| How safe Is India’s IT network? | |||||||||||||
| Kushan Mitra | |||||||||||||
| November 13, 2007 | |||||||||||||
| | |||||||||||||
| Prabir Vohra, Senior Vice President, Technology, ICICI Bank, was going through log reports for the bank’s website a few months ago when he noticed something peculiar. It seemed that there had been a deliberate attempt by ‘web terrorists’ to launch a Distributed Denial of Service (DDoS) attack on the bank’s website.
ICICI Bank is hardly the only one vulnerable to cyber-attacks. As the internet economy in India takes off, just about every company is a potential target. Those will include not just the so-called old economy companies, which are moving more and more of their business (including supply chain management) online, but also internet companies. That’s pushing up the quantum of online transactions. There are no reliable figures available yet, but industry executives estimate that online transactions in India have topped the Rs 100-crore-a-day mark.
World Wide Trap Those who are inclined to believe that the damage a network attack can cause is limited, need only consider what happened in Estonia. Perhaps the most wired nation in northern Europe, Estonia ground to a halt in late April and early May this year when sustained attacks on the websites and networks in the small Baltic nation paralysed its websites. Even though Estonia blamed Russia, the massive DDoS attack (see The DDoS Attack: How it Works) came from computers all over, including some from India. It’s not just DDoS attacks that companies should be scared of. Cyber-rogues don’t just like bringing a network down, but they also like stealing stuff—credit card details, for instance. Unlike countries in Europe and the US, where guidelines force companies to reveal the scale of such attacks, India has no such rules. That’s why the only attacks that media and general public get to hear about are ‘defacement’ attacks, where (not the best) hackers break into a webpage and change its content to prove a (usually political) point. But Indian dotcoms have been attacked. Three years ago, a dota halt in late April and early May this year when sustained attacks on the websites and networks in the small Baltic nation paralysed its websites. Even though Estonia blamed Russia, the massive DDoS attack (see The DDoS Attack: How it Works) came from computers all over, including some from India. It’s not just DDoS attacks that companies should be scared of. Cyber-rogues don’t just like bringing a network down, but they also like stealing stuff—credit card details, for instance. Unlike countries in Europe and the US, where guidelines force companies to reveal the scale of such attacks, India has no such rules. That’s why the only attacks that media and general public get to hear about are ‘defacement’ attacks, where (not the best) hackers break into a webpage and change its content to prove a (usually political) point. But Indian dotcoms have been attacked. Three years ago, a dotcom CEO was horrified to learn that a server had been broken into, and even though it stored no user data and was instead being used to send spam. The security policy was subsequently dramatically altered. “We have a full-time security team that now monitors logs and access on a real-time basis,” says the CEO, who requested that he not be named. Rajat Mohanty of Paladion, a managed security solutions company, talks about ‘a large’ e-commerce portal in India that was hacked into “a couple of years ago.” But in this case, the hackers did something completely different. “They loaded the home-page with ‘trojans’, which stealthily loaded themselves onto the computer of the visitors,” says Mohanty. What is scary, according to Mohanty, is when e-commerce sites are set up, they get so involved in setting up the site navigation and product offering that security often takes a back seat.
The risk, according to Vishal Dhupar, MD, Symantec India, an IT security solutions provider, is greatest not for large enterprises, but for smaller companies. “Large companies have the technical knowhow and resources to spend on security solutions, with smaller companies the risk is that their security measures are often reactive rather than proactive.” He also cites a Confederation of Indian Industry (CII) report from 2005 which points out that 38 per cent of companies (in the sample) did not have a security policy. But there is no doubt that Indian companies are spending more on security. “In 2001, IT security took up maybe 4 per cent of a company’s IT budget, today, I would estimate that number at 15-20 per cent,” says Mohanty. However, more money spent, does not always mean better security. Conflicting security systems could possibly leave holes in the boundary walls of a company’s IT system (See How to Protect Your Network). Yet, at the government level, Indian network managers sound fairly confident. “I would believe given the amount of information that resides in India today, our networks are fairly secure. That is not to say that we should get complacent, and as the amount of information we put online increases, we will need to increase network security,” says Gulshan Rai, Director, Computer Emergency Response Team-India (CERT-In). Estonia learnt that the hard way. India needn’t. (source: http://businesstoday.digitaltoday.in/index.php?option=com_content&task=view&id=2483&issueid=20) | |||||||||||||
Sunday, February 10, 2008
How safe Is India’s IT network?
