Sunday, 29 January, 2023

Security Concerns In Digital Transaction

Rudra Prasad Adhikari


Due to the pandemic situation the digital transaction is being extensively used nowadays. It is becoming popular day by day as the customers feels it as a safer, easier and faster means of transaction.
In general, digital transaction means simply a transfer of money through electronic means, and the funds flow directly from one account to another. But in broad sense, it is not limited to fund transfer only but also an online or automated transactions that take place between people and organisations without the use of paper. It involves the transaction of assets using financial technology “Fin-Tech” by various sectors of the economy for the purpose of meeting the increasingly sophisticated demands of the growing tech-savvy users. It promotes the cashless society.
Along with the increasing usage, this seamless technology is being suffered from various security threats. Such threats involve hacking, data breaching, unauthorised and disputed transaction etc. To minimise such threats every firm or the individual should have sound knowledge with its security concerns.
In the last decade, several web and mobile banking applications including digital wallets had been developed to carry out digital transaction in the country. This should be taken as a positive impact of globalisation of IT industry in Nepal. However, challenges are still there to expand the digital transaction services throughout the country and provide cost-effective, efficient and reliable digital transaction services to the people.
Besides, the lack of digital literacy, one of the main factors of people becoming reluctant to digital transaction, is the security concern. People who don’t know about using digital transaction methods, ignores such applications and people who know about using digital transaction methods, are also aware about the security issues. Hence, the security of digital transaction should be taken as serious issue while exploring digital economy in the country.
Most of the start-up business following the payment gateways in Nepal are initialised by the private sectors so that the general people as well as the government enterprises should rely on them. In this context, proper legal provisions should be maintained to address the security of personal data and transaction made with such applications.
As we had observed data breaching problem in some websites, applications and networks such as Foodmandu, Daraz, Vianet etc. few months ago, it seemed that our products are weak in terms of data security. Thus, we must be more alert and adopt stringent security measures to prevent such issues.
For the Banks and Financial Institutions (BFIs), Nepal Rastra Bank (NRB) had promulgated IT policy and IT Guidelines which helps to regularise the IT products launched by BFIs to some extent. NRB also limits the transaction via digital methods so as to minimise the possible risks. In fact, NRB directs to maintain the Core Banking System (CBS) agile and secured on one hand and safeguard the customers’ rights on the other hand.
It is the duty of every enterprise to ensure the security of the digital transaction through their application and make their customers convinced about it. Some of the security measures that can be adopted for the digital transaction are as follows:
System security
An application or a software is secure only if it is accessed by authorised user. To keep a system secure, the developer at time of system development, the moderator at the time of system support and the user at the time of using system, all should be responsible. To protect a system from various kinds of attacks, various countermeasures such as firewalls, encryption, biometrics, password protection mechanism etc. should be adopted.
Network security
A network is secure only if it is under the control of network administrator. To maintain network security, various policies and practices should be adopted which prevent and monitor unauthorised access, misuse, modification, or denial of a network and network-accessible resources. Firewalls, e-mail security, malware protection, network segmentation, access control, application security, behavioral analytics, data loss and intrusion prevention, Virtual Private Network (VPN), web security are the types of network security.
Financial and digital literacy
Financial literacy is the ability to understand and effectively apply various financial skills, including personal financial management, saving, and investing. Similarly, digital literacy refers to an individual's ability to find, evaluate, and compose clear information through writing and other media on various digital platforms. To make secure digital transaction, along with proper financial knowledge, people should have basic knowledge of using computer or mobile applications and networks. So the service providers should launch financial and digital literacy programs simultaneously to make their customers aware about the secure digital transaction.
Legal provisions
Another way of securing digital transaction is to formulate and implement strict acts, laws, rules and regulations regarding digital transaction at national and international levels. By the means of legal provisions, service providers as well as users could be made responsible for secure digital transaction from their side. Since there are no clear acts or laws regarding digital transaction with non-financial institutions, people are facing the troubles of disputed transactions time and again. Legal provisions are also essential for anti-money laundering and combating with financial terrorism.
IS audit
Financial audit is common to enterprises but Information Security (IS) audit is a newer term. It is the process of collecting and evaluating evidence of an enterprise’s information systems, practices, and operations. Obtained evidence evaluation can ensure whether the enterprise's information systems safeguard assets, maintains data integrity, and are operating effectively and efficiently to achieve the organisation's goals or objectives. Also, it checks the activities of enterprise with prevailing legal provisions and thus helps to maintain secure transaction mechanism.
Apart from the above, guidelines and directives from regulating body, effective compliance and grievance handling mechanism by the service providers, awareness programs about possible fraud and its management, preparedness and capacity building campaigns from the stakeholders, punishment and compensation mechanism in case of personal data loss, boycotting the insecure products by the users etc. are other measures to secure the digital transaction.
A highly secure national payment gateway is today’s necessity for which the government is working. The government is moving ahead with the slogan of making ‘Digital Nepal’ which cannot be imagined without the use of digital transaction. And, digital transaction cannot be made popular to individuals and firms while ignoring its security concern.

(The author is an IT professional at Rastriya Banijya Bank)