1. Home
  2. WhatsApp Pay may put Indian digital banking at risk: Experts

WhatsApp Pay may put Indian digital banking at risk: Experts

Agencies
November 8, 2019

After WhatsApp accounts of 121 Indians were compromised by the Israeli spyware Pegasus, experts have warned that the payment feature the Facebook-owned platform is planning to launch in India may put the digital banking system at risk.

"WhatsApp payment needs to be seen with microscopic eye, primarily because in payment you will be dealing with sensitive personal data and cyber security is going to be an essential building block component for WhatsApp to demonstrate its due diligence," Pavan Duggal, one of the nation's top cyber law experts, told IANS.

The Ministry of Electronics and Information Technology (Meity) has already expressed dissatisfaction over the manner WhatsApp communicated about the compromised accounts.

The piece of NSO Group software called Pegasus allegedly exploited WhatsApp's video calling system by installing the spyware via missed calls to snoop on 1,400 users globally. The devices were compromised with just a WhatsApp video call.

In May, WhatsApp, which has 400 million users in India, urged its 1.5 billion global users to upgrade the app after discovering the vulnerability.

"WhatsApp's recent operations have shown that it's difficult for the government to get information from it. WhatsApp is an intermediary under the Information Technology Act and is mandated to exercise due diligence under the law. But it has failed to do due diligence," Duggal said.

"You should not be in a hurry to grant new licences or permission to WhatsApp without being satisfied with its adherence to cyber-security norms, international best practices and Indian laws," he said.

The Facebook-owned company is learnt to have countered the government charge that it didn't inform it about a privacy breach on the messaging platform. WhatsApp didn't even comply with the data breach notification law in India, Duggal said.

"It (WhatsApp) didn't follow reasonable security practices as mandated in Section 43A of the IT Act, 2000. In fact, it abetted the crime of un-authorised access too. Granting WhatsApp pay licence should be given a second thought by the Reserve Bank of India," said Prashant Mali, cyber lawyer at Bombay High Court.

In light of the recent hack, the government, the RBI and the National Payments Corporation of India (NPCI) is reportedly evaluating the risk of allowing social media apps into the digital payment ecosystem.

"With the government, the RBI and the NPCI planning to evaluate the risks involved in making payments via social media apps and services, the security of the UPI payment infrastructure on WhatsApp Pay has been rendered under a cloud of vulnerability," said Salman Waris, Managing Partner at TechLegis Advocates & Solicitors, a law firm.

The RBI revealed in an affidavit in the Supreme Court earlier that WhatsApp had not complied with the data localisation norms. In an April 2018 circular, the RBI stated that the data of any payment banking system have to physically located in India.

"The history of WhatsApp has shown that it's not cooperative with the government in sharing of information. If financial information is compromised, it will not only have an impact on users, but it can also have an impact on the sovereignty and security of India," Duggal said.

The government must go slow till the time WhatsApp demonstrates compliance to Indian law and showed that the platform was secure, he said.

"Because almost every phone user in India is on WhatsApp, it's all the more important for the government and the RBI to ensure that WhatsApp not only complies with the parametres of cyber security and data localisation norms, but also the IT Act and the rules and regulations thereunder.

"If WhatsApp doesn't comply with the data localisation norms, rules and regulations of the IT Act, then there is no question of granting new permission," Duggal said.

In a statement, a WhatsApp spokesperson said that safety and security of users remains the platform's highest priority.

"In May, our security team caught and stopped a cyber attack designed to send malware to mobile devices. Unable to break end-to-end encryption, this kind of malware abuses vulnerabilities within the underlying operating systems that power our mobile phones," the WhatsApp spokesperson said.

"Technology companies are constantly working to stay ahead of these kind of challenges through updates and patches. The safety and security of our users remains our highest priority, which is why in May we blocked the attack and have taken action in the courts to hold NSO accountable," the statement added.

Facebook filed a lawsuit against Israel's NSO Group last month. According to Facebook, the NSO Group violated laws, including the US Computer Fraud and Abuse Act.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
June 24,2020

Geneva, Jun 24: The global cumulative count of confirmed coronavirus cases is approaching nine million, with 133,326 cases recorded over the past day, the World Health Organisation (WHO) said in its daily situation report on Tuesday.

Over the past 24 hours, 3,847 people died from COVID-19 worldwide, taking the cumulative death toll to 469,587 fatalities, according to the report.

The global case total has now reached 8,993,659.

The Americas still account for the majority of cases and deaths -- 4.4 million and 224,207, respectively.

The United States remains the country with the highest count of cases and fatalities -- 2.3 million and 119,761, respectively.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
June 17,2020

In a bid to help tackle rise in domestic violence during the social distancing times in India, Twitter on Wednesday launched a dedicated search prompt to serve information and updates from authoritative sources around domestic violence.

Twitter has partnered with the Ministry of Women and Child Development the National Commission for Women in India to expand its efforts towards women.

The search prompt will be available on iOS, Android and on mobile.twitter.com in India, in both English and Hindi languages, the company said in a statement.

Data shows that since the outbreak of Covid-19, violence against women and girls has intensified in India and across the globe.

"We recognise collaboration with the public, government and NGOs is key to combating the complex issue of domestic violence. Accessing reliable information through this search prompt could be a survivor's first step towards seeking help against abuse and violence," said Mahima Kaul, Director, Public Policy, India and South Asia, Twitter.

Every time someone searches for certain keywords associated with the issue of domestic violence, a prompt will direct them to the relevant information and sources of help available on Twitter.

This is an expansion of Twitter's #ThereIsHelp prompt, which was specifically put in place for the public to find clear, credible information on critical issues.

The feature will be reviewed at regular intervals by the Twitter team to ensure that all related keywords generate the proactive search prompt, said the company.

Violence against women and girls across Asia Pacific is pervasive but at the same time widely under reported.

"In fact, in many countries in our region, the number is even greater, with as many as 2 out of 3 women in some countries reporting experiences of violence," added Melissa Alvarado, UN Women Asia Pacific Regional Manager on Ending Violence against Women.

Rekha Sharma, Chairperson, the NCW, said: "With social distancing norms in place, several women are unable to contact their regular support systems. This initiative by Twitter will provide big support to the survivors, who would otherwise be easily isolated without access to relevant information and help".

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
March 19,2020

New Delhi, Mar 19: Lawyer of Mukesh Singh, who is one of the four death row convicts in the Nirbhaya gang-rape and murder case, on Thursday mentioned a petition before the Registrar of the Supreme Court seeking an urgent hearing in the matter.

Advocate Manohar Lal Sharma, through the petition, sought directions to bring call record, documents and reports of his client through any probe agency and passed appropriate directions and measure to ensure justice in the matter.

The petition, however, has not sought a stay on the execution, which is scheduled for the morning of March 20. The petition is likely to be taken up for hearing today.

Earlier today, the apex court dismissed the curative petition of Pawan Gupta, another convict in the matter, who claimed juvenility at the time of the crime.

This comes as the four convicts -- Mukesh Singh, Akshay Singh Thakur, Vinay Sharma and Pawan Gupta -- are scheduled to be hanged at 5.30 am on March 20.

Meanwhile, several other petitions are also pending in the matter in different courts.

The case pertains to the brutal gang-rape and killing of a 23-year-old paramedical student in a moving bus on the night of December 16, 2012, by six people including a juvenile in the national capital. The woman had died at a Singapore hospital a few days later.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.