India Must Build A Strong Cyber Infrastructure Before Welcoming CBDCs

Reserve Bank of India's (RBI) central bank digital currency (CBDC) is curiously awaited. There have been various interpretation regarding CBDCs. It will definitely be a game changer to the country's economy, but the most important fact is its security.

RBI Governor, Shaktikanta Das had said, "The main concern comes from the angle of cybersecurity and the possibility of digital frauds, so we have to be very careful about that. A few years ago, we had major concerns around fake Indian currency notes. Similar things can also happen when you are launching CBDC."

The security of CBDCs has real-world import and is one of the huge challenges to overcome if a CBDC is to be issued in India. The country will have to build a powerful cyberspace to tackle online frauds and other threats.

BW Businessworld had a conversation with Ranjan R Reddy, CEO & Founder, Bureau to brief some more details on the way India should prepare its cyber protection to prevent the threats. Edited Excerpts:

Do you think India is ready to go with the launch of central bank digital currency?

India has the chance to empower its citizens by issuing a digital rupee, allowing them to utilise it freely in our rapidly growing digital economy. Central Bank Digital Currency(CBDC) is a government-issued digital currency. It is an electronic copy or digital representation of the legal tender issued by a country's monetary authority. 

The advantage of CBDC is that it can significantly lower the cost of printing, transporting, and keeping paper currency, which is essential given India's relatively high currency-to-GDP ratio. Players worldwide are equipped with the necessary technologies to pay for products and services using cryptocurrencies. By lowering the cost of cash management, CBDC can gradually bring about a cultural shift toward virtual currency. As the system integrates, it can eventually enable cross-border payments, initially with trading partners who engage in two-way communication. It may also be possible to examine the increased usage of CBDC for better tax and regulatory compliance. Additionally, it may open the door for greater financial inclusion.

That said, policymakers must fully comprehend the prospects of launching a digital currency by considering its effects on the macroeconomy, liquidity, banking systems, and money markets. They will have to carefully plan the regulatory design, requiring coordination between the banking and data protection regulators.

Will it increase the risk of cyber threats?

When discussing the implementation of a central bank digital currency, the Reserve Bank of India stated that cyber security and digital frauds are its key concerns.

CBDC may be the target of cybercrime that cause server blockages, unplanned timeouts, or service disruptions. Given that the central bank would be handling an enormous amount of data regarding user transactions, robust data security systems will have to be set up to prevent data breaches.

This is why RBI will implement CBDC in a phased manner in the retail and wholesale segments. A necessary amendment to the RBI Act, 1934 for the financial regulator has been enacted to facilitate the launch of CBDC. Managing risks for the financial system’s stability while fostering innovation is a tricky balance that the regulators and supervisors would have to strike. 

For citizens to be comfortable adopting CBDC, they need to be confident in its security. An essential aspect of any currency is trust, and for a CBDC to succeed, a secure platform is required to ensure users’ confidence. Since CBDC is built upon information systems, it is useful to consider the risk-management approaches that secure them.

Is India's cyber security system good enough to tackle any unpleasant situation regarding CBDC? If not, how should India start building its cyber security more strongly?

India’s digital infrastructure is transforming steadily, combining policy and technological innovation. The country is moving rapidly toward a digital-first economy and CBDC, like any other form of payment, is vulnerable to cyber-fraud. In countries like India, where financial literacy is low, the increase in digital payment-related frauds may extend to CBDCs.

In 2021, there were five major data breaches, ranking India as the third-largest victim of growing cybercrime. Over 150 million users were impacted, whose private data now floats in the internet ether, leaving them vulnerable to the rapidly increasing menace of cyber fraud and online theft. Cybercrimes are witnessing a surge as more people use contactless payment. A CLSA report suggests that the value of digital payments in India will triple in the next few years – from 300 billion dollars in 2021 to one trillion dollars in 2026. These numbers point to the immense cyberspace that India needs to secure. 

With the world entering an era where national security will increasingly hinge on cyber security, a lot needs to be done to secure its cyber infrastructure. Therefore, there is no option but to build defensive and, more importantly, offensive cyber security capabilities while pushing for regulatory frameworks that govern the use of cyberspace.  But it’s important to note that building a risk infrastructure is a shared responsibility where government, public and private sectors have to collaborate to strengthen India’s cybersecurity posture.