Print This Post
19 September 2019, Gateway House

Cyber agenda for India’s digital payments

India has rapidly transitioned from a cash-based economy to one reliant on digital payment systems. This has resulted in financial inclusion and greater transparency, but also expanded the system’s vulnerability to cybercrimes. This paper analyses India’s digital payments industry, maps the potential threat vectors and recommends measures to strengthen the cybersecurity of digital payment systems

Fellow, International Security Studies Programme

post image

In the span of a mere decade, the Indian economy has gone from being cash-based to being heavily reliant on digital payment systems. This transition has been driven by domestic initiatives such as the Unified Payments Interface, IndiaStack, Aadhaar-Enabled Payment Systems and mobile wallets. These have brought many visible and worthwhile changes, such as greater convenience, financial inclusion, transparency in transactions, substantial tax revenue and wider scope for financial technology to come into its own. But the growing digitisation of payment systems also has brought greater threats, perpetrated by hackers, organised criminal syndicates and, in some cases, foreign governments. Indian regulators and the payment industry have focused on tackling these threats.

This paper analyses India’s payments industry and reviews trends in cyber-attacks on its payment infrastructure. It maps the system’s vulnerabilities and channels to explain how attacks may arise. It also includes a review of existing policy measures and cybersecurity standards. The paper argues that in order to secure its digital payment systems, India will need to expand its efforts by focusing on data protection, information sharing, cyber hygiene and cyber attack attribution. A safe and secure payment system will increase citizens’ confidence and strengthen the digital economy.

India’s policy push towards digital payments makes it an important global actor in the digital economy. Therefore, a greater emphasis is needed on threat mitigation and vulnerability-patching to ensure resilience of the payment systems and a greater level of cybersecurity. This paper makes the following recommendations for action on three levels: government, business and diplomatic.


  • Make reporting of data breaches mandatory
  • Expedite creation of CERT for the financial sector
  • Adopt a phased approach to local data storage requirements for the payments industry
  • Expand cyber hygiene education initiatives

Business (industry)

  • Create a payment-industry platform for information-sharing
  • Enable consumers to control data through a consent dashboard

Diplomatic (global)

  • Negotiate preferential and conditional data-sharing agreements with like-minded countries
  • Articulate a normative framework for cyber-attack attribution

You can download the PDF version of this paper here.

Sameer Patil is Fellow, International Security Studies Programme, Gateway House.

Sagnik Chakraborty is Researcher, Cybersecurity Studies, Gateway House.

This paper was exclusively written by Gateway House: Indian Council on Global Relations. You can read exclusive content here.

For interview requests with the author, please contact

© Copyright 2019 Gateway House: Indian Council on Global Relations. All rights reserved. Any unauthorized copying or reproduction is strictly prohibited.