Data Security of POS Machines and Digital Paymments in The Era of Demonetization
Post demonetization, a lot of transformation in Indian business has been taking place. One of the most notable changes the common public has adopted pertains to shifting towards cashless economy through digital payment systems. Digital payments have jumped a whopping 300 per cent in the last one month itself. All this has created the sudden requirement of POS machines. India needs to add 20 lakhs new PoS (point of sale) machines in quick time to give push to cashless transactions. In this scenario, data safety and e-frauds need to be addressed by the Government as e-payments and cashless transactions continue to rise in India.
In this backdrop, Association of India Communication Multimedia and Infrastructure (CMAI), while supporting Prime Ministerâ€™s push for a cashless economy that will move India to advanced economy and corruption free India, has urged the Government to put in place a robust system to tackle e-frauds and give a push to domestic manufacturing of PoS machines and its software development under the Make in India programme.
Extending full support and cooperation to making Prime Minister Narendra Modiâ€™s push to digital payment a success, CMAI President Prof. N.K. Goyal, who is also Telecom Equipment Manufacturers Association of India (TEMAâ€™s) Chairman Emeritus, said the Government of India should immediately come out with a policy specifically for manufacturing of PoS and development of its software so that all safety of all transactions in ensured.
â€œGovernment reports say during next few months 20 lakhs new PoS machines will be added to 15 lakhs existing ones. When Crores of people are joining digital payments movement daily, safety of data remains paramount which can be ensured only by pushing indigenous manufacturing of PoS machines. We cannot depend on foreign manufacturers if we want to make our economy cashless and all digital economy should also add to Make in Indiaâ€ said Prof NK Goyal.
Prof. Goyal pointed out that majority of PoS machines currently are imported primarily from the US, Europe and China and therefore data security remains a big challenge. Though Government exemption to BIS labeling of imported PoS machines till March next year is a welcome move, he however said the Government needs to come out with stringent norms to ensure and enhance data safety and security.
CMAI requests appropriate legal framework to address digital payment frauds to protect consumers if they lose money during digital transactions.
â€œIndia does not have proper laws in this regard as of now. The only remedy available is under Information Technology Act, which largely deals with cyber breaches. All cases of money lost in digital payments may not fall in the category of cyber thefts/breaches. With proliferations of digital payments across India in big and small towns, there may be widespread cases of small amounts here and there throughout the Country. To address them in timely manner, CMAI requests that there is need for separate digital payment laws and digital payment courts across India,â€ Prof. Goyal added.
There is also need for legal framework for data storage, data protection. In US the data has to be preserved in encrypted form. India does not have any legal system for such matters. He said draft legal framework should also include standards on refunds, complaint redressal system, cash backs, compliance to various policies and procedures need to display on Companyâ€™s website details of complaints received/addressed, money refunded and action taken on regular basis, cash back policy etc.
CMAI suggests mandatory cyber audit by RBI or Cyber Command Group at regular intervals. â€œPresently audit has been mandated as once a year. But this is not enough as cyber threats are regular and continuous, and audit is required at least once a quarter if not every month. The audit by Company appointed auditors is not the answer to financial security. We also request a high level Cyber Security Command to be established, which should have legal authority to conduct spot audits as and when it feels the need,â€ Prof NK Goyal said.
An appropriate and robust mechanism needs to be developed for reporting losses and recovery of money lost/theft/frauds in digital payments. â€œWe request an institutionalized policy for redressal of complaints of citizens with regard to digital payments. There is a tendency of keeping money lost during mismatch in e-transactions in dispute and wait for compensation. CMAI requests that the refund be made immediately and compensation etc. be decided in due course of time,â€ Prof. Goyal added.
CMAI requests immediate action plan for the projected 5-lakh cyber experts needed as per the cyber policy. CMAI suggests that let the training of cyber experts and digital payment experts be assigned to a telecom PSU like BSNL, TCIL etc., as they have large scale existing facilities for training and tie up with AICTE also. CMAI has also sought a special drive to launch a special drive to make people aware about safe use of e-payments. The funds available with Cyber Department and USOF can be used for this purpose. There is big infrastructure available with various State Universities/Private Colleges which are available for immediate use. Hence the telecom PSUs should also be mandated to use the already available existing infrastructure with various State and Private Universities/Engineering Colleges by declaring them as Center of Excellence for Cyber Security Training.
CMAI requests appropriate strategy and awareness for guidance to help citizens and organizations to plan and prepare recovery from a cyber theft, funds frauds, money lost during e transactions and money fraudulently withdrawn by someone. The moot point is how does an organization plan to address the system attacked due to cyber and restore the services immediately.
Providing POS is only one part of the whole scenario of capability building. There are several other areas that need immediate attention of realizing the goal of maximum possible level of cashless economy in the country such as Awareness of consumers for the importance of cashless economy so that they volunteer to abstain from cash transactions, training of the vending personals involved in the transactions of money so that operations are smooth, establishing systems that ensure the smooth and uninterrupted connectivity between bankers and the points where sales are affected, security of money to ensure that all possibilities of cyber crimes are eliminated and even the not so conversant consumer is assured of the safety and security of money and establishment of the appropriate system to affect immediate redressal and recovery of money if some fraudulent transaction has happened.”