Tag Archives | Modi

Beware the security risks before you jump onto digital payments bandwagon

Deficit in cash flow has forced users into digital payments. Without proper precautions and security policies, the highly reactive nature of cyber security leaves us vulnerable to cyber-attacks.

chaiwalla-paytmImage source: DNA India

The whole demonetization of currencies has shaken our country to its core. In the past week, we saw how it affected people at all levels and how they were coping with it, hoping for the better in the near future. While the challenges still persist, it has nudged people towards digital transactions even for their daily needs using virtual wallets, PayTM and others. Companies that enabled digital payments acted as buffers soaking up some of the pressure. In fact, there was a surge in digital payments hitting records high over the past week; PayTM saw a 200% increase in its mobile application downloads and a 250% increase in overall transactions. MobiKwik saw an increase of 200% in its application downloads within few days. Other companies within this domain such as, Oxigen and PayU have also seen a rise in their service usage.

Resultant trend maybe vulnerable to security threats

This new trend is certainly heading in the right direction towards digitization, however there is risk of casting a blind eye towards the security aspect in the whole process of adapting to this digitized lifestyle. The Nordea Bank Fraud incident that occurred in 2007 is a classic example of e-banking cyber-attack, where perpetrators infected unsuspecting customers’ systems with a malware that stole login credentials, and made off with over 1.1 million US dollars. Not even major financial corporations like VISA, PayPal, and MasterCard are invincible from cyber-attacks.

The security standards and precautions have certainly evolved since these high profile attacks. But the speed of technological developments and its integration into our economy far supersedes that of the defense mechanisms and protocols in place to mitigate any cyber-attack on these developments. It goes to show that they are unparalleled and reactive in nature which ultimately begs the question: Is it safe to utilize these new payment platforms?

PayTM for instance is certified under the Payment Card Industry Data Security Standard (PCI DSS) 2.0 certification, which is the current industry security standard set by American Express, Visa International, MasterCard Worldwide and few other international dealers. This is an essential certification for companies that store credit-card info. PayTM also uses 128-bit encryption technology to crypt any information transfer between two systems. It takes more than 100 trillion years for a hacker to crack a password under 128-bit encryption. Needless to say, transactions via PayTM are fairly secure. Other companies like MobikWix also employ the 128-bit encryption technology. This is a common security measure that companies dealing with credit card information and transactions deploy, hence there is little doubt that companies taking advantage of demonetization are employing their share of precautions for secure transactions.

Is that secure enough?

But, these precautions won’t make us invulnerable. There are other things aside from the login credentials that hackers target these days. For example, just few days back, hackers breached a British mobile company, Three Mobile’s database and stole private information on six million users. Another example is the recent massive data breach of Indian bank networks that compromised over three million users’ financial data. The breach occurred between May 25 and June 10, victimizing major banking companies, including HDFC Bank, ICICI Bank, YES Bank, and Axis Bank. This stolen data can be sold underground, used for identity theft, or strengthen brute force attacks for further personal attacks.

These breaches may appear sophisticated, but there are other easier methods that anyone with basic IT skills can deploy. For Instance, here is an article by a hacker displaying the html code on how to fake the PayTM website. Using a spoofed site, a hacker can use phishing tactic to gain login credentials from unsuspecting users. Other tactics include fake mobile applications or spyware that steal information, social engineering tactics that make you reveal your login credentials, etc. This is nothing new however; spoofing, phishing, and spyware have plagued the IT security industry for more than a decade, with their tactics getting increasingly sophisticated.

But, if companies like HDFC and ICICI, which are most likely proactive in updating their security systems, still experienced cyber-attacks, what does that imply about unsuspecting users? Most new users were forced onto the digital payments bandwagon due to the currency demonetisation. Especially street-vendors, who were primarily reliant on cash payments before the demonetization, such as the Chai-wallas and Pan-wallas that were quick to adapt so as to maintain their revenue. Are these new users aware of the security risks involved here? I highly doubt it. Even if they are aware of the risks, whose responsibility is it and what precautions can they take to minimize damage from future attacks?

Whose responsibility is it?

