ISMG India carried a report on the Prepaid Instruments recently which has been reproduced here.
Naavi said in this context :
While MeitY has prescribed guidelines, security practitioners have offered other ideas. “The current authentication methods are highly OTP-dependent – whether passwords, aadhaar or e-sign – and don’t ensure complete secured transactions, as they are vulnerable,” says cyber law expert Naavi Vijayashankar of Cyber Law College and Ujvala Consultants. “New authentication systems must be built that circumvent risks with the current form of aadhaar-based authentication.”
“… that while common security measures include passwords and multifactor authentication, issuers must remember the focus of any business, and therefore its information security policy, is protecting the user from consequences of unauthorized access or denial of access.”
“….that practitioners consider risk assessment from multiple perspectives, including securing information from unauthorized access, data integrity and denial of access; protecting organizations from liabilities due to a security breach that could result corporate executives being charged civil and criminal liabilities; and protecting users from adverse consequences of a breach via cyber insurance .”
“…breach reporting is important and the central monitoring authority should possess such information to understand industry-wide risks.”