NEW DELHI -- Mobile banking is growing fast in India, with smartphone sales exploding and the Modi government pushing digital payments.
But as more Indians move to electronic transactions, concerns are growing about the security of the banking system and smartphones in general.
There were around 156 million payments made through mobile phones in India in November last year, hitting a record for the second straight month, according to the central bank.
Digital transactions, currently running around 900 billion rupees ($14 billion) a month, are a tempting target for cyberthieves, who have created malware targeting digital banking customers.
India's shift to a cashless economy got a big push in November 2016, when Prime Minister Narendra Modi suddenly announced that 500 rupee and 1,000 rupee bank notes -- nearly 90% of the paper money in circulation -- were to be scrapped.
India has only one-fourth as many ATMs per person as China. The government is trying to bring more people into the formal banking system, but Modi's dreams of transforming the economy with a dose of digital technology could be undone by poor security.
On Jan. 5, Canara Bank, which operates in southern India, issued a warning to its banking customers. "It has been reported that malicious software targeting various banking and payment apps, including Indian banks, has been circulating," the bank said.
Two days earlier, information technology security specialist Quick Heal Technologies announced it had "detected an Android banking Trojan that targets more than 232 banking apps, including those offered by Indian banks."
The malware, which affects apps running on Google's Android mobile operating system, is designed to steal smartphone users' passwords by displaying a fake bank app page after a bogus Adobe Flash Player update has been installed. Targeted mobile banking apps include those from India's Axis Bank and ICICI Bank, as well as Bitcoin payment apps.
Counting the cost
The scale of damage caused by the malware is unclear, but many factors in India contribute to the spread of malware. Besides the rapid growth of mobile banking, the dominance of Android increases India's vulnerability to cybercriminals.
Anshul Gupta, research director at the Mumbai office of U.S. IT consultant Gartner, puts India's smartphone sales at "close to 140 million units," in 2017, making it the world's third-largest market behind China and the U.S. While smartphone penetration has reached around 80% in the mature markets of China and the U.S., India is still showing double-digit annual growth. Its penetration rate is around 30%, Gupta said.
The Indian market is dominated by South Korea's Samsung Electronics and Chinese handset makers like Xiaomi. Around 98% of the country's smartphones run on Android, compared with 88% for the rest of the world, Gupta said.
Many Indians are first-time buyers of smartphones and are generally not well-informed about security threats posed by malware. The country has been slow to respond to the risk of cybercrime, earning the sobriquet "ransomware capital of the Asia-Pacific."
In 2016, more than 3.2 million debit cards held by Indian consumers were compromised due to a breach caused by malware on a bank ATM network, leading to thefts of cash from accounts in the U.S. and China. Banks need to take more safety measures, but it is also vital for the government to educate smartphone buyers about the risks involved in mobile transactions.