Releasing 'e-Rupi' Amid Shaky Cyber Security is Risky, Say Experts on India's New Digital Currency
08:21 GMT 05.08.2021 (Updated: 10:38 GMT 19.07.2022)
Earlier this week, Prime Minister Narendra Modi launched a new online payment solution in India called the "e-RUPI". The SMS and QR code-based system is aimed at making "welfare payments" faster and easier in the country. If an organisation wants to help someone pay for education, the firm may give a prepaid e-RUPI voucher instead of cash.
At a time when cybercrimes are witnessing a surge in India, Prime Minister Narendra Modi's step to launch a new digital payment system has opened more doors for scammers, say Indian security experts.
India should go slow on expanding its online payments systems until appropriate cyber-security
measures are ensured, Hardik Tarpara, a cyber-security professional who graduated from the Gujarat Forensic Sciences University (GFSU), told Sputnik.
"With an almost 300 percent rise in cyber attacks that India faced last year, releasing e-Rupi is going to allow hackers to explore an entirely new attack surface to exploit," he said.
"Especially since our cyber security foundations are not very secure to begin with, the government should have taken a step back and focused on strengthening India's cyber security networks first," Tarpara added.
In December last year, the Reserve Bank of India (RBI) banned the country's largest private lender HDFC from issuing new credit cards and digital payments plans due to repeated tech glitches and halts in service. The bank was asked to work on improving its reliability and work on timely measures to curb heavy losses against cyber attacks
Seven months later, HDFC revealed in July that it has complied with 85 percent of RBI's tech requirements.
Citing HDFC's example, Tarpara said India cannot overlook the glaring lack of reliable infrastructure that can support more advanced online payment mechanisms.
"The case of HDFC bank shows a distinct lack of reliable infrastructure to even handle basic transactions. The existing situation is worrying enough as it is. Releasing e-Rupi now with such a shaky foundation creates more problems for everyone involved," Tarpara added.
Here's What The 'e-Rupi' Is All About
Developed by the RBI-owned National Payments Corporation of India (NPCI), the e-RUPI was created as a one-time online payment mechanism.
It is powered by the India-pioneered instant money transfer system, called Unified Payments Interface (UPI), that facilitates online transactions from one bank to another in real time.
"The users of e-RUPI will be able to redeem the voucher without a card, digital payments app or internet banking access, at the merchants accepting e-RUPI. The e-RUPI would be shared with the beneficiaries for a specific purpose or activity by organisations or the government via SMS or QR code," the NCPI explained in a blog post.
Prepaid in nature, the digital currency would facilitate timely online payments to service providers without the involvement of any intermediary. This reduces the bank transaction expenses and risks of money mismanagement for the beneficiaries.
"We see technology as a tool to help the poor, e-RUPI will give a new dimension to digital governance," Prime Mnister Modi said while launching the system.
Outlining the future of e-RUPI in India, Tarpara said the level of convenience would make most users ignore the security risks, which could be dangerous.
"In a battle between convenience and security, convenience always wins. It's sad, but true. There is an alarming lack of awareness on even basic cyber security practices among the Indian population," the Co-Founder of cyber-tech firm Arishti Info Labs stated, adding: "There is also a distinct lack of information regarding the working of e-Rupi, even amongst cyber security researchers, for us to confidently say how secure the e-Rupi will be."
In recent months, popular international apps Facebook and LinkedIn, along with national ones like digital payments app MobiKwick and India’s second-largest stockbroker app Upstox came under scrutiny after hackers breached through their systems and exposed user data on the dark web.
The back-to-back incidents of cyber attacks jolted app-hungry Indians into a panic; they began checking websites like “HaveIBeenPawned.com” to find out how many data breaches their mail IDs and phone numbers were involved in.
A recent survey report by the Singapore-based research firm Acronis also indicated that despite Indian firms coming up with multiple cyber security solutions, 57 percent of them suffered down time due to data loss in 2020.
The report additionally highlighted that nearly 10 percent of Indian IT workers are unaware of available cyber security capabilities
Speaking to Sputnik, cyber researcher Nandakishore Harikumar said the otherwise "tech enthusiastic" government of India must bring campaigns to raise more awareness.
"We have to assume that a strong security framework is already in place, also we need to know what are the other security practices that are used in this case. Compliance needs to be strictly followed and also there's a huge chance of scams that needed to be regularly monitored," Harikumar noted.