In 2019, over 40 security threats were found in the Government Audits for National Payment Corps (NPCI), which is one of the biggest payment processors in the country.

The security loopholes ranged from high to critical risk. The Government audit held after February 2019 gave signs of encryption errors at India’s backbone of digital payment sectors. NPCI operates the entire RuPay card network, one of the nation’s biggest digital payment aspects. Loopholes in the encryption are not acceptable from NPCI.

The report by the audits in the month of March gave a brief insight into the security vulnerabilities of NCPI. All the information of the customers starting from the 16-digit card numbers to the account details, everything is stored in plain text without encryption. This makes it vulnerable for security breaches compromising the account information of all the account holders.

Around 25k ATM data was unencrypted

The report gave details of around 25000 ATM data was unencrypted in the database. These pieces of data were also easily visible in plain text over the server logs of NPCI. In addition to that, the operating systems of NPCI were also not up-to-date. Along with it, the organization has solved many such errors by now.

Rajesh Pant is the coordinator at the National Cyber Security. He gave a verdict that the issues found in the security aspects of NCPI last year are now stated as resolved by the authorities. Pant also adds to his statement that these audits are mandatory for all enterprises on periodic intervals to help them look at the security vulnerabilities and fix them.

This audit back in 2019 was to send an overview report to Prime Minister Narendra Modi’s National Security Council about the defense system and strategies of NPCI to deal with cyberattacks. Furthermore, the audit results are a downfall for the flagship payment processor that experiences billion-dollar payment transfers through digital payments, ATM transactions, and fund transfer.

Moreover, the authorities have suggested the financial institutions to improve their defense strategies to ensure customer safety from cyber-attacks. This will eventually suppress the motivation of hackers to get into the system loopholes.

Find the original post here.