According to Reuters, a probe by the government of India’s flagship payments processor in 2019 has got hold of more than 40 weaknesses with a large number of them ranging from critical to high-risk levels.
According to the audit, there is a shortage of encryption of personal data at the National Payments Corporation of India (NPCI). It creates a chance of a leak of individual information like their names, account numbers, national identity numbers, and 16-digit card numbers as they are mentioned in “plain text” in some databases which can easily be tampered. Earlier the audit was not submitted.
NPCI stated that the audit was done in the interests of security and senior management reviews all findings, which are then “remediated to (the) satisfaction of the auditors”.
Rajesh Pant, India’s National Cyber Security Coordinator, who’s office got together in the audit, said to Reuters, “all observations raised in last year’s report have been confirmed as resolved by the NPCI”. Pant further added that audits are the best they can do to prevent cyberattacks and are done by the organizations regularly.
The audit’s findings highlights-security challenges faced by the NPCI which processes billions of dollars daily via services that include inter-bank fund transfers, ATM transactions, and digital remittance.
In the NPCI database, there have been a large number of card numbers that have remained encrypted said the March 2019 government document. The database has a network of almost 250,000 ATMs which include the unencrypted RuPay card numbers in them as seen in the organization’s server logs.
NPCI said in its statement to Reuters “No non-conformities have been observed and we are fully compliant to these standards,”