Banking on Your Handset
Banking on your handset
Anand Adhikari
January 7, 2008
Imagine a scene at a jam-packed restaurant in New Delhi’s Connaught Place. A waiter leaves behind a bill copy on a corner table where a couple has just finished its desserts. One of the guests whips out a pen and writes a 10-digit mobile number on the bill and hands it over to waiter. In a few seconds, his mobile beeps, indicating the receipt of an SMS. A payment request from the merchant (restaurant) flashes on his mobile screen. He immediately confirms the payment by entering the secured encrypted PIN on his mobile. The bill is settled within seconds and the couple leaves the restaurant.
In Mumbai’s outer limit, a long line of vehicles is waiting to pass through a toll gate. A driver punches the number of his car on his mobile and flashes the handset before a mobile reader at the checkpoint. He instantly gets a payment receipt on his mobile for the toll tax. The toll gate opens and he drives away without any physical payment or receipt.
Surprised? Don’t be; this is already a reality in countries like South Korea and Japan where people regularly use mobile phones for even complex transactions like share trading, withdrawing money from ATMs and making payments at local stores. But mobile banking is still in its infancy in India, and technology companies are working overtime to bring your bank closer to your fingertips on a secure anytime-anywhere basis.
A Large Field
In India, dozens of homegrown technology companies (many are start-ups operating from Bangalore; Sam Pitroda’s C-Sam is one such) are undergoing rigorous test piloting with the who’s-who of the Indian banking industry. “The mobile has the potential to rewrite the rules of banking,” says Dewang Neralla, Director (Technology), Financial Technologies India (FTIL), which owns the Multi Commodity Exchange (MCX) of India. The mission clearly is to make your pocket a bit lighter—and here, we’re talking weight—by mounting all your credit and debit cards and cash onto your hand-held device.
The Indian banking sector is taking baby steps into this emerging arena by offering non-transactional banking on the mobile phone through SMSes—like salary receipts, details of last five transactions, stop payment requests, etc. Many banks are also test piloting mobile banking on the SMS platform for very lowticket transactions and closed funds transfers (between registered parties) to familiarise themselves with the new technology.
The two biggest banks, the public sector State Bank of India (SBI) and the private sector ICICI Bank, are working closely with mCheck, a Bangalore-based company set up by Silicon Valley veteran Sanjay Swamy. mCheck already has a product through which Airtel customers holding a Visa Card or MasterCard can make payments on select e-combtmerce portals (like yatra.com) through SMSes.
The south-based Corporation Bank is test piloting a similar scheme with PayMate, another technology company working in this space. Today, Corporation Bank’s credit and debit card holders can transact business on more than 2,500 online portals through their mobile phones. The company is currently in talks with other banks to expand the scope of this product. And Axis Bank has roped in FTIL, which has developed ATOM technology, to make mobile commerce possible.
The banks are guarded about their plans in this space, but technology companies are more forthcoming on the subject. mCheck, for example, recently announced a pilot project that allows clients of a leading brokerage house to respond to margin calls and even enhance their credit limits by just clicking on their mobiles.
Says Jagdish Mitra, CEO, CanvasM, a joint venture between Motorola and Tech Mahindra: “CanvasM is working on Near Field Communication (NFC) technology for the future and is also developing banking solutions based on SMSes or Unstructured Supplementary Service Data platform (USSD) for the medium term.” The USSD platform is fast emerging as a potentially “hot” technology for powering mobile banking.
