Header image alt text


Building a Responsible Cyber Society…Since 1998

Many of the journalists interviewing prospective investors in US have been suggesting that investor’s are concerned about the laws in India some of which are archaic (eg labour and land laws) and some are whimsical (retrospective taxation). Investors are also concerned with the lack of business oriented Governance.

As a solution to these concerns I suggested the creation of one new law providing for setting up of “International City Zone” . I am not advocating here a real estate project with high rise buildings etc though they could also be a part of the scheme. What I am advocating is creating a new City which is Governed by the investors themselves with whatever laws are necessary to make the city a self sufficient economic entity. The city will make its own labour laws, tax laws etc with the sole objective of promoting business in this zone from which goods and services can be exported both to other parts of India and abroad. It will be a free trade zone with ability to source inputs from the globe.

The scheme would only mandate payment of a certain percentage of revenue turnover to India as royalty. Some other aspects have already been outlined in the previous article. Other issues can be discussed and sorted out.

I hope the suggestions would be given a due consideration.


Will RuPay challenge VISA/Master and be a Global Brand?

Posted by Vijayashankar Na on September 27, 2014
Posted in Cyber Law  | No Comments yet, please leave one

The JanDhan Yojana recently launched by the Modi Government has created an unexpected shakeup in the card markets at least in the Indian geographical boundaries. Under the scheme which is mainly intended to bring a large population of low income Government scheme beneficiaries into the Banking network, around 5 crore new Bank accounts are reported to have already been opened in the last month or so.

All these account holders will be provided with a “RuPay” debit card by the participating Banks. These cards will be cleared through the payment gateway created by the National Payment Corporation of India (www.npci.org). Promoted by a consortium of Indian Banks with the blessings of RBI,  will be issued by most of the Indian Banks and could grow in numbers in the coming days.

Rupay will approximately charge Rs 15 per card as processing fee to a single bank against Rs 25 of the other providers, a 40% reduction in service cost for Rupay compared with other providers. Hence it is expected that Rupay may reduce the card processing charges incurred by the Banks had they used VISA?Master debit cards for the same purpose.

Refer article in FE

According to one estimate, about 2.5 million new cards will be issued each month in the near future under the JanDhan yojana itself. These cards will be associated with an overdraft of Rs 5000/- and accident insurance benefits. In view of the huge numbers involved there is a speculation that the RuPay cards may give tough competition to Visa/Master cards.

However, it is expected that RuPay cards will be initially  used by the beneficiaries mainly to draw money out of ATMs. Gradually it may be used as a direct payment instrument just like other credit/debit cards at the merchant establishments. Most such establishments could be in the network used by the intended beneficiaries of Government schemes such as stores selling farm inputs in villages etc.

It should however be recognized that any business that starts with such a huge business foundation under the patronage of the Government has the potential to challenge the established players.

However the card usage at the merchant level is unlikely to grow at the same pace as the issue since there is lot of marketing efforts and logistics involved in promoting such a card usage by merchant establishments which NPCI may not be capable of.

Hence the RuPay Cards represent a challenge typical to India where there could be a huge potential in a public sector venture but which does not get converted into a profitable business model. The examples of the Railways, BSNL, etc are similar cases to take note of.

Mr Modi has however been credited with the ability to turn Public sector potential into commercial successes and RuPay Cards present one such opportunity.

It is possible that “RuPay” as a brand if not properly handled would be considered a “Low Income Group” brand and be a drag in commercial terms. Hence ensuring that a proper brand image is built around “RuPay” if it has to be a success in a commercially lucrative market”.

I wish NPCI recognizes the great  potential of RuPay Cards to be a challenger for Visa/Masters and develops a suitable strategy to harness the brand to be a real challenge to Visa/Masters.

This would require NPCI to  promote the RuPay cards for use by general public other than  Government scheme beneficiaries.  In this context the “RuPay” Payment gateway service has to challenge the Visa/masters rather than the cards themselves.

NPCI  should therefore promote RuPay payment gateway separately. It can also allow issue of RuPay premium cards for the general public.

Probably NPCI needs professional planning in this direction to harness “RuPay” as a global brand. A good public private partnership  would be essential for this purpose.

