Why digital privacy and security are critical for CBDC e-rupee’s success, and winning customers trust
By Manish Mimani, Founder & CEO, Protectt.ai
As the usage of digital payments has been increasing, the number of digital frauds and cyber crimes is rising rapidly as well. As per the data available from Reserve Bank of India, the Banks and payment operators have reported online payment frauds of Rs 1,750 crore in the seven months ended March 2023.
The March month itself has reported 2.25 lakhs transactions involving Rs 333 crore frauds. This entire scenario is thought-provoking for both the government as well as for the citizens.
It is in this context that concerns have been raised about the impending rollout of India’s Central Bank Digital Currency (CBDC) or ‘e-Rupee’. There are fears that the vulnerabilities of such a digital currency could be exploited to spy on the private transactions of individuals, obtain confidential and secure information, and steal money.
The need for robust mobile app security is now more critical than ever – to safeguard consumers against long-standing cybersecurity threats such as malware and spoofing, as well as to ensure that CBDC once implemented, is secure.
Dilemma of the need for technology and cybersecurity
Since 2020, when the pandemic hit the whole world, many people switched completely to digital payments be it for bill payments or business-related transactions for convenience and to maintain social distancing ..
Along with growing e-commerce, the online payment players such as Paytm, PhonePe, Google Pay, and many more have made payment methods much easier. It just needs one click to pay for anything without having to worry about going out and putting your energy into exploring or standing in queues. RBI has highlighted that since digital currency will be managed on a digital ledger, cyber crimes and digital frauds can be alarming. CBDC can also be a prime target for data breaches and server blockages, hence, paving the way for more cyberattacks in the future.
Additionally, from the users’ point of view, the core foundation of any currency is trust and for them to be able to comfortably adopt CBDC, they need to be assured about its security. Since the digital rupee will operate in the digital space, appropriate risk-management strategy and robust cybersecurity solutions are required.
Digital Payment Security Controls are the solution
The answer to these challenges lies in the concept of Digital Payment Security Controls (DPSC), as outlined by the RBI in a document issued in early 2021. DPSC was conceptualized with the aim of enabling Indian financial institutions to safeguard digital channels used by their customers. The principles of DPSC address the entire payments ecosystem – including security controls, customer experience, data privacy, device-level controls – all of which collectively work to safeguard customer data and transactions.
DPSC outlines the need for financial service providers to implement distributed identity solutions to facilitate improved access management, privacy controls, identity-proofing and user experience. Such a solution would ensure both customer convenience and security.
One of the methodologies a distributed identity solution would employ for user authentication is DEVICE & SIM Binding. Under this approach, the user’s device is bound to their verified and validated identity, enabling a robust password-free experience through identity-based biometric authentication. Similarly, SIM binding uses a combination of SIM detection and SMS verification to validate a user’s mobile number.
Bottom line
Although, digital payment is making life easier as it saves time and resources at the same time such frauds and scams are worrisome. Public acceptance and trust are critical for the success of CBDC. And for this, we need to address security and safety concerns.
The need for powerful Mobile App security technologies is more keenly felt than ever before. Runtime Application Self-Protection (RASP) is one such solution that can be leveraged by financial service providers to protect their apps from vulnerabilities that can arise from a wide range of sources, such as unsecured or proxy networks, jailbroken devices, the use of anti-VPN etc.
CBDC can be a game-changer for digital payments in India. However, the impending rollout needs to be secured with a strong cybersecurity infrastructure to mitigate potential reputational damage and financial losses on the part of customers and businesses. Policymakers should ideally take on board inputs from cybersecurity specialists while establishing the regulatory framework for CBDC’s, and in order to implement effective security protocols to safeguard consumers.