#Factcheck-Viral Image of Men Riding an Elephant Next to a Tiger in Bihar is Misleading

Introduction

The hospitality industry is noted to be one of the industries most influenced by technology. Hotels, restaurants, and travel services are increasingly reliant on digital technologies to automate core operations and customer interactions. The shift to electronic modes of conducting business has made the industry a popular target for cyber threats. In light of increasing cyber threats, safeguarding personal and sensitive personal data on the part of the hospitality industry becomes significant not only from a customer standpoint but also from an organisational and legal perspective.

Role of cybersecurity in the hospitality industry

A hospitality industry-based entity (“HI entity”) deploys several technologies not only to automate operations but to also deliver excellent customer experiences. Technologies such as IoTs that enable smart controls in rooms, Point-of-Sale systems that manage reservations, Call Accounting Systems that track and record customer calls, keyless entry systems, and mobile apps that facilitate easy booking and service requests are popularly used in addition to operative technologies such as Property Management Systems, Hotel Accounting Systems, Local Area Networks (LAN).{1} These technologies collect vast volumes of data daily due to the nature of operations. Such data necessarily includes personal information such as names, addresses, phone numbers, email IDs etc. and sensitive information such as gender, bank account and payment details, health information pertaining to food allergens etc. Resultantly, the breach and loss of such critical data impacts customer trust and loyalty and in turn, their retention within the business. Lack of adequate cybersecurity measures also impacts the reputation and goodwill of an HI entity since customers are more likely to opt for establishments that prioritise the protection of their data. In 2022, cybercriminals syphoned 20GB of internal documents and customer data from Marriott Hotels, which included credit card information and staff information such as wage data, corporate card number and even a personnel assessment file. A much larger breach was seen in 2018, where 383 million booking records and 5.3 million unencrypted passport numbers were stolen from Marriott’s servers.{2}

Cybersecurity is also central to safeguarding trade secrets and key confidential trade information. An estimate of US $6 trillion per year on average amounts to losses generated from cybercrimes.{3} The figure, however, does not include the cost of breach, expenses related to incident response, legal fees, regulatory fines etc which may be significantly higher for a HI entity when loss of potential profits is factored in.

Cybersecurity is also central from a legal standpoint. Legal provisions in various jurisdictions mandate the protection of guest data. In India, the Digital Personal Data Protection Act 2023, imposes a penalty of up to Rs. 50 Crores on a breach in observing obligations to take reasonable security safeguards to prevent personal data breach.{4} Similarly, the General Data Protection Regulation (GDPR) of the European Union also has guidelines for protecting personal data. Several other industry-specific rules, such as those pertaining to consumer protection,  may also be applicable.

Breaches and Mitigation

There are several kinds of cyber security threats faced by an HI entity. “Fake Booking” is a popular method of cyber attack, whereby attackers build and design a website that is modelled exactly after the hotel’s legitimate website. Many customers end up using such malicious phishing websites thereby exposing their personal and sensitive personal data to threats. Additionally, the provision of free wifi within hotel premises, usually accessible freely to the public, implies that a malicious actor may introduce viruses and updates bearing malware. Other common cyber threats include denial of service (DoS) attacks, supply chain attacks, ransomware threats, SQL injection attacks (a type of attack where malicious code is inserted into a database to manipulate data and gain access to information), buffer overflow or buffer overrun (when the amount of data exceeds its storage capacity, implying that the excess data overflows into other memory locations and corrupt or overwrites data in those locations). 

One of the best ways to manage data breaches is to leverage newer technologies that operate on a “privacy by design” model. An HI entity must deploy web application firewalls (WAF) that differ from regular firewalls since they can filter the content of specific web applications and prevent cyber attacks. Another method to safeguard data is by deploying a digital certificate which binds a message/instruction to the owner/generator of the message. This is useful in preventing any false claims fraud by customers. Digital certificates may be deployed on distributed ledger technologies such as blockchain, that are noted for their immutability, transparency and security. Self-sovereign identities or Identifiers (SSI) are also a security use-concept of blockchain whereby individuals own and control their personal data, thereby eliminating reliance on central authorities.{5} In the hospitality industry, SSIs enhance cybersecurity by securely storing identity-related information on a decentralised network, thereby reducing the risk of data breaches. Users can selectively share their information, ensuring privacy and minimising data exposure. This approach not only protects guests' personal details but also streamlines authentication processes, making interactions safer and more efficient.

