Preferred mode of digital payment transactions Mobile devices 48% Swipe the cards at point of sale 38% Computers (Laptop/Desktop) 14% • Cracked applications installed on devices – Users have multiple applications installed on their mobile phones, which also includes the ‘cracked’ applications that may have access to information across the device. These applications potentially access financially sensitive information and pass on to attackers. Our study indicates that nearly 58 per cent respondents considered the usage of One Time Password (OTP) to be a secure mechanism; however, information such as OTP can be accessed by malicious applications installed on mobile phones, which have access to user’s messages or calls. • Vulnerable/unpatched operating systems – India has a mix of users having smart phone with Android™ (76.85 per cent) and Apple™ 2 operating system (2.33 per cent). 3 The nature of some of these operating systems are extremely open which supports collaboration, but also exposes large set of users to potential security issues. Key reasons for security incidents 120 100 80 60 40 20 0 Lack of user awareness levels due to varied user profiles End points/ devices being used for digital payments are not secured (such as mobile phones, desktops, etc) Concentrated attacks on users through infected apps/malwares Lack of adequate redressal mechanism post incident 60% 100% 80% 40% 2. Apple is a trademark of Apple INC., registered in the U.S. and other countries 3. Market share held by mobile operating systems in India from January 2012 to December 2016, The Statistics Portal © 2017 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
12 Security by design for digital payment products • The demand for accessing digital payment channels has increased significantly post the demonetisation drive in the country. While this provided an opportunity to service providers, the demand of solutions led to design and launch of multiple products during short period, which may lead to security controls not being designed comprehensively. • One of the leading mobile wallet providers had to roll back the product, since there were concerns raised on security measures. 4 Large ecosystem with multiple variables According to our survey, availability of strong cashless ecosystem is essential for enhanced adoption of digital payments. Digital payment ecosystem is evolving at a rapid pace as India is embracing digital and technological advancements. The value chain of entire ecosystem is large and growing, which exposes it to cybersecurity risks. The key variables include: • Data interfaces across the products: Products are required to have multiple interfaces with other services/ applications and most of the products have multiple Application Program Interface (APIs) for this purpose.
You've reached the end of your free preview.
Want to read all 36 pages?
- Spring '17
- RENU EMILE
- KPMG, KPMG International Cooperative