'Encryption Policy must before going cashless'

The country needs a strong national encryption policy (NEP) before going cashless in post-demonetisation era to ensure safety of smart card users, according to IPS officer and IT expert Sanjay Pandey.
"India needs a strong encryption policy before going digital all the way," Pandey, Deputy Commandant (Home Guards), Maharashtra, told PTI.
"The algorithm currently used in India to encrypt the data was declared obsolete by the US way back in 2000 and therefore we need a strong encryption arrangement before going digital," the 1986 IPS officer, a computer science graduate from IIT, said.
Earlier, a National Encryption Policy draft was drawn up in late 2015. This was, however, withdrawn due to certain concerns raised by the experts and public.

Since then, there has been no serious attempt made in that direction, he said.
"Guidelines issued to Internet Service providers (ISP) in 1999 mandated use of 40-bit encryption by the ISPs. But the use of 40-bit encryption in current times is too easy to be broken by hackers. This use of weak encryption exposes the data which travels through the Internet in India," he said.

Pandey was sent to USA and UK to study computer use for analysing crime and criminal data and was also entrusted with the work of computerising the modus operandi bureau of the crime branch and computerised information about arrested and convicted criminals.

"Hackers may have gathered the sensitive information of the cards being used by the people at ATMs and PoS and we should not be surprised if the hacking starts taking place after March next year, because there is cap on withdrawal on cash right now," said Pandey.
He said there is also the risk of EMV cards being prone to skimming and attacks, where data from magnetic strip on them easily reads through a tampered Automated Teller Machine (ATM) or PoS machine.
"Apart from coming up with National Encryption Policy mandating use of strong encryption, acceptance of India in the Wassenaar arrangement would make our country eligible to get and use best available encryption technology which will not only prevent skimming and malware attacks but also provide better security and safety to citizens in their day to day ATM and PoS usage," he said.