Also see article in letstalkpayments.com

Also see article in flame.org.in


Prepaid Bitcoin Card launched in Brazil

Posted by Vijayashankar Na on September 27, 2014
Posted in Cyber Law  | No Comments yet, please leave one

While RBI still struggles to decide whether it has to fight, ignore or support Bitcoins, world wide Bitcoin continues to make progress.

One of the recent developments that looks interesting is the launch of the “Coincard” as a prepaid card which can be loaded with bitcoins. This card which was intended to exploit the last FIFA crowd in Brazil combined the need to create a mobile Bitcoin store with an exchange.

Refer Here

COINCARD was launched by Bitinvest, a Bitcoin exchange and available  for delivery internationally and can be used wherever use of Bitcoins is permissible under the regulations.

Bitcoin users in India are however warned that in India it may be risky to use Bitcoins unless the Bitcoins are mined in India.


In developing the economy of a nation we often discuss about what incentives we need to give to investors to invest. India is now in the search for such global investments in its quest to promote the “Make In India” campaign with an aim of making India Import free by 2020.

The main impediments in such a quest is the lack of infrastructural facilities and hence one approach is to provide incentives to develop basic infrastructure such as power, water, communication and transportation. I am sure that Modi Government will pursue this approach. The US $35 billion from Japan, a possible US$20 billion from China and perhaps some thing more from USA, UK, Germany, France and Australia in the coming days can help in this direction.

However, one of the biggest hurdles in such cases is the legal impediments that prevent development. It may be in the form of Tax laws or real estate laws or human right laws etc. Yes, Modi Government is also working on making changes in these individual laws to make “Doing Business With India” easy.

But changing existing laws is a time-consuming affair and will involve the cooperation of the political parties in the opposition who would bring as many hurdles as possible in making the task of this Government difficult.

A thought that strikes me in this context is instead of making changes to our law to make our country an investment destination acceptable to global business, why can’t we make one single law to create a “Zone” where “Universally acceptable International laws” apply rather than the current laws except to ensure that India will have a royalty on the revenues generated in the zone as a part of the revenue share. For the sake of a better expression let’s call this an “International City Zone”. (ICZ) Some principles of the SEZ laws can help us understand what we need to do to make doing business in this zone easy.

This is only an initial thought and I donot have a complete solution as yet in mind. But in simple terms what I have in mind is to expand the SEZ concept and say that the ICZ will be developed as a self-contained city unit with a local administration which will make its own laws and will be free from the laws applicable to other Indian geographies except Defense  and subject to the revenue sharing arrangement.

This ICZ will therefore not be bogged down by our socialistic principles such as “Reservations on the basis of caste, religion or gender” and will be free to make laws that are good for increasing the GDP of the ICZ. It will not be bogged down by the language issues such as Hindi Vs English Vs Kannada etc. It can set up manufacturing facilities, can import resources and manpower from anywhere in the world. If resources from India are cheaper and of the required quality, it is expected that imports will happen from within India but outside of the ICZ.

The ICZ will have its own currency. Hopefully RBI will promote a Virtual Currency exclusively for this zone which can be made mandatory for recording the transactions but would be freely convertible. Use of a Virtual Currency is recommended since it can provide the best accountability since we can track every transaction and unit of currency used. RBI can be the sole mint for such currency and at its choice can outsource mining to other Indian entities outside the zone to provide the supply. Other than a source of minting of the virtual currency, rest of the financial regulation within the ICZ can be handled by a regulator within the ICZ.

The local administration will be representative of the investors for the ICZ. India will be having a share in the venture both because of the investment in land as well as some thing similar to “Sweat Equity”. In return it will have a proportionate representation. Others will have representation in proportion of their investments in the project. For example, let’s say that we start with an ICZ whose land is valued at US$10 billion. Of this 10% may be considered as core equity eligible for royalty purpose. 100% management would be with India. Then a conglomerate of US companies invest US$ 1 billion. The equity distribution then will be 10% as royalty and of the balance 90% equity, India will have 90% and the US Conglomeration will have 10%. The total distribution would be 91% for India and 9% for the US Conglomerate. In the management the same distribution would be maintained with 91% of the board of governance from India and 9% from the US Conglomerate.  Each subsequent investment will further reduce the Indian holding and it may become a minority in due course.

It should be open to the Government to however dilute its management control straight away and accept less than the eligible number of directors in the board of Governance and accommodate a minimum representation from countries of its choice for the purpose of attracting investments.

