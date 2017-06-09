Close monitoring of digital payments required: Michael Joseph

To mitigate threats more effectively, digital payment companies need to adopt technologies like artificial intelligence, says Fortinet's Michael Joseph.

As the threat landscape keeps getting murkier, Fortinet has announced the findings of its latest Global Threat Landscape Report covering Q4 2016. The number of ransomware attacks have increased by a huge margin. The research reveals that 50 percent of malware exploits in India occurred in the last quarter of 2016. As India moved towards a cashless digital economy in December 2016, the level of threat activity rose to an all time high. Michael Joseph, regional director, System Engineering, India and SAARC of Fortinet, discusses the increase in malware threats post demonetisation, the steps online payment companies need to take to mitigate threats and measures taken by the company to ramp up its operations.

According to Fortinet Global Threat Landscape report, in Q4 2016, nine out of 10 malware were ransomware downloaders in India. Banking and finance sector was targetted 15 times more than any other industry. Do you think demonetisation will further increase malware threats?

Going forward, demonetisation will trigger an increase in malware threats as there has been a volumetric increase in digital transactions. Hackers have a big window of opportunity if end points are not secure. They can even compromise point-of-sale (POS) equipments. When the debit card breach happened in India, several banks-ICICI, HDFC, among others had to recall users' debit cards. Initially, it was suspected that banks were at fault, but then it was found that the payment gateway vendor was compromised. Hackers will keep a constant vigil on the infrastructure through which people carry out digital transactions. If this infrastructure is comprised, the hackers will attack.

There has to be laws and a defined framework around a particular infrastructure through which digital transactions take place. In case, the infrastructure gets compromised, stakeholders need to be made liable. Having said that, the Indian government should look into laws implemented in Europe and USA and see the legal implications of an infrastructure being compromised.

An exponential growth in online transactions post demonetisation has attracted cyber criminals who can potentially target online payment platforms. What kind of steps should online payment companies take to mitigate threats?

Online payment companies need to conduct periodic monitoring, audit and vigil on different kinds of transactions occurring. For instance, if Paytm feels traffic is going to an unknown IP address in China, a red flag can be raised. They need to have a complete visibility of what people are trying to do.

At the same time, payment companies need to take precautions even within the organisation. There could be an application which can be accessed by internal people. There might be people from various departments who have no right to access the infrastructure. Payment companies need to keep a track of the activities happening within their organisation and educate their teams on the latest security threats. Hence, they need artificial intelligence (AI) to mitigate threats.