From a less technical standpoint, cybersecurity insurance may be opted for by a hotel to secure themselves and customer information against breach. Through such insurance, a hotel may cover the liability that arises from breaches caused by both first- and third-party actions.{6} Additionally, Payment Cards Industry Data Security Standards should be adhered to, since these standards ensure that businesses should apply best practices when processing credit card data through optimised security. Employee training and upskilling in basic, practical cybersecurity measures and good practices is also a critical component of a comprehensive cybersecurity strategy.

References:

• [1]  The Growing Importance of Cybersecurity in the Hospitality Industry”, Alfatec, 11 September 2023 https://www.alfatec.ai/academy/resource-library/the-growing-importance-of-cybersecurity-in-the-hospitality-industry
• [2]  Vigliarolo, Brandon, “Marriott Hotels admit to third data breach in 4 years”, 6 July 2022 https://www.theregister.com/2022/07/06/marriott_hotels_suffer_yet_another/#:~:text=In%20the%20case%20of%20the,of%20an%20individual%20organization%20ever. 

• [3] Shabani, Neda & Munir, Arslan. (2020). A Review of Cyber Security Issues in the Hospitality Industry. 10.1007/978-3-030-52243-8_35. https://www.researchgate.net/publication/342683038_A_Review_of_Cyber_Security_Issues_in_Hospitality_Industry/citation/download    
• [4] The Digital Personal Data Protection Act 2023 https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf 
• [5]  “What is self-sovereign identity?”, Sovrin, 6 December 2018 https://sovrin.org/faq/what-is-self-sovereign-identity/ 
• [6] Yasar, Kinza, “Cyber Insurance”, Tech Target https://www.techtarget.com/searchsecurity/definition/cybersecurity-insurance-cybersecurity-liability-insurance 

Introduction

In the multifaceted world of international trade and finance, cross-border transactions constitute the heart of economic relationships that span the globe. The threads that intertwine forming the fabric of global commerce are ceaselessly dynamic and exhibit an intricate pattern of complexity especially when it comes to the regulated movement of capital. It's a domain where economies connect, where businesses engage in sublime commerce, and where technology and regulation intersect at critical juncture. These guidelines will play a critical role in the regulation of capital, fortification of financial integrity, and transparency of regulatory and cross-border payments. The key highlights of this regulation include strict pre-authorization for non-bank entities, mandating specific accounts for import and export PA-CBs and a transaction ceiling of 25,00,000 Rupees.

The Vigilance of RBI 

The Reserve Bank of India (RBI), ever vigilant in its shepherding role over the nation's financial stability and integrity, has taken decisive strides to dispel the haze that once clouded this critical sector. With the issuance of a revelatory circular dated October 31, 2023, the RBI has unveiled a groundbreaking framework that redefines the terrain for these pivotal financial entities, aptly christened as Payment Aggregators – Cross Border (PA-CB). In deploying this comprehensive array of regulations, the RBI demonstrates a robust commitment to harmonizing and synchronizing the oversight of payments within the country's financial fabric, extending its meticulous regulatory weave from domestic Payment Aggregators (PAs) to the PA-CBs, a sector previously undistinguished in formal oversight.

The prescriptive measures announced by the RBI are nothing short of a regulatory beacon that cuts through the fog of uncertainty, illuminating a clear path forward for entities dedicated to facilitating cross-border payment transactions pertaining to the import and export of permissible goods and services in India through online modes. Inclusiveness is a hallmark of the RBI’s directive, encompassing a diverse cadre of financial actors, ranging from Authorized Dealer (AD) banks and conventional Payment Aggregators (PAs), to the emergent breed of PA-CBs actively engaged in processing these critical international payment transactions.