It is not a single entity’s responsibility. Everybody involved in the process, including companies offering the service, the customers, and the government should do their share to mitigate cyber-attacks and minimize its damages. The following is a three pronged approach for companies, customers and the government to mitigate security risks:

digital-payment-risk-management

Companies

All companies that offer platforms or services enabling digital payments should, first and foremost, increase awareness of the risks among their customer base and educate them on ways to secure themselves. Employ behavior analytics and pattern analysis at their fraud departments to predict suspicious behavior. Stay proactive in looking out for any spoofed applications or websites that masquerade their service. Proactively monitor discussion boards, social media platforms, and forums that discuss hacking and fraud tactics, and implement proactive measures to thwart their tactics.

Government

The Government should also do its share to protect its citizens by minimizing vulnerabilities. It should check if the current policies regulating this platform are adequate, and update it if necessary. Educate the populace on the risks involved. Enforce strict policies and hold companies accountable for not meeting security standards. Minimize benefits that come from overlooking security precautions. And, strengthen public-private partnership on live information sharing about cyber-attacks and fraud.

Customers

Customers should do their share to minimize damages. They should educate themselves about the risks involved, and take appropriate precautions. Minimize vulnerability with two-factor authentication and routine password changes. Check for applications’ authenticity by looking for the number of downloads and reviews by other users; the higher the number of downloads and reviews are, the higher the chances that the application is legitimate. In addition, check for other application releases from that developer. Check for website’s authenticity by checking for proper spelling of the web address, or if the website is secure by checking for a green padlock symbol on the left to the web address, and that the address starts with ‘https:’ Keep the web browsers updated as they can recognize illegitimate sites easily. Do not share sensitive information including login credentials over emails, phone calls, or chats. Lastly, trust your instincts and double check to make sure you don’t leave yourself vulnerable.

Puru Naidu (@Brocolli88) is a Research Analyst at the Takshashila Institution

Comments { 0 }

Rafale not a done deal, yet

The lack of clarity in price finalisation of Rafale between India and France indicates that both sides may have to make some compromises 

It was with much fanfare that concluding of much spoken about Rafale deal between India and France was announced on January 26, 2015. The first announcement of this deal was done during Modi’s visit to France in April 2015. It was reported then that 36 aircraft will be sold to India in a ‘fly away’ condition. This came as a very pleasant surprise for the Indian Air Force as the deal had been stuck for a long time in spite of critical operational necessity. Modi in his address stated that India and France had concluded the Inter Governmental Agreement (IGA) pending some financial issues. Later it was clarified by the foreign secretary S.Jaishankar that it was a Memorandum of Understanding(MoU). The French President Francois Hollande has been quoted saying that the financial issues could be resolved in a “couple of days”. Legally speaking, a MoU cannot be contested in a court of law. It differs from an agreement which is enforceable. The devil lies in the details.

There have been two sticking points in the deal. First, India wanted a 50 per cent offset in the deal for its ‘Make in India’ programme whereas France was willing only for 30 percent. After much wrangling, the French have agreed to the offset clause. Second, it is the cost of the aircraft which is seemingly getting intractable between the two parties. The logic of price as seen from seller’s angle is simple to understand. Lesser the quantity, higher the price. Officials involved in the negotiation say that the cost per aircraft demanded by the manufacturer Dassault is € 100 million or approximately Rs. 740 crore. This makes the total cost about $ 11 billion. It is reported that India wants to bring it down to $ 7 billion, almost 35 per cent less. Anyone who has been involved in negotiations knows that the financial aspects are the hardest to resolve.

The Multi Role Combat Aircraft (MRCA) has been one of the longest running negotiations in the history of arms  deals in India. The Indian Air Force stated its requirement for MRCA in 2001. Rafale pipped its closest competitor in this race, the Eurofighter because of its life cycle costs. Rafale increased its price primarily because of the considerably less numbers from the initial projected figure of 126 aircraft. Much political capital has been invested between Modi and Hollande. It is only prudent that the deal is concluded quickly in the national interest. Even after signing of the agreement, it may be only by the end of 2016 or early 2017 that IAF gets the deliveries as the fighter will have to be customised to Indian conditions. We are not quite there, yet.

