Are Mobile Payments Safe?

By AKSHAT SOOD

The digital payment industry is booming. From Paytm to BHIM, the rapid expansion of mobile devices, apps and operating systems has promoted innovation in the handheld ecosystem and mobile payments. The following statistics paint a clear picture of the stark increase in digital transactions in the country:

1. Cashless transactions in 2016 had increased by 22% as compared to 2015.
2. Mobile transactions, in particular, increased by 175% and money transacted using mobile transactions grew by 370%.
3. Indian consumers are 90% as likely to make digital transactions for both offline and online transactions.
4. The volume of mobile wallet transactions during April 2015 to February 2016 doubled to cross 55 crores.

While the boom in digital payments and increasing innovation in mobile transactions raise the bar for user convenience, they bring along new threats and risks, which, if not addressed, will widen the landscape of mobile attacks. The volume of information that is stored on and transmitted across mobile devices creates innumerable opportunities for attackers to target user data.

According to surveys by chipset maker Qualcomm, mobile banking and digital wallet apps in India are not using the appropriate and needed hardware level security to make online transactions secure. This is because creators of a majority of these applications do not consider security to be of prime importance. Instead, it is more of an afterthought.

Earlier this year, in July, over 400 applications on the Google Play Store were compromised. Malware by the name of ‘BankBot’ infected applications. It was capable of creating and simulating ‘fake’ banking screens, giving users the impression that they are making regular transactions. The screens would ask users to enter their banking details just like in a normal transaction. However, these banking details that were provided by the users were directly handed over to attackers.

Another such Trojan called Svpeng used malicious software, that could record what users type on their keyboard, to steal confidential information.

In today’s era, mobile phones are not used just for making calls. They serve as our online wallet, store import information, photos and videos. Handheld devices have unrestricted access to our personal and financial information and at the same time, are exposed to malicious websites and apps.

It’s time we recognised and realised that virus, malware and threats do not only affect desktops and laptops.