1. Home
  2. WhatsApp Pay may put Indian digital banking at risk: Experts

WhatsApp Pay may put Indian digital banking at risk: Experts

Agencies
November 8, 2019

After WhatsApp accounts of 121 Indians were compromised by the Israeli spyware Pegasus, experts have warned that the payment feature the Facebook-owned platform is planning to launch in India may put the digital banking system at risk.

"WhatsApp payment needs to be seen with microscopic eye, primarily because in payment you will be dealing with sensitive personal data and cyber security is going to be an essential building block component for WhatsApp to demonstrate its due diligence," Pavan Duggal, one of the nation's top cyber law experts, told IANS.

The Ministry of Electronics and Information Technology (Meity) has already expressed dissatisfaction over the manner WhatsApp communicated about the compromised accounts.

The piece of NSO Group software called Pegasus allegedly exploited WhatsApp's video calling system by installing the spyware via missed calls to snoop on 1,400 users globally. The devices were compromised with just a WhatsApp video call.

In May, WhatsApp, which has 400 million users in India, urged its 1.5 billion global users to upgrade the app after discovering the vulnerability.

"WhatsApp's recent operations have shown that it's difficult for the government to get information from it. WhatsApp is an intermediary under the Information Technology Act and is mandated to exercise due diligence under the law. But it has failed to do due diligence," Duggal said.

"You should not be in a hurry to grant new licences or permission to WhatsApp without being satisfied with its adherence to cyber-security norms, international best practices and Indian laws," he said.

The Facebook-owned company is learnt to have countered the government charge that it didn't inform it about a privacy breach on the messaging platform. WhatsApp didn't even comply with the data breach notification law in India, Duggal said.

"It (WhatsApp) didn't follow reasonable security practices as mandated in Section 43A of the IT Act, 2000. In fact, it abetted the crime of un-authorised access too. Granting WhatsApp pay licence should be given a second thought by the Reserve Bank of India," said Prashant Mali, cyber lawyer at Bombay High Court.

In light of the recent hack, the government, the RBI and the National Payments Corporation of India (NPCI) is reportedly evaluating the risk of allowing social media apps into the digital payment ecosystem.

"With the government, the RBI and the NPCI planning to evaluate the risks involved in making payments via social media apps and services, the security of the UPI payment infrastructure on WhatsApp Pay has been rendered under a cloud of vulnerability," said Salman Waris, Managing Partner at TechLegis Advocates & Solicitors, a law firm.

The RBI revealed in an affidavit in the Supreme Court earlier that WhatsApp had not complied with the data localisation norms. In an April 2018 circular, the RBI stated that the data of any payment banking system have to physically located in India.

"The history of WhatsApp has shown that it's not cooperative with the government in sharing of information. If financial information is compromised, it will not only have an impact on users, but it can also have an impact on the sovereignty and security of India," Duggal said.

The government must go slow till the time WhatsApp demonstrates compliance to Indian law and showed that the platform was secure, he said.

"Because almost every phone user in India is on WhatsApp, it's all the more important for the government and the RBI to ensure that WhatsApp not only complies with the parametres of cyber security and data localisation norms, but also the IT Act and the rules and regulations thereunder.

"If WhatsApp doesn't comply with the data localisation norms, rules and regulations of the IT Act, then there is no question of granting new permission," Duggal said.

In a statement, a WhatsApp spokesperson said that safety and security of users remains the platform's highest priority.

"In May, our security team caught and stopped a cyber attack designed to send malware to mobile devices. Unable to break end-to-end encryption, this kind of malware abuses vulnerabilities within the underlying operating systems that power our mobile phones," the WhatsApp spokesperson said.

"Technology companies are constantly working to stay ahead of these kind of challenges through updates and patches. The safety and security of our users remains our highest priority, which is why in May we blocked the attack and have taken action in the courts to hold NSO accountable," the statement added.

Facebook filed a lawsuit against Israel's NSO Group last month. According to Facebook, the NSO Group violated laws, including the US Computer Fraud and Abuse Act.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 12,2024

ikramuddinkamil.jpg

The Taliban regime has appointed Ikramuddin Kamil as the acting consul in the Afghan mission in Mumbai, Afghan media has reported.

It is the first such appointment made by the Taliban set up to any Afghan mission in India.