 

Guru Aiyar is research scholar in Takshashila Institution and tweets @guruaiyar

Featured Image: Rafale by Airwolfhound, licensed from creative commons.org

 

 

Comments { 2 }

India-Pakistan Rendezvous: Will terrorist attack destabilize the relation

 

Prime Minister Modi has called for a prompt and decisive action against those involved in the terror attack at Pathankot air base. Speaking to Prime Minster Nawaz Sheriff, Modi expressed his grave concern on the terror activities on the Pakistan soil and has called for an actionable response. Disrupting bilateral talks between India and Pakistan could be attributed as the key reason to this attack and a similar pattern has been sighted in the past.

A noticeable interface at the recent Paris Climate summit, on the sideline was the India-Pakistan Prime Minister talks that paved the way for a crucial Ministerial level dialogue. The rare meeting of the NSA (National Security Advisor) between India and Pakistan was described as cordial, open and positive. This was followed by the visit of India’s Foreign Minister Sushama Swaraj to the Heart of Asia Conference at Islamabad. Prime Minster Modi’s visit thereafter to Pakistan and meeting his counterpart Nawaz Sheriff, was seen as a significant bilateral development and an unprecedented progress in India-Pakistan relations. Interestingly this was followed several engagement like the cricket diplomacy and  the assurance by Modi to attend the SAARC summit to be held in Pakistan next year.

Despite the recent terror attack at the Pathankot Air Base and the Indian Consulate at Mazar-i-Sharif, Afghanistan with several reports confirming the involvement of Pakistan militant outfit Jaish-e-Mohammed (JeM), the rendezvous between India and Pakistan continues. However, Prime Minster Modi has reiterated the fact that such a dastardly terrorist attack was carried out from the Pakistan soil and has insisted firm action. Normalization could succeed only if action on perpetrators are taken as promised by Pakistan. There is no ambiguity in the terrorist attack and India has provided specific information to Pakistan to investigate the strike. Prime Minster Modi has demanded stern action to be taken against the perpetrators.

On the face of hope, there is a movement for comprehensive bilateral dialogue as against a composite dialogue. The Foreign Secretary talks as of now does not stand cancelled. Instead of confrontation and antagonism there is an unruffled silence. There is a regional implication to this reticence, both India and Pakistan are competing for influence and stabilization in Afghanistan. Several common interest like trade, security, energy and terrorism underpins this relationship. Modi’s address at the Afghan Parliament dawned a ray of hope, positive spirt and an earnest effort to dispel the Pakistani notion of distress on India’s involvement in Afghanistan.

There are several drivers to this stabilization process and some of the key factors would be energy assets and viable Central Asian markets for both India and Pakistan. Afghanistan is a key promoter of regional stability and is looking forward to an era of economic and security cooperation. With an emerging India-Afghanistan-Pakistan triangular relation, each of them are exhibiting high level of maturity and commitment. The recent inauguration of the Turkmenistan-Afghanistan-Pakistan-India (TAPI) gas pipeline is yet another important strategic calculi.

Regional rapprochement has not been very successful and largely the South Asian politics have been dominated or clouded by India-Pakistan relations. Prime Minister Modi on assuming office has committed to sustain normalcy in the region. Earnest effort to adhere his commitment was seen in several of his initiatives towards the region. The recent   Modi’s visit enroute from Kabul to Pakistan is an important milestone in the process of regional stabilization.

Terror attacks and threats have been the key destabilizing factor in the area. Several terror outfits coexist and cohabit in the region and they have been supported largely by fundamental and fanatic groups. Countering terrorism has been a daunting task and several peace process to find a solution to this enduring problem has dominated the past years. Thus countering terrorism as a regional phenomenon would succeed only if there is a single peace process outcome in which both India and Pakistan are involved. Pakistan counter terrorism operation in the tribal region along Afghan border is underway. A step to regional balance and progress is on cards and India’s involvement is seen as positive step in this initiative. South Asian diplomacy has been advancing well in the past few months with several rounds of talks at the Government level and the impromptu visit by the Indian Prime Minister.

Balancing the regional stability is a daunting task, there are several glitches to this progress. It is not the very first time that peace process or normalization talks have been stalled. The question that remains is, will the recent terror attack at Pathankot air base set the clock behind in India-Pakistan Relations.