Security remains an issue
Mobile banking can go mass market, but what’s worrying bankers are the cost and the security issues. “It’s a trade-off between cost and security,” says a banker on condition of anonymity. Instances of online fraud are well documented. “The SMS is a convenient tool, but it is not secure,” says Sai Narain, Head, Transaction Banking & Strategic Initiatives, Standard Chartered Bank. Ajay Adiseshann, Founder and Managing Director, PayMate, however, argues that the SMS model is best suited for a country like India. As proof, he points out that the credit card industry in the country has a penetration of only 300,000 points of sale (POS). “But they will need fresh infrastructure, like phone readers or scanners, at merchant establishment,” he adds.
But the biggest drawback of the SMS model remains security as messages are not encrypted. “Banks are naturally more comfortable with an application-based model where the message is encrypted end-to-end,” says Vijay Ramchandran, Marketing Director, Citibank India. Market experts feel the SMS-based model may work well for small value transactions of less than Rs 500.
Uniform standards needed
Another problem area is regulation. The Reserve Bank of India doesn’t allow any money transactions outside the banking channel, which is why all the credit card issuers are banks. Mint Street’s biggest worry is the safety of transactions, though it is quite receptive to using mobile phones as a payment device.
Says Narain of StanChart: “There are no common hardware and software standards across handset models. And there is a need to build a secondary security system around these.”
Today, a wide range of mobile handsets are available in India under the GSM and CDMA technology platforms. In order to address this complexity, banks are vigorously test piloting all the available technologies to address issues like the massive volumes of cheap, entry-level handsets (that will not support many of the technologies required for mobile banking), multiple languages and also the security aspect for high net worth clients (See: How M-Banking Works).
Globally, the big mobile operators and handset manufacturers are working on newer technologies like NFC, which allows transactions to be carried out by simply touching the mobile handset to a point of sale terminal or a card reader without the hassles of sending SMSes or running an application or loading a chip. Other technology companies are working on a pure voice recognition model to enable money transactions through the mobile network.
Sankalp Saxena, Founder & CEO, Moveo Systems, a Bangalore-headquartered start-up working on next generation mobile solutions, says: “The lack of standards in the mobile e-commerce space will make financial transactions through mobile devices vulnerable to hacking.” Then, liability in case of fraud is a grey area legally. For example, there is no law to define the liabilities of the subscriber, operator, technology provider and bank.
Massive market
Though many issues are still undecided, cut-throat competition and the fear of losing customers are forcing banks to formulate mobile banking strategies even before the door is fully open.
The reason is simple: today, more than 200 million Indians use mobile phones compared to 20 million who have access to computer, and the population of mobile users is now expected to grow at 25-30 per cent.
In addition, India’s demographic profile—more than half the population is under 35 years old—is ideally suited for a mobile-based payments system, rather than a PC-based one. “Younger people are more receptive to new age technologies and applications,” says Mitra of CanvasM.
Then, mobiles banking can help banks reach out to unbanked areas and meet RBI’s financial inclusiveness objectives. “Mobiles have reached places where banks are still to touch base,” says a banker.
But can India, with a population of 1.1 billion, replicate the successes of small countries like South Korea and Japan? “The biggest difference between India and those markets is in the hardware used and the acceptability of GPRS technology,” says Narain of StanChart. In India, low-end phones still make up an overwhelmingly large chunk of market share and penetration of GPRS is still very low. “If you offer a high security mobile banking platform, the system may not attract the masses; and if you build a low-cost SMS model, the security issue will keep customers away,” a banker points out.
Besides, unlike Japan and South Korea, any mobile banking system in India has to support a diverse set of local languages and scripts. “This increases the complexity of the solution for India,” says Saxena of Moveo Systems. But Swamy of mCheck argues that the payment mechanism in a mobile is not rocket science. “It’s as simple as operating a mobile,” he argues.
