Opinion: Securing data amidst cybercrimes

Not a day passes without a report on cybercrime. A recent news item reported that Punjab National Bank has compromised customer data for over seven months. Every organisation using a digital platform asks for personal details like Aadhaar number (this number is auto connected to Permanent Account Number of Income Tax). Billions are lost in well-organised cybercrimes. Only a few lucky get back their money after months of investigation. How and when did all this start? And can there be no end to it?

Stewart Brown traces cybercrime to 1870, the first spam to 1978 and the first virus attack on Apple computers to 1982. From 2005 to now, ransomware, click-fraud, identity theft, and highly organised cybercrimes have been occurring with regularity costing an estimated $500 billion annually. Some 15 types of cybercrimes are: hacking (credit card), denial of service attacks, identity theft, virus dissemination, computer vandalism, cyber terrorism, online fraud, software piracy, forgery, malicious code, malware, phishing, spam, spoofing and defamation. Water Hole attacks have also become common.

During the first generation of economic reforms, banks moved to computerisation and networking for serving customers with speed and accuracy as well as to sync with global standards. Banks and governments feel that every citizen should be able to transact every financial and business activity through the phone, bringing in apps to transact. But don’t we need to look at the literacy levels and digital literacy levels in India?

Literacy Levels in India

Adult literacy rate is the percentage of people aged 15 and above who can read, write and understand a short simple statement about their everyday life.
• India’s literacy rate in 2018 was 74.37%, a 5.07% increase from 2011.
• In 2011, it was 69.30%, up 6.55% from 2006.
• In 2006, it was 62.75%, a 1.74% increase from 2001.
• India’s literacy rate in 2001 was 61.01%, a 12.79% increase from 1991. (macrotrends.net/countries/IND/india/literacy-rate)
At all India level, the literacy rate is 69.3% (2020). Among males, it is 78.8% and females 59.3%. Now let us see the digital literacy rate of India in 2020.

Digital Literacy

The Ministry of Electronics and Information Technology defines digital literacy as “the ability of individuals and communities to understand and use digital technologies for meaningful actions within life situations. Any individual who can operate computer/laptop/tablet/smartphone and use other IT related tools is being considered as digitally literate. Based on this definition, we define households as being digitally literate if at least one person in the household can operate a computer and use the internet (among individuals who are 5 years of age and older). We also find that only 38% of households in India are digitally literate. In urban areas, digital literacy is relatively higher at 61% relative to just 25% in rural areas.” (ideasforindia.in)

Customers have been enticed to speed of service and access to service from anywhere and 24×7 through internet services. Customers were told – ‘you need not come to the branch of the bank to transact your account – remittance or withdrawal from any place to any other place and within the notified hours.’

The Reserve Bank of India introduced KYC – Know Your Customer – profiling by banks. This KYC has to be renewed annually. Banks ask for Aadhaar card, PAN card, mobile number, electricity and/or telephone bill to serve as evidence of residence. While the RBI guideline says any two are sufficient for opening and operating the account, banks, as abundant caution, ask for all the particulars with the duly self-certified photocopy of the documents.

Then came the ritual of annual updating of the KYC failing which cheques got bounced; ATM cards seized to function, and the harassment started. You ask the man at the counter – the response is typical: the machine is not responding. You must comply with whatever has been advised. Would it not be wise to renew KYC only for those whose average monthly turnover in the SB account is above Rs 2.5lakh – the annual income tax exemption limit?

You notice debits into the savings bank account – reason not specified. On enquiry, you will realise that it is for sending an SMS on your phone on record, that the debit through ATM has been declined – some number is given as the reason. The Savings Passbook data shows adequate balance in the account. The reason for the decline by the ATM is not explained by the bank executive. The only reason given is the ATM may not have enough money in the denomination that is sought. Then why there should be debit of Rs 50 as communication charge?

Worthwhile Precautions

A LinkedIn local circles survey (September) in 392 districts – 24,000 participants – reveals that certain precautions would be worthwhile to follow. These and some more include:

A LinkedIn local circles survey (September) in 392 districts – 24,000 participants – reveals that certain precautions would be worthwhile to follow. These and some more include:

  1. Always use multi-factor authentication (MFA). If the site doesn’t support MFA, shame them publicly. Use a Hardware Security Key (eg YubiKey) as a preferable MFA option.
  2. Almost all the so-called ‘Algorithm’ to craft different passwords (based on name of the websites) are clumsy. If you share one password with anyone for any reason, boom! Now people know all your passwords.
  3. Try to use Signup with Google/Facebook/Apple option instead of creating a password for each site. You can easily just revoke the access from the platform if required.
  4. Use a Password Manager (paid one, if possible). Now you need to remember only one password – the master password of the Password Manager. Apart from storing passwords, let the Password Manager generate a strong password which is difficult to remember. Now you don’t remember the password, so there is no chance of reuse of passwords on different sites.
  5. If you’re a developer, there’s FIDO2: Web Authentication, which doesn’t require a password.
    The fact remains that there are not many digital literates to understand and follow these rules. The news that some digital currencies will be legitimised would bring the fraudsters closer and faster to the financial world.
    Unless cybercrime detection and detention of the criminals move with unheard speed, the economy would be in for a major shock at a time when growth rates are rising. This clearly underscores the need for the government, financial institutions, and regulators to evince greater care and attention in protecting data that can be hacked and transmitted at the blink of an eye.
(The author is an economist and risk management specialist. Views are personal)


Source: https://telanganatoday.com/opinion-securing-data-amidst-cybercrimes

Comments

Popular posts from this blog

How a cyber attack hampered Hong Kong protesters

‘The chances of nuclear use are minimal. Both Russia & Ukraine are well aware of results’: DB Venkatesh Varma

Pak off FATF Grey List; ‘Black Spot’ on Fight Against Terror Irks India; J&K Guv Says 'World is Watching'