The FinTech industry is a relatively new space in India but it is something that is taking banking and allied services to a new level. Not just banks, but a lot of companies operating in insurance, asset management and payments are introducing new technology to empower their users to do more.
According to a report by the National Association of Software and Services Companies (NASSCOM), India has a presence of around 400 companies in the Fintech space. The NASSCOM report also estimated the Fintech software and services market to grow 1.7 times by 2020, making it worth $8 billion.
Right from the day of assuming office, Prime Minister Narendra Modi was determined to make India a digital powerhouse. Starting with the launch of MyGov.in portal, many other initiatives followed like the Digital India week which aims at imparting knowledge to people and to empower themselves through the Digital India Program of Government of India. The Reserve Bank of India (RBI) and the National Payments Commission of India (NPCI) have recently launched a Unified Payment Interface (UPI) that allows movement of money between different banks without having the account details of the receiver, by using identifiers like phone number and email ID.
Recently, another app joined the list, called BHIM or Bharat Interface for Money app. Businesses and citizens of India now have the power to use mobile phone numbers as payment addresses, making payments and movement of money much easier to perform and track.
The estimated growth of Digital India in the next couple of years is mammoth. However, while this is a great opportunity in hand, it also widens the attack surface area for hackers. In fact, Prime Minister Narendra Modi made an affirmative stance on cyber security stating that “As our economy and our lives get more wired, we are also giving the highest importance to data privacy and security, intellectual property rights and cyber security.” The Digital India initiative also includes cyber security and the government under Prime Minister Narendra Modi will “set up cyber security coordination centre at national level in a big way,” to counter the threat posed by malware or hacking, according to Union law and IT minister Ravi Shankar Prasad.
The cyber security landscape is complex and often requires specialists in niche areas of digital security to cover the whole nine yards. In the streets of Indiranagar, Bangalore is one such company, Appknox, with a specialty of securing mobile apps not just in India but across the globe.
Appknox currently works with over a hundred businesses around the world across multiple verticals like Banking, Finance, E-commerce, Retail, and Healthcare to name a few. Among some of their notable works is the 35+ UPI-based apps that is currently being secured by Appknox. With special expertise in the Fintech space, the Government of India has also trusted the security of the BHIM mobile app in the hands of Appknox.
Talking about their experience with Appknox, Bharat Panchal, Head of Risk Management NPCI, stated, “Appknox has been a crucial partner with us to ensure utmost security of our UPI-based application. We have had good early detection of vulnerabilities with the help of very energetic and brilliant security professionals.”
Harshit Agarwal, CEO of Appknox, further added to that by saying: “We are grateful to be part of this ongoing digital revolution in our country. It’s great that security of individuals is being given utmost priority along with development. The NPCI team has been very cooperative and has fixed each issue reported by our team in a very short span of time.”
Over the last couple of months, Appknox has analyzed the UPI based apps and has detected over 100 critical threats and also helped neutralize them. Some of the issues that were found in a majority of the apps were weak login systems allowing a hacker to bypass it and get access to the account, weak OTP protection allowing login. Another issue that was highlighted was getting access to all the security questions and answers by having just the virtual address and phone number of the account holder. Appknox and NPCI both mentioned that they have addressed all these issues.
Sunil Kumar, VP of Engineering at Chillr, an instant money transfer app launched by HDFC Bank said, “Being a team which keeps security & privacy of the users at its core, our association with Appknox has helped us a great deal. They have a very proficient & knowledgeable team who are extremely supportive with quick turnaround times. It’s been a pleasure working in tandem with them to figure out how do we make our applications better and even more safe. Overall, we must say we are extremely happy.”
Appknox has been in the news before for highlighting a major security issue in the Ola app where they could load the Ola wallet with free money and take rides for free. They also hacked one of the food delivery startups finding a fault in their payment system by which they could order unlimited food for just Rs 1. Appknox is also working with banks where they have detected and resolved issues which could obtain transaction and personal details of any customer with just the account number. They’ve been able to bypass the OTP of many applications which let them overtake the account completely. The following vulnerabilities mentioned are only the cherry on the whole cake, There’s a whole array of potential threats that can be misused to completely destroy not just businesses but also private information of individuals as well.
As mentioned earlier, the cyber security ecosystem is a complex one and with the rise of Fintech companies globally and especially in India, the need for security has become a complete necessity as opposed to a luxury.
Companies like Appknox have found their sweet spot in mobile security and are gearing to clear the pathway for a safer and more secure Digital India. Appknox understands that security is a collective effort. Appknox has partnered with global partners like Sanwa, Straits Interactive, Kuliza, TeskaLabs and more to ensure a coalition force that is impenetrable. Appknox continues to build strategic partnership to ensure that the whole nine yards of the mobile ecosystem is completely secured.
Appknox is a cloud-based mobile security solution that helps businesses and developers discover and resolve security vulnerabilities, in a matter of minutes. Appknox is supported by Microsoft Accelerator and JFDI Asia and has raised a Pre-Series A round led by Seedplus, Singapore. Appknox is founded by Harshit Agarwal, Subho Halder and Prateek Panda.
National Payments Corporation of India (NPCI) is the umbrella organisation for all retail payment systems in India, which aims to allow all Indian citizens to have unrestricted access to e-payment services.