Introduction

Recently, the Government of India (GoI) has pitched strongly in favour of cashless economy. In fact, the discourse on cashless economy has become so intensive that across political, social and economic spheres, “Cashless Economy” has become a buzzword. Cashless economy, in a nutshell, can be defined as an economy where majority of financial transactions take place through digital means such as debit cards, credit cards, e- wallets, electronic clearing, and online payment systems such as Immediate Payment Service (IMPS), National Electronic Funds Transfer (NEFT) and Real Time Gross Settlement (RTGS).

However, irrespective of euphoria over cashless economy, the ground reality is that the Indian Economy continues to be driven by the use of cash. Only less than 5% of all payments happen electronically. In India, the ratio of cash to gross domestic product is 12.42% of GDP, which is not one of the highest among BRICS countries only but in the world also. It is 9.47% in China and 4% in Brazil. Further, the number of currency notes in circulation is also far higher than in other large economies like the EU, Russia, China and Japan. India had 76.47 billion currency notes in circulation in 2012-13 compared with 34.5 billion in the US.

Reasons of dominance of cash transactions over digital transactions in India:

  • Lack of access to formal banking and other financial services: Historically, in India, there has been severe limitations over access to banking services. Quality and quantity-in both terms, there has been shortage of formal banking and other financial services.  Access to formal financial services is the foundation of cashless economy. In absence of this foundational framework, people are forced to do prefer cash transactions over digital transactions in India.
  • Behavioral aspects: Indian consumers are price sensitive. Therefore, since there is no transactional costs on cash based transactions, people choose to do transactions in cash.  Also, the electronic payments had been insofar unviable for small value transactions due to associated costs.
  • Flexibility and predictability: Cash provides flexibility and simplicity as a transaction needs only moving from one hand to another, there are no worries about crashing of computers and losing the transactions.
  • Overwhelming size of unorganized sector: India has a large unorganized sector with overwhelming majority of retailers, suppliers and service providers. They have neither the infrastructure to offer digital transactions nor the inclination to encourage consumers to pay by credit cards, debit cards or by any digital means.
  • Poor awareness about digital transactions: The lack of education and awareness among consumers regarding use of cards and digital platforms have also kept them regular on cash transactions.

Benefits of Cashless economy:

Cashless economy has following set of advantages:

  • Low transaction cost: Prima facie, the transaction cost on digital transaction may seem greater than the cash based economy. However, if we consider the all hidden costs on cash transactions, it will surely surpass the transaction cost of digital payments. The transaction cost on digital mode are coming down and will further go down. Once a substantial part of transactions are cashless, it would bring down the cost of printing, managing and moving money around.
  • Convenience: The cashless economy automatically solves the problems of cash out on long holidays, risk of carrying currency notes etc.
  • Effective countering against black money: The lesser use of cash strangulates the grey economy, prevents money laundering and increase tax compliance. Increased tax base would result in greater revenue for state and greater amount available to fund the welfare programmes.
  • Impetus to economy in form of increased transaction: Cash being material, can be prevented from circulation but electronic channels alleviate this friction and increase circulation of currency.

However, irrespective of huge benefits of cashless economy there are fears as well as security concerns. The dismal security conditions of critical information infrastructure of India has only strengthened such fears. Only recently, sensitive bank debit cards information was leaked.  More recently, a group of hackers hacked into twitter accounts of important personalities. This brings us to an important question especially when we trying out new ways to make virtual payments and transactions. Thus, from this perspective, it makes sense for us to review the cyber security of financial framework in India.

Cyber security of critical financial infrastructure in India:

Recently released Norton cyber security report- Russia based web Security Company internal report, highlights that India witnesses the largest number of incidences of ransomware and other online financial frauds.

In India, Cybercrimes are administrated by the Information Technology (IT) Act, 2000 as amended by The IT (Amendment) Act, 2008. It has a separate chapter XI entitled “Offences” in which various cybercrimes have been declared as penal offences punishable with imprisonment and fine. There are no mention of “financial cybercrime” as such. The enlisted cybercrimes under IT Act, 2000 are:

• Hacking

• Data theft

• Spreading unscrupulous programs (Virus, worms, etc.) through computer networks.

• E-mail spoofing

• Pornography

• Identity theft

• Online financial frauds

Cyber security: Challenges  and measures in critical financial infrastructure

Financial services based businesses such as banking, insurance, e-commerce, e-wallets and online payments etc. are flourishing with a great speed in India. However, despite this, Cyber security in India has never been given a priority and this is the reason why we have no robust and resilient cyber security infrastructure in India. Banking sector of India is no different from other businesses or industries. Cyber security of banks in India is in a very bad shape. Despite many reminders of Reserve Bank of India (RBI), banks have paid little or no attention to strengthen their cyber security. Banks in India are also not following any cyber crisis management plan (CCMP) for meeting cyber-attacks situations. Indian government has also not prescribed any cyber breach disclosure norms in India and banks and organizations are not reporting cyber breaches happening at their branches

Financial services such as banking etc. involves large scale usages of Information and Communication Technology (ICT) in its operation. However, this large scale involvement of ICT, that make this sector more challenging to secure from unwarranted web attacks.

Use of Information Technology by banks and their constituents has grown rapidly and is now an integral part of the operational strategies of banks. The Reserve Bank, has provided guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds wherein it was indicated that the measures suggested for implementation cannot be static and banks need to pro-actively create or modify their policies, procedures and technologies based on new developments and emerging concerns.

Poor awareness about security aspects among service users have compounded the problem. In such cases, even if banks and other service providers revamp their web-security eco system, users, due to poor awareness and ignorance, always remain vulnerable to web security threats. Therefore, there is an immediate need to spread awareness about cyber security in India. Banks and other financial agencies need to put a well comprehensive action plan to address the problem.

A Cyber Crisis Management Plan (CCMP) should be immediately evolved and should be a part of the greater cyber security eco-system. Considering the fact that cyber-risk is different from many other risks, the traditional arrangements may not be adequate and hence needs to be revisited keeping in view the nuances of the cyber-risk.  In India, CERT-IN (Computer Emergency Response Team – India, a Government entity) has been taking important initiatives in strengthening cyber-security by providing proactive & reactive services as well as guidelines, threat intelligence and assessment of cyber threats. The CCMP would give a coordinated direction to these efforts and thus help all the stakeholders to tackle security challenges.

Way forward:

It is an obvious that the in near future, expansion of telecom and smart phones would provide a digital shift to the economy. The private sector would be the driver of this change. Government is also mulling to provide incentives for electronic payments for example waiver of tax when electronic settlements are used.  However, at the same time, the government needs to take care of security risks posing threat to the financial infrastructure.  The need of the hour is to build a participative approach towards cashless economy and cyber security simultaneously; invest heavily in research and development (R&D) and to put a well thought action plan to execute all plans smoothly.

0 Comments

User Discussion
    Be the first to comment

    Leave A comment