1. Home
  2. WhatsApp Pay may put Indian digital banking at risk: Experts

WhatsApp Pay may put Indian digital banking at risk: Experts

Agencies
November 8, 2019

After WhatsApp accounts of 121 Indians were compromised by the Israeli spyware Pegasus, experts have warned that the payment feature the Facebook-owned platform is planning to launch in India may put the digital banking system at risk.

"WhatsApp payment needs to be seen with microscopic eye, primarily because in payment you will be dealing with sensitive personal data and cyber security is going to be an essential building block component for WhatsApp to demonstrate its due diligence," Pavan Duggal, one of the nation's top cyber law experts, told IANS.

The Ministry of Electronics and Information Technology (Meity) has already expressed dissatisfaction over the manner WhatsApp communicated about the compromised accounts.

The piece of NSO Group software called Pegasus allegedly exploited WhatsApp's video calling system by installing the spyware via missed calls to snoop on 1,400 users globally. The devices were compromised with just a WhatsApp video call.

In May, WhatsApp, which has 400 million users in India, urged its 1.5 billion global users to upgrade the app after discovering the vulnerability.

"WhatsApp's recent operations have shown that it's difficult for the government to get information from it. WhatsApp is an intermediary under the Information Technology Act and is mandated to exercise due diligence under the law. But it has failed to do due diligence," Duggal said.

"You should not be in a hurry to grant new licences or permission to WhatsApp without being satisfied with its adherence to cyber-security norms, international best practices and Indian laws," he said.

The Facebook-owned company is learnt to have countered the government charge that it didn't inform it about a privacy breach on the messaging platform. WhatsApp didn't even comply with the data breach notification law in India, Duggal said.

"It (WhatsApp) didn't follow reasonable security practices as mandated in Section 43A of the IT Act, 2000. In fact, it abetted the crime of un-authorised access too. Granting WhatsApp pay licence should be given a second thought by the Reserve Bank of India," said Prashant Mali, cyber lawyer at Bombay High Court.

In light of the recent hack, the government, the RBI and the National Payments Corporation of India (NPCI) is reportedly evaluating the risk of allowing social media apps into the digital payment ecosystem.

"With the government, the RBI and the NPCI planning to evaluate the risks involved in making payments via social media apps and services, the security of the UPI payment infrastructure on WhatsApp Pay has been rendered under a cloud of vulnerability," said Salman Waris, Managing Partner at TechLegis Advocates & Solicitors, a law firm.

The RBI revealed in an affidavit in the Supreme Court earlier that WhatsApp had not complied with the data localisation norms. In an April 2018 circular, the RBI stated that the data of any payment banking system have to physically located in India.

"The history of WhatsApp has shown that it's not cooperative with the government in sharing of information. If financial information is compromised, it will not only have an impact on users, but it can also have an impact on the sovereignty and security of India," Duggal said.

The government must go slow till the time WhatsApp demonstrates compliance to Indian law and showed that the platform was secure, he said.

"Because almost every phone user in India is on WhatsApp, it's all the more important for the government and the RBI to ensure that WhatsApp not only complies with the parametres of cyber security and data localisation norms, but also the IT Act and the rules and regulations thereunder.

"If WhatsApp doesn't comply with the data localisation norms, rules and regulations of the IT Act, then there is no question of granting new permission," Duggal said.

In a statement, a WhatsApp spokesperson said that safety and security of users remains the platform's highest priority.

"In May, our security team caught and stopped a cyber attack designed to send malware to mobile devices. Unable to break end-to-end encryption, this kind of malware abuses vulnerabilities within the underlying operating systems that power our mobile phones," the WhatsApp spokesperson said.

"Technology companies are constantly working to stay ahead of these kind of challenges through updates and patches. The safety and security of our users remains our highest priority, which is why in May we blocked the attack and have taken action in the courts to hold NSO accountable," the statement added.

Facebook filed a lawsuit against Israel's NSO Group last month. According to Facebook, the NSO Group violated laws, including the US Computer Fraud and Abuse Act.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
January 29,2020

Aurangabad, Jan 29: Accusing Prime Minister Narendra Modi and Union Home Minister Amit Shah of creating a conflict between Hindu and Muslim communities in the country, former JNU student leader Kanhaiya Kumar has said the Citizenship (Amendment) Act (CAA) was adding fuel to the fire.

He was speaking at a rally held on Tuesday at Pathri in Parbhani district of Maharashtra against the CAA and the National Register of Citizens (NRC). It was organised by NCP MLC Abdullah Durrani.

"Modi and Shah used to create conflicts between Hindus and Muslims during the Gujarat elections. Now they are adopting the same strategy in the country," Kumar alleged.

Citizens should keep the religious conflicts aside and question the present government about unemployment and the poor state of the economy, he said.

"Through the CAA, the government is adding fuel to the fire, which is already raging in the country," he alleged.

When anyone questions the government about the problems existing in the country, it in turn asks him about his citizenship, the former JNUSU leader alleged.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
March 4,2020

New Delhi, Mar 4: The government on Wednesday permitted NRIs to own up to 100 per cent stake in disinvestment-bound Air India.

The decision comes at a time when the government is looking to sell 100 per cent stake sale in the national carrier.

Union minister Prakash Javadekar said the Cabinet has approved allowing Non-Residents Indians (NRIs) to hold up to 100 per cent stake in Air India.

Allowing 100 per cent investment by Non-Resident Indians (NRIs) in the carrier would also not be in violation of SOEC norms. NRI investments would be treated as domestic investments.

Under the Substantial Ownership and Effective Control (SOEC) framework, which is followed in the airline industry globally, a carrier that flies overseas from a particular country should be substantially owned by that country's government or its nationals.

Currently, NRIs can acquire only 49 per cent in Air India. Foreign Direct Investment (FDI) in the airline is also 49 per cent through the government approval route.

As per the existing norms, 100 per cent FDI is permitted in scheduled domestic carriers, subject to certain conditions, including that it would not be applicable for overseas airlines.

In the case of scheduled airlines, 49 per cent FDI is permitted through automatic approval route and any such investment beyond that level requires government nod.

On January 27, the government came out witha Preliminary Information Memorandum (PIM) for Air India disinvestment. It has proposed selling 100 per cent stake in Air India along with budget airline Air India Express and the national carrier's 50 per cent stake in AISATS, an equal joint venture with Singapore Airlines.

Under the latest disinvestment plan, the successful bidder would have to take over only debt worth Rs 23,286.5 crore while the liabilities would be decided depending on current assets at the time of closing of the transaction.

This is the second attempt by the government in as many years to divest Air India, which has been in the red for long.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
June 25,2020

Patna, Jun 25: At least 83 people died due to thunderstorms in Bihar in the last 24 hours, according to Chief Minister's Office.

Bihar Chief Minister Nitish Kumar announced Rs 4 lakhs each for the families of deceased.

Thirteen people died in Gopalganj, 8 each in Madhubani and Nawada, 6 each in Baghalpur and Siwan, 5 each in Darbhanga, Banka, East Champaran and 3 each in Khagaria and Aurangabad.

Due to thunderstorms, two people each lost their lives in West Champaran, Kishanganj, Jamui, Jahanabad, Purnia, Supaul, Buxar, Kaimur while one death each was reported in Samastipur, Shivhar, Saran, Sitamarhi and Madhepura.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.