clear focus when it comes to cyber security.
    Saket Modi, Co-founder, Lucideus Tech

    Also Read: Debit Card Breach: What Recourse Do Cardholders Have?

    Digital wallet companies maintain that they offer an extremely secure digital payments solution and have a dedicated security team to ensure that the wallet is safe and secure.

    MobiKwik is PCI-DSS compliant, which means that we strictly adhere to the state of the art security protocols and practices. We take security very seriously and our commitment to building a robustly safe wallet is unwavering.
    MobiKwik spokesperson said in an email

    FreeCharge says that their system is robust as it is designed with multiple layers of security, many working independently of others, to ensure security.

    The measures in place are regularly evaluated to update against any new areas of concern.
    FreeCharge spokesperson said in an email

    Also Read: How Long Have Banks Known About The Debit Card Fraud?

    Mobile Banking Vs Internet Banking Vs Digital Wallets

    Analysts and cyber security experts say that mobile banking has evolved into a much safer alternative compared to outdated and less secure payment tools such as debit cards or internet banking.

    “One can now securely send money, pay at merchant locations, withdraw cash using mobile banking apps without the need for debit cards. Technologies such as Unified Payment Interface (UPI) and Near Field Communications (NFC) have made this possible,” said Amit Jaju, executive director of fraud investigation and dispute services at consultancy firm EY, while explaining the the features that make mobile banking apps less prone to hacking.

    What makes mobile phones secure over computers is that no arbitrary software can be installed easily on them. Additional protection like biometric makes the app even more secure. Even for phishing the preferred channel for hackers is internet banking, said Jaju.

    Internet banking is done through a browser and it is an unsecured technology. Add-on malware can reside on browsers, and banks will have no control over it.
    Amit Jaju, Executive Director-Fraud Investigation & Dispute Services, EY

    Sony Joy, co-founder of Chillr, which provides third party apps for banks, says that the ability to track or detect anomaly is high in mobile banking, and a customer can be alerted immediately in case of a breach.

    “You can track the location of a transaction; number can be verified and there are many such attributes that can be linked to the app that are controlled and manged by different entities,” he said.

    Digital wallets are used mostly for low ticket transactions in India, Joy says, adding that an extra layer of security in the form of PIN-enabled transaction will make it more secure.

    What Are The Risks?

    Even though mobile banking has an edge over internet banking and physical wallets like debit cards, they aren’t immune from hacks either. From malware attacks on app to fake apps, threats lurk in this case too.

    They are secure but fraudsters can find a way around it. There are ways like duplication of SIM through which a hacker can get access to your app. Using public wi-fi is another way hackers can bypass the protection.
    Sony Joy, Co-founder, Chillr 
    Cyber security experts urge users to not solely rely on security measures of apps/websites but be more cautious while making transactions online. It is advisable to use a strong biometric password and one should never download an app link through WhatsApp or SMS but only from an official app store. One should also manage passwords in a secure password management app on the phone, experts caution.