Technology
Use Multi-factor Authentication for Security
As the name suggests, multi-factor authentication (MFA) is a mechanism for which the user is required to separate pieces of information or evidence to gain access. The most popular MFA across the globe is a two-factor or two-step authentication or 2FA, as it is popularly known. This is used for authenticating transactions using cards, netbanking transactions or even for emails or some websites. 
 
The MFA, typically, is required to have at least two of the following categories: knowledge (something the user knows), possession (something the user has), and inherence (something the user is). For example, for withdrawing cash from an automated teller machine (ATM), the user is required to have a plastic card (debit, ATM or credit). This is what they possess. Secondly, the user needs to know the personal identification number (PIN), which is knowledge or something the user knows. Using the 2FA transaction, the user can withdraw cash from an ATM.
 
Now, consider that you are making an online payment through your card to buy an item. You have your card number and your PIN (or card verification value - CVV). After submitting this information, you can opt for a one-time password or passcode (OTP) which is received on your mobile phone registered with the card issuer. Your payment will take place only after you enter the OTP. This is an example of MFA. 
 
MFA provides an added layer of security. Someone may steal your card and PIN, but will not be able to use it for transactions (except at an ATM or at point of sales —POS—terminal) that require validation through OTP. Most of the times, the OTP is sent through SMS and there may be some technical issues with the network that may prevent the message from reaching the user device. For such issues, the payment gateways or banks offer a chance to seek a fresh OTP. The user needs to use the latest OTP for such transactions. (As standard practice, never share the OTP with anyone, especially for transactions that you have not initiated.)
 
The third factor in MFA is inherence, or something that the user is. This involves use of biometrics, like fingerprints or retina scans. But the problem is that we still do not have scanners for authenticating biometrics within a stipulated time. Add to this, the cost and connectivity issues and the use of biometrics as part of MFA fails. Also, biometrics or similar authentication works well in a stipulated environment and for limited users. You can use fingerprints to unlock your mobile phone. However, when the time comes for using it for other authentication and verification, the payment gateway needs to compare your fingerprints with millions of other fingerprints to validate that you are who your fingerprints claim to be. A super difficult task, especially for a country with over a billion population! Some transactions are taking place through this method, but are dependent on a locally-stored database. 
 
Apart from financial service-providers, several others like Apple, Google, Microsoft, Amazon, Facebook and Twitter also offer MFA for login. Apple allows access to its multiple devices after entering the ID, password and the six-digit verification code received, either by text or a phone call. Similarly, Google allows the user to opt for a second authentication factor like a six-digit code, received either through SMS on the registered mobile or via a phone call. Recently, Google launched a service where the user just needs to tap on Google’s mobile app installed on the registered device. In addition, Google lets the user authenticate a particular device (PC or laptop) so that it can be used without the second authentication factor.  
 
Some users may find it cumbersome or time-consuming to use the multi-factor authentication, but being safe and secure is not easy. Remember, cyber criminals love people who are lazy about protecting themselves. But if you are punctilious about avoiding a serious theft like your identity, email ID, data or money, then it is better be safe than sorry and use MFA, wherever available. 

User

Companies prepare for more ransomware attacks on Monday
Companies around the globe are preparing for an imminent cyber attack as the offices re-open on Monday, media reports said.
 
Cyber security experts predict that the scope of the attack could expand as people return to work and resume their work on computers, CNN reported on Monday.
 
Though a British security researcher "MalwareTech" managed to stop the spread of the virus, hackers have issued new versions that cybersecurity organisations are trying to counter.
 
"We will get a decryption tool eventually, but for the moment, it's still a live threat and we're still in disaster recovery mode," the report quoted Europol Director Rob Wainwright as saying.
 
"MalwareTech" has predicted "another one coming... quite likely on Monday", the BBC reported on Sunday.
 
The biggest ever ransomware attacks that started on Friday have wrecked havoc across globe, crippling computers and demanding hundreds of dollars from the users before they could regain control.
 
After taking computers over, the virus displayed messages demanding a payment of $300 in virtual currency Bitcoin to unlock files and return them to the user.
 
The number of ransomware-affected cases is still rising.
 
Europol has been analysing the virus and is yet to identify the hacking group behind the massive attacks.
 