The size of the board of Governance may be determined by a constitution and may provide for expansion keeping the value of the ICZ as one of the parameters for decision. It will be like a “Cabinet” of ministers with a need to address different portfolios and experts can be drawn from across the world.

Law and Order within the Zone would be the responsibility of the Board of Governance. Defense of the territory would be the responsibility of the Indian Government.

The essence of the ICZ City would be that it would be created from a zero base. no legacy legal hurdles, with the best of administrative talent from across the globe with the sole objective that this micro economy will focus on “Governance for Building Wealth For the ICZ City”.

I invite comments.


Cyber War Risk with China is evident

Posted by Vijayashankar Na on September 23, 2014
Posted in Cyber Crime  | No Comments yet, please leave one

Despite the recent visit of the Chinese premier to India and the pledging of the possible investment of US$20 billion, the utterances of the Chinese prime minister after his return to China asking his troops to be ready for a “Regional War” is a matter to be taken note of.

China has always been an unreliable nation and cannot be trusted for business relations. China is the leader in Cyber Warfare and using their technologies for our bullet trains and smart cities is an open invitation to disaster if and when there is a cyber war between India and China.

It is good for Mr Modi to keep China at arms length in the field of technology and ensure that India tries to develop its capabilities in the technology era with the assistance of Japan and USA.

Indian companies doing business with China should also be careful not to transfer any critical technology to China in the long term interest of our country.


First Steps in Cyber Crime Insurance

Posted by Vijayashankar Na on September 23, 2014
Posted in Cyber CrimeITA 2008  | No Comments yet, please leave one

Recently interest on Cyber Crime Insurance has been on the rise in India. According to a recent report in Business Standard, the premia for such policies is around o.5% to 1.5%.

It is important for the insured to however consider what are the exclusions in the policy and there is clarity on the valuations of the insurable assets at the time of purchase and the valuation of claims.

According to the above BS report “distribution of unsolicited email”, “wire tapping”, “eavesdropping”, “fraudulent acts”, “failure to maintain standard computer security” are some of the major exclusions.

Out of the above exclusions, the failure to maintain standard computer security is understandable. However, what is “Standard computer Security” is debatable.

Also it is not understandable how “eavesdropping”, “Fraudulent acts” etc can be excluded. If these are true, insurance companies must be considering more of “Loss due to technical failures” rather than “Loss arising out of Cyber Crimes”.

Technical failures may lead to loss of data. However in most of the cases where a claim is to be preferred there will always be a human hand, malicious or otherwise. Hence “Fraud” cannot be eliminated from the risks. Hence if “Frauds” are excluded, there is insufficient coverage. Also if the coverage does not cover “Liabilities” arising out of the security breach, it is not beneficial to the insured.

The question of “Standards” is always daisy. At present in India law requires “Reasonable Security Practice” which is often not interpreted properly by the companies. Hence what constitutes “Failure to meet Security Standards” is always a debatable issue. While many may be able to produce a certificate such as ISO audit or PCIDSS audit, these does not constitute indisputable standards under the “Reasonable Security Practice” under ITA 2000/8.

It would be interesting to see how insurance companies define such exclusions. Unless some data is built up over time on the claim settlements of different companies, it is difficult to evaluate which policy is better for a prospective insurance seeker.

As regards valuation, in a liability insurance, the value of the asset has to be based on the value of “Information” rather than the value of the hardware and software. Hence in companies where “Data Loss” is the prime criteria, the “Data” need to be valued.  Will this be based on acquisition cost or replacement value or liability potential is a matter to be discussed. Normally the acquisition cost of data is relatively low while the liability potential is high. The insurance premium would therefore be on the lower value but the claims would be on the higher value.

According to one of the recent security reports, in case of data breaches the biggest loss comes out of the “Reputation Loss”.  At the time of insurance, is it possible to add the “Value of Reputation” as part of the assets to determine the premium? is therefore a valid point for discussion.

Probably the role of insurance brokers s therefore very critical in the current juncture since they need to ensure a fair coverage for the clients at affordable premia.

We need to watch out the performance of such insurance brokers.

Naavi.org calls upon insurance seekers to share their experience with insurance companies and insurance brokers so that we can evaluate their performance from time to time.