Think twice before downloading mobile phone apps, say cyber experts
Pavan Duggal, Supreme Court advocate specialising in cyber law, said that the number of cases pertaining to mobile wallets being comprised in Bengaluru itself has gone up. “In the wake of demonetisation, breaches in cyber security have increased,” he said.
Mr. Duggal added that there is a need to have a proper legal framework to assist victims who lose money to cyber criminals. “There should be dedicated cyber security laws as India is already on the way to a cashless economy,” he said.
Millions of Indians move from cash to digital payments. But some ask whether it’s safe.
“India urgently needs a new digital payment law that regulates all these mobile payment apps that have sprung up overnight,” said Pavan Duggal, a cyber-law expert. “We are right now in a completely uncharted and unsupervised territory legally. The norms for wallet companies are undefined. If I lose my money due to a fraud, I can go round and round in circles with no remedy.”
The central bank recently issued guidelines asking payment banks to carry out security audits, but Duggal said “there is no penalty or punishment for noncompliance.”
https://www.washingtonpost.com/world/asia_pacific/millions-of-indians-move-from-cash-to-digital-payments-but-some-ask-whether-its-safe/2017/01/13/e807ebf0-ae9b-488b-9eb1-1dcba80ba984_story.html?utm_term=.45c37b538a7b
'Pentagon Was Hacked Too': Piyush Goyal On Security For Digital Payments
"India urgently needs a new digital payment law that regulates all these mobile payment apps that have sprung up overnight," said Pavan Duggal, a cyber-law expert. "We are right now in a completely uncharted and unsupervised territory legally. The norms for wallet companies are undefined. If I lose my money due to a fraud, I can go round and round in circles with no remedy."
The central bank recently issued guidelines asking payment banks to carry out security audits, but Duggal said "there is no penalty or punishment for noncompliance."
Cybercrime-as-a-service a growing threat to India: Experts
Cybercrime expert and Supreme Court advocate Pavan Duggal said: “The figures from the government, though only representative, confirm the ground reality. The security concerns need to be addressed on a war footing. In India, CAAS came to the forefront in 2015, but the lack of awareness among probing agencies means there is no specific classification.”
While hiring of hackers from other countries is one thing, many Indians are being provided ethical hacking skills by trainers, which both Duggal and Faizan say is a bigger concern. “There are such institutes in every major city. They are not regulated, charge between Rs 10,000 and Rs 40,000 for certificates and promise jobs which don’t actually exist. Armed with the required skills and with no strong law in place, the candidates may stray,” Duggal said.
Digital safety fears as India eyes cashless future
"After demonetisation and cashless economy, cybersecurity is becoming even more relevant," said Pawan Duggal, a cyber-law advocate.
"Various state and non-state actors across the world are increasingly watching India's progress and targeting Indian networks and government websites. It is a wake-up call to work consistently on cybersecurity," said Duggal.
Digital safety fears as India eyes cashless future
"After demonetisation and cashless economy, cyber security is becoming even more relevant," said Mr Pawan Duggal, a cyber-law advocate.
"Various state and non-state actors across the world are increasingly watching India's progress and targeting Indian networks and government websites. It is a wake-up call to work consistently on cyber security," said Mr Duggal.
http://www.straitstimes.com/asia/south-asia/digital-safety-fears-as-india-eyes-cashless-future
Question on cyber security: As India goes cashless, how safe digital payments are?
Duggal says, 'As per National cyber policy it has remained to be just a collection of statements. It was aimed that India will boost manpower in cyber security by 10 lakh employee per year for development and research but on contrary we hire have just 20,000 employee. There exists a huge gap in National Cyber Policy implementation.
India is sitting on a big threat balloon of cyber security that could burst at any moment, noted cyber law expert Pavan Duggal said in an interview with News Nation.
“Cashless economy is Prime Minister’s futuristic approach but India is still not prepared to become cashless economy. We have major loopholes that need to filled like the country needs a dedicated legislature on digital payment,'' says Pavan Duggal.
Explaining the loopholes, Duggal says that still there is no dedicated legal framework that embodies digital payment transaction in India. Presently, digital ecosystem is governed by cosmetic changes that was done in RBI Act for the regulation of payment systems in India and regulate and supervise these systems. Digital wallet payment is still a contractual payment between the two clients and it can always be repudiated. (mobile wallet company and its customers) .Duggal says that strong tripartite agreements (between e-wallet firm, gateway and customers) and strong agreements have to be frame worked. The second challenge is to bring robust changes in IT Act 2000. India through enacted the information technology act way back in 2000, but due to lack of amendments now the IT Act proves to be ineffective with growing digital payment traction.
Duggal says, 'As per National cyber policy it has remained to be just a collection of statements. It was aimed that India will boost manpower in cyber security by 10 lakh employee per year for development and research but on contrary we hire have just 20,000 employee. There exists a huge gap in National Cyber Policy implementation.