MalwareTech, who wants to remain anonymous, was hailed as an "accidental hero" after registering a domain name to track the spread of the virus, which actually ended up halting it.
 
"We have stopped this one, but there will be another one coming and it will not be stoppable by us," the 22-year-old said.
 
"So there's a good chance they are going to do it... maybe not this weekend, but quite likely on Monday morning."
 
He also warned hackers could upgrade the virus to remove the "kill switch" that helped to stop it.
 
"Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You're only safe if you patch as soon as possible," he tweeted.
 
Investigators are working to track down those responsible for the ransomware used on Friday, known as Wanna Decryptor or WannaCry.
 
The virus exploits a vulnerability in Microsoft Windows software, first identified by the US National Security Agency.
 
Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.

User

A ransom payable in bitcoins is demanded from Wipro. Is it time to divorce bitcoins from blockchain technology?
On 6 May 2017, Wipro received an anonymous email-threat demanding a ransom of Rs500 crore, payable in bitcoins. This incident underscores the potential for abuse of crypto-currencies, such as bitcoins, owing to the difficulty in monitoring, tracking and regulating the global trade in bitcoins. The word crypto-currency is itself an insidious marketing tactic, for a virtual unit, the value of which is determined only by demand and supply can scarcely be called a currency. 
 
The generation or ‘mining’ of crypto-currencies like bitcoins, as a medium of payments, is not authorised by any central bank or monetary authority and its value is determined by a combination of amorphous parameters, which makes it ludicrous for bitcoins to be labelled as a currency. Undeniably, the underlying blockchain technology is likely to be the backbone of peer-to-peer transactions without any intermediary. Blockchain technology has limitless applications, most of which will render traditional reconciliation and settlement systems redundant. Tragically, bitcoins, which have become synonymous with blockchain technology, have the dubious distinction of being beyond regulatory purview, not just in India but across the globe. 
 
The Indian government’s move to demonetise high-value currencies of Rs1,000 and Rs500 denominations had the unintended consequence of fanning opportunistic promotion of bitcoins as a substitute to currency. The bitcoin lobby seized this opportunity to promote their interests by attempting to cloak bitcoins in legitimacy by feeding off the goodwill generated by the deployment of blockchain technologies. It is therefore critical for regulators to distinguish the technology from bitcoins. The unsuitability of bitcoins to substitute a currency are starkly obvious, since it is neither recognised or backed by a government, nor does it have a stable value and is prone to speculation-induced volatility. The attempts to promote bitcoins as a quasi-currency are particularly malicious, given that the Reserve Bank of India (RBI) had cautioned against the use of crypto-currencies, which are neither a derivative, nor a currency with a determinate value.
 
To allow financial regulators to view and appreciate blockchain technology, untainted by their views regarding bitcoins, perhaps it is time to clearly dis-affiliate crypto-currencies, such as bitcoins, from the underlying blockchain technology. 
 
While I do not intend to single out bitcoins, it happens to be the most ubiquitous cryptocurrency in the world, owing to which the instances of using bitcoins for nefarious purposes would presumably be the most common. Globally, crypto-currencies in general and bitcoins in particular, have gained a certain notoriety since they are the preferred medium to circumvent exchange control and anti-money laundering laws, and receive payments for the global trade in contraband such as narcotics. 
 
Transactions between bitcoin users are almost entirely anonymous. There is no requirement for a bitcoin user to enter their name, address, or any other details that might later be used to identify them. A randomly generated code used to denote the identity of a user is all that is needed to confirm that a transaction did indeed take place. Users can use a different code for every transaction they wish to enter into.
 
The blockchain technology underlying bitcoins has a decentralised infrastructure, which is both inter-dependent on each participant and yet severable from any jurisdiction, thereby allowing the blockchain network (or for instance, bitcoin exchanges) to continue functioning even if some components of the worldwide blockchain are taken offline. Blockchain technology was developed to ensure transparency since the digital ledger that is composed of blocks, is considered to be ‘incorruptible’ and tamper-proof.  Ironically, it is this very feature, which also helps ensure anonymity of the blockchain users when it is transferred from one person to another, making it virtually traceable to track blockchain ownership while the transfers itself can be verified. This makes the task of regulating bitcoins a regulatory nightmare.
 