The debate will carry on and the jury is still out, but it is fairly certain that given the market size and the potential, mobile banking will soon become as ubiquitous as the mobile phone itself.
(source:http://businesstoday.digitaltoday.in/index.php?option=com_content&task=view&id=3168&issueid=20)
Anand Adhikari
January 7, 2008
Imagine a scene at a jam-packed restaurant in New Delhi’s Connaught Place. A waiter leaves behind a bill copy on a corner table where a couple has just finished its desserts. One of the guests whips out a pen and writes a 10-digit mobile number on the bill and hands it over to waiter. In a few seconds, his mobile beeps, indicating the receipt of an SMS. A payment request from the merchant (restaurant) flashes on his mobile screen. He immediately confirms the payment by entering the secured encrypted PIN on his mobile. The bill is settled within seconds and the couple leaves the restaurant.
In Mumbai’s outer limit, a long line of vehicles is waiting to pass through a toll gate. A driver punches the number of his car on his mobile and flashes the handset before a mobile reader at the checkpoint. He instantly gets a payment receipt on his mobile for the toll tax. The toll gate opens and he drives away without any physical payment or receipt.
Surprised? Don’t be; this is already a reality in countries like South Korea and Japan where people regularly use mobile phones for even complex transactions like share trading, withdrawing money from ATMs and making payments at local stores. But mobile banking is still in its infancy in India, and technology companies are working overtime to bring your bank closer to your fingertips on a secure anytime-anywhere basis.
A Large Field
In India, dozens of homegrown technology companies (many are start-ups operating from Bangalore; Sam Pitroda’s C-Sam is one such) are undergoing rigorous test piloting with the who’s-who of the Indian banking industry. “The mobile has the potential to rewrite the rules of banking,” says Dewang Neralla, Director (Technology), Financial Technologies India (FTIL), which owns the Multi Commodity Exchange (MCX) of India. The mission clearly is to make your pocket a bit lighter—and here, we’re talking weight—by mounting all your credit and debit cards and cash onto your hand-held device.
The Indian banking sector is taking baby steps into this emerging arena by offering non-transactional banking on the mobile phone through SMSes—like salary receipts, details of last five transactions, stop payment requests, etc. Many banks are also test piloting mobile banking on the SMS platform for very lowticket transactions and closed funds transfers (between registered parties) to familiarise themselves with the new technology.
The two biggest banks, the public sector State Bank of India (SBI) and the private sector ICICI Bank, are working closely with mCheck, a Bangalore-based company set up by Silicon Valley veteran Sanjay Swamy. mCheck already has a product through which Airtel customers holding a Visa Card or MasterCard can make payments on select e-combtmerce portals (like yatra.com) through SMSes.
The south-based Corporation Bank is test piloting a similar scheme with PayMate, another technology company working in this space. Today, Corporation Bank’s credit and debit card holders can transact business on more than 2,500 online portals through their mobile phones. The company is currently in talks with other banks to expand the scope of this product. And Axis Bank has roped in FTIL, which has developed ATOM technology, to make mobile commerce possible.
The banks are guarded about their plans in this space, but technology companies are more forthcoming on the subject. mCheck, for example, recently announced a pilot project that allows clients of a leading brokerage house to respond to margin calls and even enhance their credit limits by just clicking on their mobiles.
Says Jagdish Mitra, CEO, CanvasM, a joint venture between Motorola and Tech Mahindra: “CanvasM is working on Near Field Communication (NFC) technology for the future and is also developing banking solutions based on SMSes or Unstructured Supplementary Service Data platform (USSD) for the medium term.” The USSD platform is fast emerging as a potentially “hot” technology for powering mobile banking.
