Demonetization is like an earthquake that refuses to stop despite shaking all of us down to our very core. It struck the Indian subcontinent on November 8 and we’re all still reeling from subsequent aftershocks, with no immediate relief on the horizon.
One of the undoubted silver linings of the fallout surrounding demonetization is the push towards the adoption of e-wallets (digital wallets or mobile wallets). With hard cash in short supply, services like Paytm, MobiKwik, FreeCharge, Oxigen, Ola Money, and others, that allow you to withdraw and park your money and pay for services digitally have received a massive boost over the past three weeks. And the number of users adopting e-wallets is only going to increase in the coming months.
Having said that, there’s no doubt that a large swathe of our population has deep-rooted security concerns when it comes to transacting online. This remains a major hurdle faced by all e-wallet services, as people’s habits are difficult to change.
Is security really a cause for concern with e-wallets?
Not really. They’re as safe or vulnerable as your physical bank account. And RBI restrictions ensure e-wallets pretty much tow the same line as all Indian and international banks that conduct online business within the geographical boundary of the nation. If you’ve ever engaged in an online credit card or debit card transaction, e-wallet apps and services largely conform to the same security norms. And more.
MobiKwik e-wallet supports Touch ID authentication on iOS, for added security
For instance, Paytm logs you out after performing a digital transaction (just like your banking app would) through your smartphone. What’s more, it offers 2-step authentication by default (which is great) when you log into the app. Similarly, MobiKwik is famous for incorporating the iPhone’s fingerprint sensor as part of its user authentication process on its iOS e-wallet.
Both these examples of 2-step authentication (where a secure PIN is SMSed to your phone, separate from the app login password) and the use of biometrics are good initial defences to have at the end user level. Both will prove useful (but not exactly foolproof) in cases where you physically lose your phone.
What else can consumers do to protect their e-wallets?
“While on-the-go tools such as mobile banking apps and digital wallets make managing financial tasks easy, one must also take necessary precautions and follow best practices while accessing sensitive financial information anytime, anywhere,” according to Ritesh Chopra, Country Manager, Norton by Symantec — a global security vendor.
Mr Chopra further mentions that as much as 79 percent of consumers know they must actively protect their information online, but they still share passwords and engage in other risky behaviour. “Infact, 30 percent Indians have also agreed to sharing their banking account passwords with someone else. Additionally, close to one in five (18 percent) consumers have at least one unprotected device, leaving their other devices vulnerable to ransomware, malicious websites, zero days and phishing attacks,” he said.
He cautions e-wallet users to be cautious of emails that ask you to update your security information, as this is a common phishing attempt. When in doubt, don’t respond to the email and contact your bank, credit card, or investment firm directly. And remember, any offer that seems too good to be true probably is. Don’t respond.
But what about malware and sophisticated hack attacks?
We posed this question to Altaf Halde, Managing Director, Kaspersky Lab (South Asia), and his response was enlightening. “We at Kaspersky Lab have seen mobile malware that can send text messages to premium numbers or steal money from online bank accounts. We also know that cybercriminals are constantly looking for new ways of stealing money using mobile Trojans.”
Mr Halde further spoke about a specific case of the Trojan-SMS.AndroidOS.Waller.a which highlighted a new get-rich technique that not only sent a premium SMS but also saw the malware attempt to steal money from a QIWI electronic wallet.
“Keeping the above in perspective,” says Mr Altaf Halde, “Now with the jump in digital transactions in India, there could be a chance of a targeted attack on payment wallets prominent in India. The cyber criminals are always on the look out of such opportunity and make the most of the situation due to the lack of education amongst users.”
To reduce the risk of infection by mobile malware Kaspersky recommends the following:
* Do not activate the “developer mode” on the device
* Do not activate the “Install applications from third-party sources” option
* Only install applications from official channels (Google Play, Amazon Store, etc.)
* When installing new apps, carefully study which rights they request
* If the requested rights do not correspond with the app’s intended functions (e.g., a game requests rights to send text messages), do not install the app
* Use protection software
Sure, e-wallets have prioritised security (doh!), because without security the whole business proposition collapses like a house of cards. If services like Paytm, FreeCharge, Oxigen, Ola Money and MobiKwik weren’t inherently secure, they’d go out of business very fast. And for added security, there’s a whole list of precautions recommended by security vendors which users need to habituate themselves with very quickly.
While e-wallets aren’t going away and are only going to grow in number in the near future, Sandeep Goenka, COO and Co-founder of Zebpay — one of the few authorised bitcoin operators in India — points out some challenges in the e-wallets’ security framework, offering an alternative.
Bitcoin > E-wallets? (in terms of security)
“With e-wallets, there are two main issues,” says Mr Goenka, before continuing, “They don’t work with each other and you depend on one organization for security. He further mentions that digital currencies like bitcoins are fundamentally different than e-wallets, offering an alternative to existing currency models.
“Bitcoin wallets by different companies all work together. Innovation on security happens on a global scale and benefits the entire ecosystem. That’s why they are growing in popularity worldwide and the prices of bitcoin are near all time highs,” concludes Mr Goenka.