NPCI hires cybersecurity consultants to protect systems

MUMBAI: The National Payments Corporation of India, the umbrella organisation for retail payment systems in the country, has hired five cybersecurity consultants including PwC and Lucideus Tech to protect its systems and offerings.

“We have a team of 50 people who are only working on cyber security -they are consistently involved in making our systems resilient to deal with cyber-attacks,” said AP Hota, CEO of NPCI. “We have also hired PwC and Lucideus Tech to conduct regular audits of our systems and processes.”

NPCI is the nodal body for payment systems in the country and operates services such as BHIM (Bharat Interface for Money), United Payment Interface, RuPay, IMPS (immediate payment service) and Aadhaar-Enabled Payment Systems. The need for cybersecurity has increased with the government encouraging the use of these electronic or app-based payment methods to reduce cash transactions.

After almost a dozen banks were hit by cybersecurity attacks over the past year, the NPCI strengthened its systems and increased scrutiny of sources of potential attacks. Its cybersecurity team looks out for fake transactions that are routed through its systems.

“We also conduct ethical hacking once in three months. We engage ethical hackers who try and penetrate our systems and we have not seen them succeeding,“ Hota said.

According to data with the Ministry of Finance, the top 51 banks in India lost Rs 485 crore to cyber-frauds between April 2013 and November and 56% of the money lost was due to net-banking theft and card-cloning incidents. “Pointing out flaws in a particular application is not a very big deal. However, the policies and procedure of correcting the vulnerabilities is far more important,“ said Saket Modi, CEO of Lucideus Tech. “It’s something that most organisations lack in India.”