« Back to articlePrint this article

Update available: How your digital wallet is becoming safer after demonetization

December 19, 2016 10:43 IST

With the use of e-wallets gaining momentum after the note ban, e-wallet service providers have doubled down on developing new security features in their apps. Sharath Chowdary reports.


IMAGE: Among other things, digital wallet service providers are also conducting system audits, which include evaluation of the hardware structure, operating systems, critical applications, security and controls. Photograph: Shailesh Andrade/Reuters.

Electronic wallets have started offering more features to ensure safety of customers' money and sensitive information. 

MobiKwik has launched an updated M-Pin version, allowing a user to access the wallet even if the mobile phone is lost or stolen, through an alternate, registered number. Wallet services on the old number will be blocked and a one-time password sent to the new number. 

Similarly, Paytm has introduced an app password to protect the wallet if the phone is lost or misplaced. This feature is currently available on Android phones and the company is planning to soon launch this on Apple's iOS platform, too. 

MobiKwik recently added biometric authentication on its iOS app and is working to bring the fingerprint authentication feature on the Android one. "We are going to incorporate one more feature in our app to include an extra layer of security. This will remotely wipe out the entire app against any misuse if the mobile phone is lost," said Rohan Khara, director-products at MobiKwik.

The use of alternate modes of payment, particularly e-wallets has gained momentum with the withdrawal of Rs 500 and Rs 1,000 notes.  

The Reserve Bank of India had advised digital payment companies to have a special check done by empanelled auditors of the government's Indian Computer Emergency Response Team (CERT-In). "We are going to have an internal system audit at our head office in Gurugram (earlier Gurgaon) in the next five to 10 days. Already, we are in talks with a few CERT-In empanelled auditors," said Khara. 

A system audit would include evaluation of the hardware structure, operating systems and critical applications, beside the security and controls.

"From the past three years, we are doing a system audit for various companies. We do both black-box and white-box testing, to cover compliance as per the best security practices specified by RBI," said A S Murthy, principal technical officer of the government's Centre for Development of Advance Computing.

Sharath Chowdary Hyderabad
Source: source image