By Nitin Surve, Chief Technology Officer, TechProcess Payment Services Ltd.
The recent demonetization move by the Indian government has pushed many to cashless lifestyle. The government’s plan to promote cashless payments has paved a way to monitoring, regulating and policy effectiveness. There is bound to be a short-term chaos, which eventually will encourage the large unbanked and under-banked segment to be a part of the formal banking system. The immediate challenge is to adequately educate the newly adapted about being in cyberspace – especially while shopping.
For the general Indian population, the risk of cyber fraud is compounded by the lack of cyber awareness. Approximately, 70% of the Indians reside in remote and rural areas of the country with next to no exposure to cyber literacy.
Security of Data is of utmost importance than ever. Threats of data pilferage, both inside and outside, can compromise organizations as well as individuals in catastrophic ways. There are a gazillion reasons in the world to shop online, and that itself is a problem. The choices are plenty, the bargains are hot, shipping is fast, payments are convenient & returns are easy! Shopping has never been easier or fun for anyone.
But what about the bad guys who lurk in the dark shadows of the internet underworld? As reported in third quarter e-Crime Report by Internet Identity (IID), use of phishing attacks is as down as 8% since the second quarter and 11% since the third quarter of last year. That's great news —except the same report also cites that malware (malicious code aimed at compromising your privacy) has increased by a whopping 89 percent as compared to just the second quarter!
It is advised never to use the same password for multiple banking operations. One insecure website can compromise all your other online accounts that share the same Id and password. Experienced organizations use multiple layers of encryption while storing passwords. Yet there are some that store passwords even in plain text and expose it unknowingly on a public application programming interface (API) endpoint.
A novice start-up can leak user data somewhere during the transit without knowing. This can happen due to a missing overhead of imposing an authorization token or due to the improper check on validity of that token.
With an average internet user signing up for a new website every few days, remembering multiple combinations of IDs and passwords does not remain a possibility beyond a very short time. Then what is the way out? Online presence isn’t going away anymore, but the security is imperative too.
There are ways that help you secure your data without having to depend on anyone to amp up their security glitches.
Here are some key steps to stay web wise in the ever-online world:
- Keep a tab on your bank account statements. Fraudsters who steal your account information may not use it immediately. Go online regularly, especially during sale time and look at electronic statements for your credit card, debit card, and checking accounts. Make sure you don't see any unfamiliar charges, even from the most trusted online portals.
- Never make an online payment or buy through any card from a site that doesn't have SSL (aka HTTPS) encryption installed—at the very least. You'll know if a site has SSL because an icon of a locked padlock (usually green) will appear, typically right next to the URL in the address bar.
- Also, never disclose any information about your card or bank over email or phone. No online shopping portal has a need for your bank details for any kind of purchase.
Such warnings do raise a question of whether we are simply focusing on fundraising, growth, and turnovers, while leaving our doors wide open for attackers to come in. Organizations with millions of transactions in volumes, those who have a database of million customers certainly get the spotlight. Be safe than sorry is the only mantra in an online shopping world. The responsibility to educate every end-customer doesn’t lie only with the government; every player in the financial value chain must take equal responsibility of educating their customers and move towards a fraudster-free ecosystem.