BHIM app may be more secure, but 100% security is a myth
- The UPI-based BHIM app was launched by PM Modi just before we stepped into the New Year.
- It soon became a battle between mobile wallets and new payments interface by NPCI.
Within a week of its launch, the BHIM app had begun facing several security concerns. From bugs, freezing pages to spam requests, it was finally deduced that the app was launched in a haste post demonetisation announcement.
Another point of discussion was how the government conveniently kept mobile wallets away from the UPI structure, and it was limited to only banks. That gave a rise to a cold war between BHIM and mobile wallets like Paytm, MobiKwick and others. With online transactions, security remains the prime concern and with BHIM linking your bank account, the reason for security grows by manifold.
Soon an e-security firm claimed that the BHIM app was more secure than mobile wallets. Saket Modi, the CEO of Lucideus said that the app has two main features, unlike services with 200 odd features, and so testing period doesn't necessarily have to be too long, essentially trying to clear the air about a hasty launch.
As we know, UPI interface has been there for a while, But, the banks haven’t been successfully able to get users on the platform. BHIM has now made that possible. “BHIM is only an abstraction layer on top of UPI. The UPI library already existed, he further went on to say. The encryption used by the platform is same as that in Google Wallet and Apple Pay, he added.
“BHIM uses three-factor authentication and hence, is relatively more secure from a consumer point of view. It also combines the convenience of a mobile wallet with the security of net banking,” he told TheHindu.
Also Read: Will BHIM app give Paytm a run for its money? Maybe Not
BHIM app will be tied to your phone number and devices and cannot be used with other phones. Moreover, it cannot be accessed from a phone that doesn't have the SIM. Also, every transaction requires the UPI pin. On contrary, he alleges that e-wallets use one-factor authentication while debit and credit cards use a two-factor authentication.
Now, Paytm is the most widely used mobile wallet. From your local kirana to utility bills, Paytm's strong network has given rise to digital payments. Talking about security, Deepak Abbot, Sr. Vice President at Paytm tells us, "Paytm is PCI DSS compliant company that follows the best security standards in the industry. Every financial transaction on Paytm is securely encrypted with 128-bit encryption SSL security. We have implemented a multi-layer security system to ensure our customers’ data is always protected."
"At Paytm, we have invested heavily in deploying the most secure security solutions for our customers across India. The Paytm App comes with various state-of-the-art security features like password and OTP verification among others to ensure money stored in the Paytm Wallet is safe," he adds.
On security front, there are still several questions such as – are people ready to link their primary bank account to a mobile app? Mobile money has always been there, but from the past, we have learnt that it’s a strong merchant network that is equally responsible for the success of such platforms.
Whether you are batting for BHIM or mobile wallets, in either case, security stays the prime concern. With the rise in digital payments, there would evidently be a rise of cyber criminals on prowl. It is time that digital payment platforms offer stringent security features, and be prepared to address vulnerabilities that may rise with increasing number of people getting onto the platform.
Bipin Preet Singh, Founder & CEO, Mobikwik, another popular mobile wallet tells us, “MobiKwik takes security very seriously & puts it at the center of all user interactions with the platform. Mobikwik is PCI-DSS and ISO27001 Certified, takes care of the various Information Security measures to ensure the security of Application and protect its business from emerging threats and frauds. Users can set up a PIN on Android apps, that will be asked to approve all their transactions and there is fingerprint approval required in iOS app. We are also launching a Pin with which users can access their account through alternate number in case of lost phone.”
So, far the popular digital payments options are net banking, mobile wallets and plastic cards, and now adding the UPI-based BHIM option, among others like PhonePe. However, the growing number of people on digital platforms, would mean malicious minds working at newer ways to dupe them. Cyber crime is on rise, with the biggest banks and firms, facing frau, it is important to have a rugged technology that can handle growing, unexpected vulnerabilities.
"Let's understand that even the largest banks on the planet have been digitally hacked, so there is nothing like 100 per cent security. It's all about managing the risk and minimising it to whatever extent possible. It is clear that the benefits of digital payments far outweigh the risks but, at the same time, such risks have to be continuously monitored and managed," Vidit Baxi, Director (Technology) at Lucideus had earlier told IANS.
Now, equally important is user awareness. While companies try to add security features that they possibly can, customers should be diligent enough not to share their log-in ID, password or OTP with anyone. Moreover, also note that none of these platforms would call up to ask for your personal details.