 

Priya Suresh is a Research Scholar at the Takshashila Institute.  She tweets@priyamanassa

Comments { 0 }

Rohith Vemula’s suicide—is it the Rajeev Goswami moment of NDA II?

The recent suicide by a Dalit scholar has all the makings of turning into a powder keg if not handled with seriousness by the government 

The suicide of Dalit scholar Rohith Vemula on at the University of Hyderabad may well turn out to be the Rajeev Goswami moment of present Modi government. To understand the issue, there is a need to go back to  an event under the National Front government of VP Singh in May of 1990. Rajeev Goswami was a student of Delhi University when he attempted self immolation as a protest against implementation of Mandal commission recommendations by the government. Though his attempt failed, it succeeded in galvanising a large part of the student community and other sections of the society to protest against affirmative action of the government. The reservation debate in India has been centred around this. The subsequent fall of VP Singh government can be said to have begun with the Goswami incident. To his credit, Rohith has not blamed anyone in his suicide note, but the signs are very obvious as to what led him to take this extreme step.

Modi, who was elected with a thumping majority in 2014 may finally have to do some reality check now. To dismiss this incident as something trivial and not attributable to the administration will be total naiveté. Rohith, along with four other students of Ambedkar Students Association (ASA), had been expelled by the university for ‘anti-national’ actions. His fellowship grant had been stopped for the last six months. The trigger for action against him was a scuffle in the campus that he got into with Akhil Bharatiya Vidyarthi Parishad (ABVP) activists on 3rd August, 2015. The reason for the scuffle was a protest by ABVP in Delhi against screening of the documentary film titled Muzaffarnagar Baqi Hai. The documentary, which is critical of all the political parties, shows that the riots were engineered by the BJP. This incurred the wrath of ABVP which tried to stop the screenings in other cities by violent protests.

The time has come now even when most diehard optimists and supporters of the present central government will say that enough is enough. Dadri lynching, virulent comments on the social media against activists and civil society members, majoritarian discourse and now this. Unfortunately, each such incident is brushed off as a law and order problem. Reportedly, Bandaru Dattatreya,union minister for labour had asked the university to take action against the students. However, what merited such harsh disciplinary action of expulsion is not yet clear. If universities are autonomous bodies which run on central grants, the fact that a central minister should be so involved does need to be questioned. It is also not clear whether the inquiry that preceded the suspension of Rohith was an impartial one or not. The role of the Vice Chancellor is under a cloud.

By allowing a larger than life role for ABVP and not stopping it, the government is allowing the fringe elements become mainstream—an unintended consequence. Mere cosmetic action of filing of FIR against ministers and the vice-chancellor won’t do. The development narrative of the government is getting derailed by recent happenings. Will this become the trigger for a strong backlash by the Dalits? Will it become the rallying point for the opposition? It has all the makings of becoming one if not handled with seriousness and sensitivity that is required.

 

Guru Aiyar is a research scholar with Takshashila Institution and tweets @guruaiyar

Picture credit:Blake Emrys No more hate, licensed from creativecommons.org 

Comments { 4 }

Why India must not Talk to Pakistan after the Pathankot attacks

The recent Pathankot attacks have put the spotlight on the impending Foreign Secretary level talks between India and Pakistan. India’s stand should be clearly not to engage in talks now.

Ever since the terrorist attacks on the Indian Air Force base in Pathankot, the public discourse is getting  shriller.  If we watch the TV news shows, for the last couple of days, the anchors are hell bent on shaping the public opinion in the favour of cancelling the foreign secretary level talks with Pakistan. There is strident criticism of Modi having made a surprise visit to Pakistan during Christmas last year. Of course, Modi demonstrated statesmanlike behaviour by going the extra mile.  India must not engage with Pakistan now and talks should be postponed indefinitely till such time conditions demanded by India are satisfied by Pakistan.