There was no immediate comment from the Indian side on the appointment that came.

The Ministry of Foreign Affairs of Afghanistan has announced the appointment of Kamil as the acting consul in Mumbai, the Taliban-controlled Bakhtar News Agency reported on Monday, citing unnamed sources.

"He is currently in Mumbai, where he is fulfilling his duties as a diplomat representing the Islamic Emirate," it said.

The appointment is part of Kabul's efforts to strengthen diplomatic ties with India and enhance its presence abroad, the media outlet said

Kamil holds a PhD degree in international law and previously served as the deputy director in the department of security cooperation and border affairs in the foreign ministry, it said.

He is expected to facilitate consular services and represent the interests of Afghanistan in India, the report added.

Kamil's appointment comes days after the external affairs ministry's point-person for Afghanistan held talks with the Taliban's acting defence minister, Mullah Mohammad Yaqoob, in Kabul.

Sher Mohammad Abbas Stanikzai, the Taliban's deputy foreign minister for political affairs, also posted on X about Kamil's appointment.

The appointment of Kamil is seen as part of efforts to facilitate consular services to the Afghan population in Mumbai.

There has been almost negligible presence of diplomatic staff at the Afghan missions in India.

Most of the diplomats appointed by the Ashraf Ghani government have already left India.

In May, Zakia Wardak, the seniormost Afghan diplomat in India, resigned from her position after reports emerged that she was caught at the Mumbai airport for allegedly trying to smuggle 25 kg of gold worth Rs 18.6 crore from Dubai.

Wardak had taken charge as the acting ambassador of Afghanistan to New Delhi late last year, after working as the Afghan consul general in Mumbai for more than two years.

She took charge of the Afghan embassy in New Delhi last November, after the mission helmed by then ambassador Farid Mamundzay announced its closure.

Mamundzay, who was an appointee of the Ghani government, had moved to the United Kingdom.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 22,2024

Mangaluru: A man fell victim to an online scam, losing Rs 1.7 crore after fraudsters posed as officials from TRAI. According to a complaint filed at the CEN police station, the incident began on November 11, when the complainant received a call from an unknown number at 9:49 am.

The caller, claiming to represent TRAI, alleged that another mobile number registered under the complainant's name was involved in illegal activities in Andheri (East), Mumbai. The caller further stated that an FIR was lodged against the complainant for harassment under the guise of marketing. He was instructed to contact Andheri (East) police station immediately or risk his mobile service being deactivated within two hours.

The complainant was subsequently connected to an individual named Pradeep Sawant, who claimed the complainant was implicated in a money laundering scheme linked to the Naresh Goyal fraud case. Sawant alleged that a fraudulent bank account under the complainant's name was opened at Canara Bank, Andheri, and used to purchase a SIM card for illegal activities. He warned that the complainant could face arrest.

Later, the complainant was contacted via WhatsApp video call by individuals posing as Rahul Kumar (a police officer) and Akanksha (a CBI officer). They allegedly sent fabricated CBI documents to his WhatsApp number. The fraudsters demanded money to "resolve" the case. Fearing threats, the complainant allegedly transferred Rs 1.7 crore through RTGS in batches of Rs 53 lakh, Rs 74 lakh, and Rs 44 lakh between November 13 and 19. A case has been registered at the CEN police station and an investigation is ongoing.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 18,2024

resort.jpg

Mangaluru: The Ullal police have arrested Manohar, the owner of Vazco Beach Resort, and its manager Bharath in connection with the drowning of three college girls from Mysuru at the resort’s swimming pool on November 17.

City Commissioner of Police Anupam Agrawal confirmed the arrests, stating that a case has been registered under Section 106 of BNS. The bodies of the victims, all in their twenties, have been handed over to their parents. The women had arrived at the resort for a weekend getaway on November 16.

Following the tragic incident, the resort was sealed by officials led by Mangaluru Assistant Commissioner Harshavardhan. The trade license of the resort, issued on June 13, 2024, has been suspended, and the tourism department has temporarily revoked the resort's registration. These actions prohibit the resort from engaging in any tourism-related activities until further notice.

Someshwara TMC Chief Officer stated that the suspension was due to the resort's failure to implement adequate safety measures, which resulted in the loss of three lives. Further investigations are underway.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.