Digital payments are more popular than ever before but a Government audit has found glaring holes in the system

Individuals and companies may not like audits because they might expose some of their deliberate wrongdoings. But very often, audits are useful because they can help plug loopholes and gaps that many folks never knew existed. In some cases, an audit might bring up obvious flaws that in hindsight should have been noticed and be the result of an innocuous mistake. But as we all know, innocuous mistakes can have devastating results. And this is what a hitherto unknown audit of the national digital payments processor, the National Payments Corporation of India (NCPI), has revealed, including an encrypted file that stored names and card details of millions of individuals.

While the NCPI claims to have rectified the errors that were revealed in the audit, this highlights why it is important to have such technology audits for all major Government services. Huge swathes of our personal information reside with Governments — from the many panchayats and municipalities, districts, States to the Centre. Then there are medical, tax and payment records. It is important, more so among private companies, that information stays secure at all points. The new data privacy norms mooted by the Government have been described as a “nationalisation of data” by some commentators. While that is an extreme description, the norms on data protection are thin and punishment for violations as well. What will happen when Government data is breached? At the same time, it is important to realise that a majority of the frauds on the internet surround digital payments. Mechanisms have to be developed around them. Financial fraud has existed since the beginning of time and will continue to bother us. Mistakes will be made but we have to ensure that the digital payment ecosystem, vitally important in today’s contactless day and age, stays as clean as possible.