First, there is a need to analyse the statement given by the Chief of the Army Staff General Dalbir Singh in the aftermath of the operations. As reported in the TOI, the army chief is quoted to have said that “every time Pakistan bleeds us by thousands of cuts…we just talk about it for a few days and after that we let it go as usual business.” This clearly indicates that he would certainly have had sanction of the government. However, India is still far off from acquiring operational capabilities like Mossad’s Entebbe raid where an Israeli commando action in another country successfully resulted in the rescue of hostages. But this alone should not give India reason to engage in talks. Lashkar-e-Taiba (LeT) was responsible for 26/11 and all pointers of the Pathankot attack are towards Jaish-e-Mohammad (JeM) (NIA chief Sharad Kumar’s interview to TOI). By all estimates, these attacks have been planned well in advance and there is no connection with Modi’s surprise visit to Pakistan. Having clearly established the hand of JeM, which happens be one of the important elements of Pakistan’s Military-Jihadi complex (MJC), there is no room for doubt that the topmost echelons of the Pak army were in the know of this plan. There is a sense of deja vu (a la Kargil) when Nawaz Sharif pleads that his government is neither aware nor involved. There is certainly no need to buy this argument.

Second, let there be clarity on which stakeholders are to be involved from Pakistan. The MJC finally seems to have given its blessings to the Nawaz Sharif government to go ahead with the talks. The inclusion of Kashmir issue from the Indian side apparently has given them a reason to do so. In this, we again come to the crux of the matter — which is the Sharif that India needs to talk to? Nawaz or Raheel (Pak army chief)? Or both? It is anybody’s guess the entire agenda of Pakistani position will be guided by the Pak army. This gets us to the classic catch 22 dilemma — damned if we do, damned if we don’t. Can India talk from a position of strength? Let the policymakers remember one thing clearly-never fear to negotiate, but do not negotiate out of fear.

Third, for those who feel that let Pakistan become a failed state and implode towards doom, a sense of schadenfreude is not the best way to solve this puzzle. Our national interest must be focused at achieving 8% GDP growth. It is the fear of widening gap with India that might have finally compelled the MJC to give its green signal for talks. India has the international support. It has a convincing stand that ‘terror and talks’ cannot happen together. Pakistan’s argument of non-state actors just does not hold water. The US has clearly asked Pakistan to take action against the perpetrators of this attack. France & Japan have condemned this attack without naming Pakistan publicly. If the talks have not taken off, it is singularly because of Pakistan. Realpolitik, not morality governs international relations. To conclude, it is certainly not in India’s national interest to give a push to talks at this juncture; it is Pakistan which is on the back foot. India must seize this opportunity to shame Pakistan internationally and isolate it. This is an opportunity to be seized.

 

Guru Aiyar is a research scholar with the Takshashila Institution. He tweets at @guruaiyar

Comments { 2 }

Well played!

Such meetings change the narrative of hostility between the two countries to one of engagement, only until the military—jihadi complex retaliates.

by Pranay Kotasthane (@pranaykotas)

While analysts like me were following up on what transpired during PM Modi’s Afghanistan visit, we found ourselves taken over by the pace of events. PM Modi sent the media in a tizzy through a tweet, announcing that he would be stopping over at Lahore on his way back to Delhi.

To temper expectations and to get a realistic check on this event, here are six points worth noting:

  1. The meeting was a well kept secret, and not a surprise visit as some would like to claim (and believe). Such meetings are well planned in advance. Probably this was decided during the NSA meeting in Bangkok. Credit to both Pakistan and India that they managed to keep the secrecy element intact.
  2. The fact that secrecy was maintained in Pakistan also means that the Pakistan Army would have been taken on board. Had this not been the case, a few media houses in Pakistan tightly regulated by the Army would have leaked the possibility of the meeting, causing both sides to reconsider.
  3. This meeting would certainly infuriate a few elements within the Pakistani army that handle the anti-India jihadi networks. They would be on the look out for a chance to drown this excitement surrounding the talks soon.
  4. One cannot expect anything tangible to result from this meeting. But it does change the narrative of hostility between the two countries to one of engagement, at least until the military—jihadi complex retaliates.
  5. US will consider this meeting as a big win for its foreign policy as it has been consistently asking both the States to resume talks at all levels. Pakistan will find its positions vis-a-vis the civil nuclear agreement and economic package from US bolstered. What will India get in return is not so clear.

Interesting times. A bold move. And well played by both sides.

Pranay Kotasthane is a Research Fellow at The Takshashila Institution. He is on twitter @pranaykotas

 

 

 

Comments { 0 }