Cryptocurrencies have been burgeoning, as intended, without any regulation or centralised repository. This has led to multiple crypto-currencies, each with its own framework to support the distributed ledger based on which it functions. Practically, this makes banning crypto-currencies an almost impossible task and has been vexing regulators globally. 
 
In India, the RBI issued a warning regarding the use of crypto-currencies in 2013 and also highlighted the possibility of its use to undermine anti-money laundering provisions. Subsequently, the Enforcement Directorate (ED) too had raided a bitcoin exchange citing violation of exchange control laws. Despite this, the bitcoin boom continued unabated. Since bitcoins are neither a security, a currency, nor a derivative, or an instrument with a predetermined value, it does not fall squarely within the jurisdictional purview of the RBI or the Securities and Exchange Board of India (SEBI). 
 
The RBI had also recently issued a warning about the potential financial, legal, and security risks arising from the use of bitcoins and had emphatically stated that bitcoin and virtual currency users, investors and traders of bitcoins and other crypto-currencies will be doing so at their own risk. Assuming that regulators ban cryptocurrencies outright, there is practically no way in which this can be enforced. Perhaps this explains why regulators are not taking a more stringent stance, since banning crypto-currencies would be mere lip service. One possible method to crack down on bitcoin exchanges and enforce a ban would be for the Telecom Regulatory Authority of India (TRAI) to issue a diktat to internet service providers to cease to offer connectivity to bitcoin exchanges and miners. This would need internet service providers to first identify bitcoin exchanges and miners based on their internet traffic, raising more complex issues of privacy and net neutrality.
 
Taking a more tempered and pro-business stance, if the RBI were to take a view that all bitcoin exchanges must maintain a list of users which are shared with the central bank and also allow it to step in to conduct audits and supervise their functioning, it may proffer a solution, albeit incongruent to the traditional concept of a decentralised and self-regulating system. If regulators in India adopt the concept of regulatory sandboxing, they could allow bitcoins to function within predefined parameters, which allow for a certain degree of regulatory oversight without impugning the autonomy of the distributed ledger system.
 
In India, the Bitcoin Association of India has agreed with the RBI’s notification regarding risk associated with virtual currencies. They have continued to argue that per se bitcoins are not illegal. Crypto-currencies have courted controversy by being the preferred method of payment for activities evading regulation. While virtual currencies do indeed have legitimate uses, it would be very hard to justify its use over other forms of payment. In India, pursuant to the demonetisation of high value notes last year, bitcoins have been promoted opportunistically as if they are a substitute to e-wallets, which store actual currency, whereas crypto-currencies are speculative products closer to derivative instruments than virtual currencies.
 
Bitcoins are not recognised by Indian foreign exchange laws and therefore cannot be used to make payments for import or export of goods and services. Its use to circumvent exchange control regulations is well established and, while proponents of virtual currencies insist that there is a strong argument for the use of bitcoins, bitcoins have been courting controversy since they have typically been used in transactions to deliberately avoid regulatory scrutiny. 
 
The Wipro case, where the ransom is being demanded in bitcoins, should perhaps be the last nail in the coffin. To alleviate Wipro’s misery, the RBI along with the ED, could notify the use of crypto-currencies as illegal and prescribe penalties for the purchase or ownership of crypto-currencies on the ground that they are an instrument to circumvent foreign exchange and anti-money laundering regulations. While this may not resolve the immediate situation, it could essentially stall future attempts to demand a ransom through bitcoins. While proponents of the bitcoin may cry foul and claim this is a knee jerk reaction to the abuse of bitcoins, this well may be an opportune moment to divorce the concept of crypto-currencies from blockchain by banning the former. The end of the toxic matrimony between blockchain and bitcoins could help refine the industry’s focus on the development of blockchain products without being eclipsed by the nefarious reputation garnered by cryptocurrencies.
 
(Akash Karmakar is an associate at AZB & Partners. Opinions expressed in this article are personal.)
 

User

We are listening!

Solve the equation and enter in the Captcha field.
  Loading...
Close

To continue


Please
Sign Up or Sign In
with

Email
Close

To continue


Please
Sign Up or Sign In
with

Email

BUY NOW

The Scam
24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
Moneylife Online Magazine
Fiercely independent and pro-consumer information on personal finance
Stockletters in 3 Flavours
Outstanding research that beats mutual funds year after year
MAS: Complete Online Financial Advisory
(Includes Moneylife Online Magazine)