Key Aspects of Regulation

One of the most striking aspects of this new regulatory regime is the RBI's insistence on pre-authorization. All non-bank entities providing PA-CB services are impelled to apply to the apex bank for authorisation by April 30, 2024. This is far from a perfunctory gesture; it represents a profound departure from the bygone era when these entities functioned under a patchwork of provisional guidelines and ad-hoc circulars. Indeed, with this resolute move, the RBI signals its intention to embrace these entities within its direct regulatory gambit, an acknowledgement of the shifting tides and progressive intricacies characteristic of cross-border payments.

The tapestry of new rules is complex, setting forth an array of prerequisites for entities aspiring for authorization. For instance, non-bank PA-CBs are obliged to register with the Financial Intelligence Unit-India (FIU-IND) as a preliminary step before commencing the application process. Moreover, the financial benchmarks set are notably rigorous. Non-banks must boast a minimum net worth of ₹15 crores at the time of the application—a figure that escalates to a robust ₹25 crores by the fiscal deadline of March 31, 2026.

Way Forward

As if these requirements weren't indicative enough of the RBI’s penchant for detail and precision, the guidelines become yet more granular when addressing specific types of PA-CBs. Import-only PA-CBs are mandatorily obliged to maintain an Import Collection Account (ICA) with an AD Category-I scheduled commercial bank, while export-only PA-CBs are instructed to maintain an Export Collection Account (ECA), which can be maintained in Indian Rupees (INR) or any permissible foreign currency. The nuance here is palpable; payments for import transactions must be received in a meticulously managed escrow account of the PA, prior to being funneled into the ICA for smooth settlement with overseas merchants.

Conversely, export-only PA-CBs' proceeds from international sales must be swiftly credited to the relevant currency ECA. This meticulous accounting ensures that the flow of funds is both transparent and traceable, adhering to the utmost standards of financial probity.

Yet, perhaps the most emphatic of the RBI's pronouncements is the establishment of a transaction ceiling. PA-CBs have their per-transaction limit capped at ₹25,00,000 for each unit of goods or services exchanged. This calculated move is transparent in its objective to mitigate risk—a crucial aspect when one considers the potential implications of these transactions on the country’s fiscal health and the integrity of its financial systems.

It is no exaggeration to declare that with these guidelines, the RBI is effectuating a seismic shift in the regulation of cross-border payment transactions. There's a fundamental transformation taking place—a metamorphosis—from a loosely defined existence of PA-CBs to one of distinct clarity, under the direct and unswerving supervisory gaze of the regulator. The compliance burden, indeed, has become heavier, yet the return is a compass that points decisively towards secure harbours.

As we embark upon the fresh horizons that these rules bring into view, it is imperative to acknowledge that the RBI's regulatory innovations represent far more than a mere codification of dos and don'ts. They embody a visionary stride towards safeguarding and fortifying the architecture of international payments, a critical component of India's burgeoning presence on the world economic stage.

Conclusion 

The journey ahead, as we navigate these newly charted waters with the RBI's guidelines as our steadfast North Star, will no doubt be replete with challenges, adaptations and learning curves for the array of operational entities. But it is with confidence we can say, the path is set; the map is clear. The complex labyrinth of cross-border financial transactions is now demystified, and the RBI's clarion call beckons us towards a future marked by regulation, security, and above all else, reliability in the cosmopolitan tapestry of global trade. RBI’s guidelines provide a comprehensive framework for standardizing cross-border financial transactions in India. This decision is a monumental step towards maintaining cyber peace in cyberspace. 

References:

• https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12561&Mode=0
• https://www2.deloitte.com/in/en/pages/tax/articles/tax-alert-Regulation-of-payment-aggregator-cross-border-pa-cb.html
• https://www.jsalaw.com/newsletters-and-updates/rbis-new-guidelines-to-govern-payment-aggregators-in-cross-border-transactions/ 

‍

Introduction

WhatsApp has become the new platform for scams, and the number of cases of WhatsApp scams is increasing daily. Just like that, a new WhatsApp scam has been started, and many WhatsApp users in India have reported receiving missed calls from unknown international numbers. Worse, one does not even have to answer the call to be scammed. A missed call is sufficient to be scammed.

