1. Home
  2. WhatsApp Pay may put Indian digital banking at risk: Experts

WhatsApp Pay may put Indian digital banking at risk: Experts

Agencies
November 8, 2019

After WhatsApp accounts of 121 Indians were compromised by the Israeli spyware Pegasus, experts have warned that the payment feature the Facebook-owned platform is planning to launch in India may put the digital banking system at risk.

"WhatsApp payment needs to be seen with microscopic eye, primarily because in payment you will be dealing with sensitive personal data and cyber security is going to be an essential building block component for WhatsApp to demonstrate its due diligence," Pavan Duggal, one of the nation's top cyber law experts, told IANS.

The Ministry of Electronics and Information Technology (Meity) has already expressed dissatisfaction over the manner WhatsApp communicated about the compromised accounts.

The piece of NSO Group software called Pegasus allegedly exploited WhatsApp's video calling system by installing the spyware via missed calls to snoop on 1,400 users globally. The devices were compromised with just a WhatsApp video call.

In May, WhatsApp, which has 400 million users in India, urged its 1.5 billion global users to upgrade the app after discovering the vulnerability.

"WhatsApp's recent operations have shown that it's difficult for the government to get information from it. WhatsApp is an intermediary under the Information Technology Act and is mandated to exercise due diligence under the law. But it has failed to do due diligence," Duggal said.

"You should not be in a hurry to grant new licences or permission to WhatsApp without being satisfied with its adherence to cyber-security norms, international best practices and Indian laws," he said.

The Facebook-owned company is learnt to have countered the government charge that it didn't inform it about a privacy breach on the messaging platform. WhatsApp didn't even comply with the data breach notification law in India, Duggal said.

"It (WhatsApp) didn't follow reasonable security practices as mandated in Section 43A of the IT Act, 2000. In fact, it abetted the crime of un-authorised access too. Granting WhatsApp pay licence should be given a second thought by the Reserve Bank of India," said Prashant Mali, cyber lawyer at Bombay High Court.

In light of the recent hack, the government, the RBI and the National Payments Corporation of India (NPCI) is reportedly evaluating the risk of allowing social media apps into the digital payment ecosystem.

"With the government, the RBI and the NPCI planning to evaluate the risks involved in making payments via social media apps and services, the security of the UPI payment infrastructure on WhatsApp Pay has been rendered under a cloud of vulnerability," said Salman Waris, Managing Partner at TechLegis Advocates & Solicitors, a law firm.

The RBI revealed in an affidavit in the Supreme Court earlier that WhatsApp had not complied with the data localisation norms. In an April 2018 circular, the RBI stated that the data of any payment banking system have to physically located in India.

"The history of WhatsApp has shown that it's not cooperative with the government in sharing of information. If financial information is compromised, it will not only have an impact on users, but it can also have an impact on the sovereignty and security of India," Duggal said.

The government must go slow till the time WhatsApp demonstrates compliance to Indian law and showed that the platform was secure, he said.

"Because almost every phone user in India is on WhatsApp, it's all the more important for the government and the RBI to ensure that WhatsApp not only complies with the parametres of cyber security and data localisation norms, but also the IT Act and the rules and regulations thereunder.

"If WhatsApp doesn't comply with the data localisation norms, rules and regulations of the IT Act, then there is no question of granting new permission," Duggal said.

In a statement, a WhatsApp spokesperson said that safety and security of users remains the platform's highest priority.

"In May, our security team caught and stopped a cyber attack designed to send malware to mobile devices. Unable to break end-to-end encryption, this kind of malware abuses vulnerabilities within the underlying operating systems that power our mobile phones," the WhatsApp spokesperson said.

"Technology companies are constantly working to stay ahead of these kind of challenges through updates and patches. The safety and security of our users remains our highest priority, which is why in May we blocked the attack and have taken action in the courts to hold NSO accountable," the statement added.