Security remains an issue
Mobile banking can go mass market, but what’s worrying bankers are the cost and the security issues. “It’s a trade-off between cost and security,” says a banker on condition of anonymity. Instances of online fraud are well documented. “The SMS is a convenient tool, but it is not secure,” says Sai Narain, Head, Transaction Banking & Strategic Initiatives, Standard Chartered Bank. Ajay Adiseshann, Founder and Managing Director, PayMate, however, argues that the SMS model is best suited for a country like India. As proof, he points out that the credit card industry in the country has a penetration of only 300,000 points of sale (POS). “But they will need fresh infrastructure, like phone readers or scanners, at merchant establishment,” he adds.
But the biggest drawback of the SMS model remains security as messages are not encrypted. “Banks are naturally more comfortable with an application-based model where the message is encrypted end-to-end,” says Vijay Ramchandran, Marketing Director, Citibank India. Market experts feel the SMS-based model may work well for small value transactions of less than Rs 500.
Uniform standards needed
Another problem area is regulation. The Reserve Bank of India doesn’t allow any money transactions outside the banking channel, which is why all the credit card issuers are banks. Mint Street’s biggest worry is the safety of transactions, though it is quite receptive to using mobile phones as a payment device.
Says Narain of StanChart: “There are no common hardware and software standards across handset models. And there is a need to build a secondary security system around these.”
Today, a wide range of mobile handsets are available in India under the GSM and CDMA technology platforms. In order to address this complexity, banks are vigorously test piloting all the available technologies to address issues like the massive volumes of cheap, entry-level handsets (that will not support many of the technologies required for mobile banking), multiple languages and also the security aspect for high net worth clients (See: How M-Banking Works).
Globally, the big mobile operators and handset manufacturers are working on newer technologies like NFC, which allows transactions to be carried out by simply touching the mobile handset to a point of sale terminal or a card reader without the hassles of sending SMSes or running an application or loading a chip. Other technology companies are working on a pure voice recognition model to enable money transactions through the mobile network.
Sankalp Saxena, Founder & CEO, Moveo Systems, a Bangalore-headquartered start-up working on next generation mobile solutions, says: “The lack of standards in the mobile e-commerce space will make financial transactions through mobile devices vulnerable to hacking.” Then, liability in case of fraud is a grey area legally. For example, there is no law to define the liabilities of the subscriber, operator, technology provider and bank.
Massive market
Though many issues are still undecided, cut-throat competition and the fear of losing customers are forcing banks to formulate mobile banking strategies even before the door is fully open.
The reason is simple: today, more than 200 million Indians use mobile phones compared to 20 million who have access to computer, and the population of mobile users is now expected to grow at 25-30 per cent.
In addition, India’s demographic profile—more than half the population is under 35 years old—is ideally suited for a mobile-based payments system, rather than a PC-based one. “Younger people are more receptive to new age technologies and applications,” says Mitra of CanvasM.
Then, mobiles banking can help banks reach out to unbanked areas and meet RBI’s financial inclusiveness objectives. “Mobiles have reached places where banks are still to touch base,” says a banker.
But can India, with a population of 1.1 billion, replicate the successes of small countries like South Korea and Japan? “The biggest difference between India and those markets is in the hardware used and the acceptability of GPRS technology,” says Narain of StanChart. In India, low-end phones still make up an overwhelmingly large chunk of market share and penetration of GPRS is still very low. “If you offer a high security mobile banking platform, the system may not attract the masses; and if you build a low-cost SMS model, the security issue will keep customers away,” a banker points out.
Besides, unlike Japan and South Korea, any mobile banking system in India has to support a diverse set of local languages and scripts. “This increases the complexity of the solution for India,” says Saxena of Moveo Systems. But Swamy of mCheck argues that the payment mechanism in a mobile is not rocket science. “It’s as simple as operating a mobile,” he argues.
The debate will carry on and the jury is still out, but it is fairly certain that given the market size and the potential, mobile banking will soon become as ubiquitous as the mobile phone itself.
(source:http://businesstoday.digitaltoday.in/index.php?option=com_content&task=view&id=3168&issueid=20)
Subscribe to:
Comments (Atom)