“Gartner Listed - mobile application security guide”

March 28, 2017

Secure digital payments vital for cashless India

India is at the turning point of moving towards a cashless economy ever since the introduction of demonetisation by the Indian government in late 2016, now mobile devices and mobile app security testing are a focus of concern in this digital revolution.

As the cashless economy is enabled through mobile devices ensuring the security and integrity of data during digital transactions is a challenge for mobile payment apps. In order to ensure that the data does not get compromised during transactions, security across mobile devices and rigorous mobile app security testing is vital for this concept to survive.

Payment modes commonly used across the country are Unified Payment Interface (UPI), Aadhaar-enabled Payment System (AEPS), Immediate Payment Service (IMPS), and debit and credit cards used at Point-of-Sale terminals. These may symbolize a society that is moving towards digital empowerment, but their success can only be determined by how secure they are in the cyber world.

Many banking apps and mobile wallets do not use hardware-level security for online transactions and security breaches are now a common threat. These threats include phishing, fake accounts, weak device authentication, data stealing, and hacking of servers and backend systems. Cyber experts have warned that there are vulnerabilities on Indian digital payment systems and suggest embedding security features in the software and hardware as a part of the design process rather than as add-ons. A system needs to tokenise, encrypt and authenticate a piece of data before it can be used, in order to protect the detail of its users.

Mobile payment apps are now moving from Single Factor Authentication (SFA) to Multi-factor authentication. Multi-factor or two factor authentication is safer than the former as it adds an extra layer of security to a standard login method. Security is also vital in case of a person’s device being lost or stolen. A third person cannot make a transaction through a lost or stolen phone unless they provide with the same PIN or fingerprint that was entered during the setup process.

The demonetisation drive in India has taken up a fast pace, but the development in safety and security of payments is not at par with these developments, nor is enough being done to ensure mobile app security testing of each release and protection against the fragmentation of Android devices and operating systems. 

Codified Security is here to help make your mobile app secure whether it’s for iOS, Android, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.