Millions of populations switch from normal SMS to WhatsApp, usually, people used to get fake messages and marketing messages, but the trend of scamming has been evolving now.  Most people get calls from different countries, and they are concerned about how these scammers got the numbers. WhatsApp works through VoIP networks, so no extra charges from any country exist. And about 500 million WhatsApp users are getting these scam calls, the calls are mainly on job-scams of promising part-time employment and opportunities. These types of job scam calls have been started reporting in 2023.

People reporting missed calls from countries like Ethiopia (+251), Malaysia (+60), Indonesia (+62), Vietnam (+84), etc.

The agenda of these calls are still unclear. Still, in some cases, the scammers ask for confidential information from WhatsApp users, like bank details, so the users must not reveal their personal information. Also, it is important to note that if you get any calls from a particular country, it necessarily does not mean it is from that country. Various agencies sell international numbers for WhatsApp calls.

Why has WhatsApp become a hub scam?

The generation has evolved and dumped the old SMS into WhatsApp. From school to college and offices, people use WhatsApp for their official work, as it is very easy and user-friendly, so people avoid safety measures. Generally, users need to understand the consequences of technology and use it with safeguards and awareness. Many people lose money and become victims of scams on WhatsApp as they share their confidential information. And the worse is that one does not even have to answer the call to be scammed. A missed call is sufficient to be scammed.

Before these international calls scam, the user received a call from the scam that they were from KBC, and the user won something. Then sought confidential information by the excuse that they would transfer the money to the user, and because of that user got scammed by the scammers. These scams have risen rapidly lately.

Safeguards users can use against these scam calls

WhatsApp responds to complaints regarding international calls to “block and report.”

If you have already received such calls, the best thing you can do is report and block them right away. As a result, the same number does not return to your phone, and numerous identical reports may persuade WhatsApp to delete the number entirely.

WhatsApp is also working on an update allowing users to block calls from unknown numbers on the service.

Users must modify their phone’s and app’s fundamental privacy settings to protect themselves from data breaches. The calls are directed toward app users who are actively using the app. However, by modifying the account’s appearance, a user can lessen the likelihood of being added to the scammers’ attack lists.

Limit Privacy

Begin by modifying WhatsApp’s ‘who can see’ settings. If your profile photo, last seen, and online status are visible to anybody, restrict them to persons on your contact list only. Change the About and Groups options as well.

Turn on two-factor authentication

Enabling two-factor authentication on WhatsApp adds more security to your data. In addition, the app also supports biometric protection in case of theft or loss.

Active Reporting

The users should report as soon as they see something odd or suspicious activity.

A typical question that users have is, ‘Where do the scammers acquire my phone number from?’

The answer is a little more complicated than we thought. Your data is retained on the company database from the time you sign up on a website or reveal your phone number at a store in order to take advantage of promotional offers and promotions. Due to a lack of technological infrastructure and legislation to protect personal data, a scammer can simply obtain your information.

According to Palo Alto research, India is the second most vulnerable country in the APAC region in terms of cyberattacks and data breaches. A data protection law is essential in the face of increasing calls and data breaches.

The Digital Personal Data Protection bill is set to be introduced in the parliament’s monsoon session. The bill has the potential to protect data, which will help to eliminate scams.

Conclusion

Several people had tweeted on tweeter about receiving fake calls on WhatsApp from international numbers more than once. WhatsApp encrypts calls and messages, making it difficult to track the person, and it appears that hackers are taking advantage of this to swindle customers. If you receive a WhatsApp call from any of the above ISD codes, we strongly advise you not to answer it and to block the number so the bad actors do not call you again. Report & block immediately that’s what WhatsApp has been responding to the complainants.