Express Computer
Home  »  features  »  IIMB study finds serious privacy concerns with mobile payment systems

IIMB study finds serious privacy concerns with mobile payment systems

0 413

A brief study, by the Centre for Software and IT Management at IIM Bangalore, on the risks associated with Indian mobile phone based payment systems, raises significant questions

With the rapid development of information technology, ubiquitous mobile phones, and the impact of the demonetization scheme of the GoI, India has experienced a significant surge in the number of electronic transactions through mobile payment apps and services. However, around the world, spread of electronic banking has resulted in thousands of cybercrimes and monetary thefts by cybercriminals. The security risks related to electronic transactions through mobile payments are high due to various technological and other reasons.

A study conducted by the Centre for Software and IT Management (CSITM) at Indian Institute of Management Bangalore focuses on the risks associated with Indian mobile phone based payment systems. “We conducted experiments with five popular mobile payment systems, in four broad categories – wallets (PayTM, FreeCharge), direct link with user’s bank (BHIM), specific bank’s app for account holders (iMobile by ICICI Bank), and basic USSD service (dialing *99#),” said Prof. Rahul De, Chairperson, CSITM, and faculty in the Decision Sciences and Information Systems area at IIM Bangalore.

He explained that the study evaluated the apps on the following six key security principles combining the Basel Committee’s ‘Risk Management Principles for Electronic Banking’ and RBI norms for electronic banking transactions:

  • The potential for confidentiality breaches
  • The management of the transactions for subsequent repudiation
  • The strength of the authentication process
  • The data and transaction integrity procedures
  • The extent of access and availability of services
  • The procedures for maintaining privacy of customer information

According to Prof. De, the study found serious privacy concerns with all the services studied. For instance, while in many apps like Freecharge, the wallets are not directly linked to third party vendors (such as Uber or BigBasket), apps such as PayTM allow for automatic linkage with the vendors, and the vendors can automatically deduct amounts without the explicit consent of the user. Potential for confidentiality breaches was a problem observed for all the mobile payment methods, except USSD.

A recurring security concern was that many of the apps (such as PayTM, Freecharge) do not automatically log the users out, and anyone having access to the phone can make financial transactions through these apps.

This risk is highest if the user loses or misplaces her/his mobile phone, and higher still if the phone is unlocked or unprotected. However, apps such as iMobile, BHIM have auto-logout/ session time-out features.

“We also observed inadequate management of the transactions and no evidence of systematic analysis of transaction patterns. The lack of these features are a potential security violation. However, even while we were conducting the study, we observed that the features of the apps and services were constantly evolving and changing. Hence, we add the caveat that the evaluation of the apps in this report is as observed during our study conducted between December 16 to January 17, and it is likely that some of the concerns presented in this report have been addressed, and perhaps new concerns have emerged,” Prof. De emphasized.

For the detailed report, please click http://www.iimb.ernet.in/sites/default/files/iimb-csitm-security-issues-in-mobile-payment.pdf.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image