Facebook filed a lawsuit against Israel's NSO Group last month. According to Facebook, the NSO Group violated laws, including the US Computer Fraud and Abuse Act.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
February 17,2020

New Delhi, Feb 17: Four death row convicts in the 2012 Nirbhaya gang rape and murder will be hanged on March 3 at 6 am a Delhi court said on Monday.

The Patiala House Court on Monday issued fresh death warrants against four convicts while hearing a petition by the state and Nirbhaya's parents.

Earlier, Delhi High Court on February 5 granted a week's time to the four convicts to avail of all legal remedies available to them and said that the convicts cannot be hanged separately since they were convicted for the same crime.

A Delhi Court had earlier issued a death warrant against the four convicts -- Vinay Sharma, Akshay Thakur, Pawan Gupta, and Mukesh Singh -- on January 7 and they were scheduled to be executed on January 22 at Tihar Jail. Later, the execution was suspended indefinitely by a Delhi court.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
January 18,2020

New Delhi, Jan 18: Lieutenant Governor (LG) Anil Baijal has granted the power of detaining authority to the Delhi Police Commissioner under the National Security Act (NSA), according to a notification. The NSA allows preventive detention of an individual for months if the authorities feel that the individual is a threat to the national security, and law and order, sources said.

In exercise of the powers conferred by sub-section (3) of section 3, read with clause (c) of Section 2 of the National Security Act, 1980, the Lt Governor is pleased to direct that during the period January 19 to April 18, the Delhi Police Commissioner may also exercise the powers of detaining authority under sub-section (2) of the section 3 of the aforesaid Act, the notification stated.

The notification has been issued on January 10 following the approval of the LG.

It comes at a time when the national capital has been witnessing a number of protests against the Citizenship Amendment Act (CAA) and the National Register of Citizens (NRC).

However, the Delhi Police said it is a routine order that has been issued in every quarter and has nothing to do with the current situation.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
February 3,2020

Mumbai, Feb 3: Maharashtra Chief Minister Uddhav Thackeray, whose party severed ties with the BJP after the state elections, on Monday said that if somebody breaks a promise, "pain and anger is obvious".

"No, I did not get any shock," Thackeray said in an interview with Shiv Sena mouthpiece Saamana while talking about forming an alliance with NCP and Congress, and becoming the Maharashtra Chief Minister.

"I am a son of Shiv Sena Pramukh (Balasaheb Thackeray), several people tried to give a shock to me but they didn't succeed. This is a field where you have to accept in the beginning that there will be a bit pushing and pulling," Thackeray said.

He added that accepting the Chief Minister's post was not a shock for him and neither was it his "dream at any point of time".

"But I can say one thing for sure that I had decided to go to any level to fulfil the promise which I made to Balasaheb Thackeray. I want to further clear it that me becoming Chief Minister is not the fulfilling of the promise made to Shiv Sena Pramukh but it's just a step towards that. I will fulfil every promise which I made to my father," Uddhav Thackeray said.

"There are several types of shock. Did people like it or not, it is the important part. I have spoken on this issue (alliance with NCP and Congress) several times and even people have understood this. Making promises and keeping them are two different things. If someone breaks a promise, pain and anger is obvious," he added.

The Chief Minister said that he does not know if BJP "has come out their shock till now or not."

"But I have to say if they had kept their promise what would have happened, what a big deal had I asked for? Did I ask for stars and moon? I only asked for what was decided before Lok Sabha polls, when we decided seat distribution," he said.

He further said, "Maharashtra and the country are watching (who betrayed/shocked whom), I don't need to say much on this."

Soon after the Assembly election results, Shiv Sena demanded rotation of the chief minister's post and equal power-sharing in the state government, which was rejected by then ally BJP. The weeks of political stalemate led to the imposition of President's rule on November 13.

Firm on its demands, Sena, the second-largest party in the state, did not hesitate to cobble up with the ideological opponents -- NCP and Congress -- and was given the chief minister's post.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.