WhatsApp Payments should not be approved in a hurry, cyber security experts warn

This comes days after Facebook CEO announced that WhatsApp Pay will soon be launched in India.


Following the recent revelation that Israeli spyware Pegasus was used to target at least 1,400 lawyers and activists globally, of which about 20 were Indian, the Indian govt, and now various cyber-security experts, are suggesting that the decision to approve the rollout of WhatsApp Pay should not be taken hastily. WhatsApp is at the heart of this controversy because it was one of the many vectors used to spread the Pegasus.

According to a report by IANS, cyber law expert Pavan Duggal said, "WhatsApp payment needs to be seen with a microscopic eye, primarily because in payments you will be dealing with sensitive personal data and cyber-security is going to be an essential building block component for WhatsApp to demonstrate its due diligence."

Duggal added that the government must not hurry in granting WhatsApp a license for the future unless it is absolutely sure of the platform adhering to all the required cyber-security norms and Indian laws.

WhatsApp Payments should not be approved in a hurry, cyber security experts warn

Representational Image.

Prashant Mali, a cyber lawyer at Bombay High Court also agreed with Duggal saying, "It (WhatsApp) didn't follow reasonable security practices as mandated in Section 43A of the IT Act, 2000. In fact, it abetted the crime of unauthorised access too. Granting WhatsApp Pay licence should be given a second thought by the Reserve Bank of India".

(Also read: Pegasus spyware: WhatsApp downloads in India are down by 80 percent)

This comes right after Facebook CEO Mark Zuckerberg recently announced that WhatsApp Pay will soon be launched in India.

Recently, the Indian government also showed similar skepticism when it reached out to the Reserve Bank of India (RBI) and the National Payments Corporation of India (NPCI) over the risk of payments made through social media apps like Facebook and WhatsApp.

On 29 October, WhatsApp revealed that it was suing Israel-based NSO Group for developing the Pegasus spyware that was used to target 1,400 civil rights activists, lawyers, and journalists across the world, including several in India.

While WhatsApp seems to be bearing the complete blame for the vulnerability, the Indian government must also be held responsible for not acting on the issue after reportedly being informed about it back in May 2019. Instead, a government official said that India's Computer Emergency Response Team (CERT-IN) could not fathom the magnitude of the situation due to the advisory being full of 'technical jargon'.

(Also read: WhatsApp Hack: Government expresses concern over not disclosing the incident earlier)

Having said that, while WhatsApp ensures that the platform is secure by offering an end-to-end encryption model, the actual contents of the messages that are shared can not be checked, due to the nature of the model. This, in turn, resulted in the Pegasus spyware getting into users' phones via an infected link.