Stressing on the secure encrypted data services, and SSL (Secure Socket Layer) encrypted websites, Duggal says that cyber security need to talks about data retrieval at a lightening speed in case of phishing attempts. He said that when around 65 lakh cards were cloned in October 2016, banks denied the cyber security breach for four-day. He said that cyber ecosystem needs to be more mature to acknowledge the security breach attempts. Duggal also stressed on cyber-crime laws should get more teeth. According to ASSOCHAM report, cyber crime in India will rise by 60%-65% in 2017. Currently, cyber-crimes fall under bailable offences and small fines are imposed on cyber-crimes. Duggal quips for hard and rigorous punishments and fines upto 5-7 lakhs.Duggal pitching for more updates software and operating system said that with commencement of bitcoins and paradigm shift to digital payment, cyber security laws have to become more topical. With 50 billion devices connected to internet by 2025, secure encryption, updated operating system and prudent anti-virus software have to be put in place. In India around
“The absence of cyber security framework for ATMs is like a dream come true for hackers. Updating the software of ATMs and beefing up the cyber security framework should be a mandatory provision, not an optional exercise,” says Pavan Duggal, a cyber law expert.
“The country needs a cyber-security law that defines the duties of the stakeholders, starting from the banker to users,” he added. He says that IT Act needs to be amended with changing situation. Talking about India policy on cyber security globally, Duggal says that India is lacking at quantum miles behind its counterparts like China and Germany. China on July 2015 adopted new information act but it amended it in November 2016 with current situation. He Germany also adopted cyber policy in July 2015 and then started amending it with changing scenario. But India amended its IT Act way back in 2008 that hold no ground with current situation. Talking about steps to link all accounts to Aadhaar, Duggal said that accesses to Aadhaar card are thrown open to public. He further said that India needs to build strong ecosystem on legal complexities and its ramification of biometric card. http://www.newsnation.in/article/155247-india-sitting-on-big-web-security-threat-balloon-that-could-burst-anytime-says-cyber-expert-pavan-duggal.html
As India plans on going cashless, security concerns on transaction increases
"It is possible that the swipe machines can be tampered with. It can be connected to a small card reader, a device which can read the details of the credit/debit card and the same can be misused by mischievous elements," says Pavan Duggal, an expert in the field of cyber law.
Banks gear up to make plastic money more secure for customers
Cyber law expert Pavan Duggal told Mail Today that the country's existing cyber law is woefully inadequate to deal with the world of cashless digital transactions as it does not have enough remedies to compensate consumers in case they are cheated of their money threw a cyber attack on banks or through phishing attempts. The Information Technology law does not envision the present world of cashless transactions as it was enacted in 2000 when this technology was not there.
Customers are blamed for not being careful with their passwords or misuse of the network for losing the money. There are very few cases in which compensation is given and even this is too low, Duggal explained.
Ministry’s move is the right step in the right direction
By Pavan Duggal | Express News Service | Published: 24th December 2016 12:51 AM |
Last Updated: 24th December 2016 05:22 AM | A+A A- |
The recent directive of the Ministry of Home Affairs asking digital payment and e-commerce companies to beef up their cyber security in the wake of increased digital payments comes as a right step in the right direction.
The directive represents the burning need of the hour and airs the hopes and aspirations of millions of Indians who want to use digital payments, while being reassured that their digital payments are safe from preying eyes and designs of cyber criminals.
At a time, when India does not have a dedicated law on cyber security and when digital payments legal frameworks in India are missing, the Government of India has realized the immense significance of cyber security for e-commerce and m-commerce.
The absence of stipulated and vigorously enforced cyber security norms for digital economy players, has ensured that stakeholders in this sphere have not put the right focus on protecting and preserving the cyber security of their digital networks.
At a time, when cyber crimes in India are growing at a rapid pace, including in the weeks post demonetisation, it is imperative that the relevant service providers put in place adequate and reasonable security practices and procedures to ensure the security and reliability of digital payments.
Given that the Information Technology Act, 2000 does not address the current day challenges, evolving in today’s increasing digital payments scenario, such directives as given by the Ministry of Home Affairs, serve to fill up a vacuum.
However, detailed legal frameworks, specific cyber security guidelines, which mandate the following of specific provisions, providing legal consequences for their non-compliance and the effective implementation of such frameworks are the urgent requirements of the day.
Lot of work needs to be done, not only to make digital payment and e-commerce companies safe and secure, but also to make them accountable towards consumer protection. (The writer is an advocate, Supreme Court of India, is one of Asia’s leading experts on Cyberlaw & Mobile Law)
'Go digital' drive brought cyber security to the fore in India
Amid this, Pavan Duggal, the country's leading cyber law expert, lamented that Indian Cyber law does not have adequate provisions to deal with the growing cyber threats.
"The Information Technology Act, 2000, amended in 2008, still does not comprehensively deal with all relevant issues in the cyber security ecosystem. India not being a signatory to any international treaty on cyber crime complicates the intrinsic ability of the immense law and legal frameworks to provide effective remedies against cyber crimes which are committed from abroad," Duggal told IANS.
