Thursday, Jan 07, 2021 07:45 [IST]
Last Update: Thursday, Jan 07, 2021 02:12 [IST]
Cashless and online digital payments have become the norm these days. However, the rate at which we have been uploading the internet with our data has gone exponential so painlessly that it takes the shock of a massive online leak for us to sit up and wonder if we have exposed ourselves as sitting ducks for hackers. Last August, news broke of a data heist when Bengaluru-based Juspay, which processes digital payments for the likes of Amazon, Swiggy and MakeMyTrip, admitted a major database breach. This year, the efforts of online sleuths have revealed the extent of it. Credit and debit card transaction details of about 100 million Indians were found being hawked on the dark web, a stealthy part of the internet designed to stay off search-engine radars, and the details on sale suggest Juspay’s hacked servers as their source. Confidential card details of at least 20 million cardholders are reportedly up for grabs, putting them at risk of not just swipe fraud, but other financial swindles as well. As online payments rise, the dark web expands and hackers upgrade their skills, this menace is likely to multiply. Our data urgently needs protection by way of legislation as much as advanced security software systems.
Experts often point out that data leaks are getting more common in India as the country is expanding its digital infrastructure but without proper regulations on cybersecurity. The lack of a privacy protection law is also putting no compulsion on companies operating in the country to protect their user data firmly. It is no exaggeration that the success of India’s digital economy depends on popular perceptions of online data security. If people’s confidence in the ecosystem of e-transactions begins to fall, it would be a setback in a sphere that has won the country global admiration. There are other big threats that lurk online, too. Cyber terrorists, for example, could wreak havoc by breaking into computer systems that control weaponizable objects. While these worries are valid, we must resist the urge to rush a data-protection law through Parliament without wide and deep deliberations on what is the best way to fortify India online. Since data misuse is a global problem, and it is not only about egregious forms of theft, the steps taken by private companies and regulatory regimes elsewhere should be instructive. Apple Inc, for example, has sought to safeguard the privacy of its iPhone users from apps that track them online by putting explicit prior-consent protocols in place for data usage. Too many apps, after all, get us to casually sign our data rights away through the simple device of an ‘agree’ button. The EU, meanwhile, has formulated rules that aim to grant people legal control of their own data.