In light of the discovery of the Pegasus spyware and the mechanism by which it spread, the Indian government has reached out to the Reserve Bank of India (RBI) and the National Payments Corporation of India (NPCI) over the risk of payments made through social media apps like Facebook and WhatsApp.
“We are reaching out to the NPCI and the RBI to discuss safety features and in case some extra steps need to be undertaken to ensure the security of financial data is not breached,” a senior government official told the Economic Times.
While WhatsApp ensures that messaging between users on the platform is secure owing to its end-to-end encryption model, the actual contents of the messages shared are not checked. This resulted in the Pegasus spyware getting into users’ phones via an infected links. While WhatsApp can’t really be held accountable for Pegasus per se, the fact that the app can be easily misused does raise questions about the security of financial data when services like WhatsApp payments go live in India.
Last week, WhatsApp sued Israel-based NSO Group for developing the Pegasus spyware that was used to compromise the privacy of about 1,400 civil rights activists, lawyers, and journalists across the world. WhatsApp was one of several services used to help spread Pegasus.
This also comes just days after Facebook CEO Mark Zuckerberg announced last week that the company may soon reveal some “positive news” about the launch of WhatsApp Pay. Zuckerberg reportedly told analysts on an earnings call that the service is being tested currently and it could be launched in India soon.
WhatsApp Pay is a peer-to-peer and UPI-based payment service that will allow users to send money within the instant messaging app. Users will be able to connect their UPI accounts to WhatsApp and then make transactions with other users aboard the service. If launched, it could potentially reach over 400 million WhatsApp users in India.