To go cashless, win people’s trust first
Supreme Court advocate and cyber law specialist Pavan Duggal has been crying hoarse for India to have a dedicated law on digital payments. It’s very important to grant complete legality and remove doubts and provide clarifications pertaining to legal efficacies and legal validity of digital payments, Mr Duggal noted recently.
http://www.asianage.com/opinion/columnists/151216/to-go-cashless-win-peoples-trust-first.html
Lurking danger
But the crux of the whole Act, expert ssay, is that India lacks laws to protect consumers if they lose money during digital transactions. "We don't have any dedicated law on digital payments. That's very important to grant complete legality and remove and doubts and clarifications pertaining to legal efficacies and legal validity of digital payments," said Pavan Duggal, an advocate in the Supreme Court and expert on cyber law, in a report.
"Mobile payments in India are still not governed by any legal provisions. These payments are mostly contractual obligations. With lax cyber security, the weakest link in this chain is the bank customer," said Pavan Duggal.
http://www.thestatesman.com/features/lurking-danger-1481141331.html
‘Digital economy needs stricter cyber laws’
“Cyber laws are practically non-existent. It’s a very scary situation when more and more people have started using electronic ways of money transactions. There is no one-point contact for redressal of complaints. Unless that is done, the government cannot instil a sense of trust among the people for such transactions,” said Pawan Duggal, a cyber security expert.
According to Duggal, there is no clarity as to who will resolve such conflicts that are bound to take place when more and more people start using electronic modes of payment. “The conviction rate in cyber crimes has become almost negligible ever since the IT Act was amended in 2008. As per the amendment, cyber offence was made bailable, while the compensation amount was increased to Rs 5 crore from Rs 1 crore. Unless it is made non-bailable offence, cyber criminals will continue to have a field day, cheating people,” he added.
He also demanded that payments from mobile wallets should be given legal status. “At present, it is just a contractual arrangement. There is also need to spread awareness about cyber security. Moreover, the government should focus on increasing internet penetration. India is ready for a digital revolution but it should be done with proper security cover. There should be a strong deterrent for cyber crimes,” Duggal added.
http://www.sundayguardianlive.com/news/7645-digital-economy-needs-stricter-cyber-laws
Cyber crime cases shoot up post demonetisation
“Following demonetisation, many people were forced to take to online payments to meet their daily needs. Mobile wallets like Paytm have witnessed a spike in their user base. Post-demonetisation of the Rs 500 and Rs 1,000 notes, a majority of banks, mobile applications and e-wallets have been targetted by scamsters,” said Pavan Duggal, a supreme court advocate and an expert in cyber law.
http://cio.economictimes.indiatimes.com/news/digital-security/cyber-crime-cases-shoot-up-post-demonetisation/56133910
No laws in India to protect customers if they lose money during digital transactions
"We don't have any dedicated law on digital payments. That's very important to grant complete legality and remove and doubts and clarifications pertaining to legal efficacies and legal validity of digital payments," says Pavan Duggal, an advocate in the Supreme Court specialising in cyber law.
"There are no legal mechanisms available should there be disputes pertaining to digital payments,"aid Duggal. He added that there are no effective remedy mechanisms available in case money in the digital payment ecosystem gets lost, hacked, stolen or misused.
‘Go digital’ drive brought cyber security to the fore in India
Amid this, Pavan Duggal, the country’s leading cyber law expert, lamented that Indian Cyber law does not have adequate provisions to deal with the growing cyber threats.
“The Information Technology Act, 2000, amended in 2008, still does not comprehensively deal with all relevant issues in the cyber security ecosystem. India not being a signatory to any international treaty on cyber crime complicates the intrinsic ability of the immense law and legal frameworks to provide effective remedies against cyber crimes which are committed from abroad,” Duggal told IANS.
Amid growing digitisation, India must gear up for cyber threats: report
Amid this, Pavan Duggal, the country's leading cyber law expert, lamented that Indian cyber law does not have adequate provisions to deal with the growing cyber threats. "The Information Technology Act, 2000, amended in 2008, still does not comprehensively deal with all relevant issues in the cyber security ecosystem. India not being a signatory to any international treaty on cyber crime complicates the intrinsic ability of the immense law and legal frameworks to provide effective remedies against cyber crimes which are committed from abroad," Duggal said.
http://www.domain-b.com/infotech/ebusiness/20161220_public.html
Lack of strong laws makes ATMs vulnerable to cyber attacks
“The absence of cyber security framework for ATMs is like a dream come true for hackers. For banks, updating the software of ATMs and putting in a place a cyber security framework should be a mandatory provision, not an optional exercise,” says Pavan Duggal, a cyber law expert.
During the past four weeks, cyber crimes related to financial institutions and banks have gone up sharply, says Duggal. “Unless there is a penal consequence, such incidents will keep happening.”
Duggal adds that the country needs a dedicated digital payment law as well as a cyber security framework to prevent such crimes, since the Information Technology Act, 2000 is silent on cyber security.