Payment companies should open up about breach allegations, says NPCI CISO

Antony Prakash, chief information security officer at the National Payments Corporation of India brings to light the biggest security challenges faced by Indian fintech firms today and what CISOs can learn from the recent reports of data breaches at JusPay and MobiKwik.

India, mapped on a dark globe.
1Xpert / Getty Images

Digital transactions in India grew by 37% over the last year, according to Statista Research. The growth is drawing private equity and venture capital firms to the digital payment space: fintech companies raked in 14% of all VC investments in the country, the Indian Private Equity & Venture Capital Association says.

Cybercriminals too have been drawn to the digital payments space, leading to some high-profile data breaches. In January 2021, Juspay was hit with a massive security incident: close to 35 million customer accounts with masked card data and card fingerprints were breached. Three months later, 3.5 million customer accounts of digital payments major MobiKwik reportedly went up for sale on the dark web, although the company continues to deny its systems were breached.

Given the criticality of digital payments security, CSO Online sought the views of Antony Prakash, chief information security officer of National Payments Corporation of India (NPCI) to get a read on the current threat landscape, the biggest challenges faced by CISOs today, and what they can do to avoid the being the subject of the next wave of data breach news stories.

CSO Online: What are your thoughts on the current threat landscape in the digital payment ecosystem in India?

Anthony Prakash: The current threat landscape has evolved rapidly over the last year. There has been an abrupt change in the way organizations operate, which has resulted in the need to adapt and mobilize the workforce to adjust to the unprecedented situation.

To continue reading this article register now

8 pitfalls that undermine security program success