1. Home
  2. Security risks high in mobile payment systems: study

Security risks high in mobile payment systems: study

[email protected] (DHNS)
April 11, 2017

Bengaluru, Apr 11: Mobile phone-based wallets and payment apps gaining popularity in India are highly vulnerable to breach of confidentiality, according to a study.

mobilepayment
The risk is high in all systems except one, according to the Centre for Software and IT Management at the Indian Institute of Management-Bangalore, which conducted the study.

Led by Prof Rahul De of the centre, the study assessed mobile wallets such as Paytm and Freecharge, apps linking to bank accounts such as BHIM (Bharat Interface for Money) and PhonePe, bank apps for account holders, and USSD (Unstructured Supplementary Service Data), a protocol used by GSM phones to communicate with commuters. It found USSD the least vulnerable. The researchers evaluated the systems using risk management principles enunciated by the Basel Committee on Banking Supervision and the RBI.

Security risks are highest when a user misplaces a phone, allowing access to records of previous transactions, the study concluded. Paytm enjoying access to one-time passwords sent by banks is a potential risk, the study warned.

Observing that Paytm and Freecharge do not log the user out automatically, the study said this leaves room for unauthorised usage. The wallets allow third-party vendors like Uber and Big Basket to deduct money from an account without explicitly seeking the user’s consent, the study said.

The government-launched app BHIM takes up to two minutes to confirm a successful transaction. For a failed transaction, it takes up to 10 hours to notify the user, according to the findings.

“However, even while we were conducting the study, we observed that the features of the apps and services were constantly evolving and changing,” De said in a statement. The evaluation was based on a study conducted between December 16 and January 17.

“It is likely some of the concerns presented in this report have been addressed, and perhaps new concerns have emerged,” he said.

Deepak Abbot, senior vice president, Paytm, responded to the study, saying, “We do not store any confidential data, including SMSes sent by banks, from the user’s device.”

He advised users to activate the app lock feature, and cited enhanced user experience to defend the absence of automatic locking. Paytm allows transactions without OTP only in the case of two companies, Zomato and Uber, and they are “responsible companies”, he said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
December 19,2025

Mangaluru: The Mangaluru CEN police have arrested a 23-year-old man for allegedly posting provocative and misleading content on an Instagram page named “mr_a_titude”, targeting the Bajpe police.

Mangaluru Commissioner of Police Sudheer Kumar Reddy C H identified the arrested as Abhishek M, a resident of Katipalla in Mangaluru.

A case has been registered at the Bajpe Police Station under Sections 353(1)(c), 353(2), 56, and 57 read with Section 189 of the Bharatiya Nyaya Sanhita (BNS) in connection with the post.

According to police, the accused uploaded a photograph of a hotel on the Instagram page and alleged that accused persons in a murder case under the Bajpe police jurisdiction were being given “royal treatment” by the police, including being served beef meals daily from the hotel.

The post further accused the police of supporting criminals, misusing their authority, and betraying public trust. Police said the content was provocative in nature and aimed at inciting public outrage against the police.

Following the post, a case was registered at the Bajpe police station, and further investigation was transferred to the CEN police station.

Police records indicate that the accused has a criminal history, with multiple cases registered against him, including murder, attempt to murder, assault, and robbery at the Surathkal Police Station, and one case at the Kaup Police Station.

The Commissioner said the accused was traced and arrested using technical evidence.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.