Indian banks roll out new biometric payments. But is it secure?
Belatedly coming to grips with the challenge of implementing a “cashless economy” in a society where just 17% of the population owns a smartphone, the Indian government is trying to spur people to go cashless by promoting, alongside private and state banks, a biometric Android payment app to go with the country’s existing national identity e-card platform, Aadhaar.
According to The Economic Times, the Aadhaar Pay app uses a fingerprint scanner to authenticate transactions, and will remove the need for plastic cards and fees by going directly to an online bank. Only the merchant will need a phone (and scanner) at the point of sale, as the customer will just input their information and verify it via fingerprinting.
“People only need to have a bank account and their Aadhaar linked to it,” Dr. Rajiv Lall, CEO of IDFC Bank, told reporters. IDFC, alongside the State Bank of India, are the first financial institutions to roll the system out, with the former doing a trial run of 100 merchants.
A little over a third of bank accounts in India are already connected to Aadhaar. Private companies like PayTM are also planning to spend more to win people over to their systems, while the government is even instituting a $50 million lottery to encourage sign ups.
As Geektime has previously reported, the growth of these payment options in India depends on equipment and training being made available. The companies providing these systems have indeed won many new users in the past few weeks, such as PayTM, but there is a long way to go.
The village of Lanura profiled by The Indian Express is indicative of the problem rural Indians face in the cashless push. Lanura was the first village to be declared “cashless” by authorities in the Indian state of Jammu and Kashmir, but does not actually have enough infrastructure to make that the case.
The Express found that a lack of know-how and infrastructure, including sufficient electricity for the local cell phone tower, means most people are still using cash or bartering. Additionally, the closest ATM is 3 kilometers away, and few of the people who’ve been trained in cashless transactions seem to be aware of the services available to them on mobile. Signal interruptions, and increased demand on the networks as more people download apps, have already soured new users, including PayTM customers unhappy with the company’s response.
This Aadhaar app does, though, address three major stumbling blocks to digitizing transactions in India. First, Aadhaar eliminates the 2-5% fees that usually comes with these exchanges. Secondly, it eliminates the need for an attached credit or debit card. And third, it makes use of universal, government platform via the National Payments Corporation of India that everyone has access to rather than disconnected, competing services.
“For this service to work, a large network of merchants need to get on board,” Vivek Belgavi of PwC told BloombergQuint, and this system will make that doable in ways past efforts haven’t.
Consumer trust is another matter. As The Wall Street Journal notes, some people are not thrilled at the prospect of every transaction producing an e-receipt the government can see, and for others, electronic systems will only reinforce existing divides. (Less affluent women face more hurdles learning to use and access these technologies, for example.)
Across gender and social lines, though, the larger concern is that online systems will be easily compromised due to “poor investments” in cyber security and a lack of public awareness about basic privacy precautions. Beyond these particular problems, even top-of-the-line fingerprint scanners can today be fooled into misreading fakes as the real deal. Technology to counter this is being developed, most notably Vkansee’s pinhole imaging scanners, but there needs to be, as Vkansee told Geektime, integrated identity management.
A scan alone is not enough, even as apps promise passwords and security codes are a thing of the past with biometrics. Other authentication measures add more security without compromising convenience, and data has to be securely stored so it can’t be stolen, something that’s a problem even for big Indian companies with a lot of resources to protect themselves.