NEW DELHI (Reuters) - A government audit of India’s flagship payments processor last year found more than 40 security vulnerabilities including several it called “critical” and “high” risk, according to an internal government document seen by Reuters.
FILE PHOTO: A shopkeeper swipes a customer's debit card with the logo of RuPay at an electronics goods store in Kolkata, India October 31, 2018. REUTERS/Rupak De Chowdhuri/File Photo
The audit, which took place over four months to February 2019, highlighted a lack of encryption of personal data at the National Payments Corporation of India (NPCI) which forms the backbone of the country’s digital payments system and operates the RuPay card network championed by Prime Minister Narendra Modi.
The March 2019 government document cited the storing of 16-digit card numbers and other personal information such as customer names, account numbers and national identity numbers in “plain text” in some databases, leaving the data unprotected if the system was breached. The audit has not previously been reported.
The NPCI said in a statement to Reuters it is regularly audited in the interests of security and senior management reviews all findings, which are then “remediated to (the) satisfaction of the auditors”. This includes the findings cited by Reuters, it said.
India’s National Cyber Security Coordinator, Rajesh Pant, whose office coordinated the audit, also said in a statement to Reuters that “all observations raised in last year’s report have been confirmed as resolved by the NPCI”.
Pant added audits are best practice for the mitigation of cyberattacks and are conducted on a periodic basis by all enterprises.
The audit was undertaken to provide Modi’s National Security Council with an overview of the NPCI’s defences against cyberattacks. Modi’s office and the finance ministry di ..
Support the originator by clicking the read the rest link below.
