By Press Trust of India | Updated: 31 May 2022
Capital markets regulator SEBI on Monday changed the cybersecurity and the cyber resilience framework of KYC Registration Agencies (KRAs) and mandated them to conduct a comprehensive cyber audit at least twice in a financial year. Along with the cyber audit report, all KRAs have been instructed to submit a statement from the MD and CEO certifying compliance by them with all of SEBI’s cybersecurity-related guidelines and notices issued periodically, according to a circular.
Under the revised framework, KRAs are required to identify and classify critical assets based on their sensitivity and criticality to business operations, services and data management.
Critical assets should include business-critical systems, internet-facing applications/systems, systems containing sensitive data, sensitive personal data, sensitive financial data, personally identifiable information data, among others. All ancillary systems used to access or communicate with critical systems, whether for operations or maintenance, must also be classified as critical systems.
In addition, the KRAs board will be required to approve the list of critical systems.
“To this end, KRA must maintain an up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows,” SEBI said.
According to SEBI, KRAs must conduct regular Vulnerability Assessments and Penetration Tests (VAPT) that includes all infrastructure components and critical assets such as servers, network systems, security devices and other IT systems to detect security vulnerabilities in the IT environment and an in-depth evaluation of the security posture of the system through simulations of real attacks on your systems and networks.
In addition, the regulator said that KRAs must conduct VAPT at least once in a financial year.
However, for KRAs whose systems have been identified as a “protected system” by the National Critical Information Infrastructure Protection Center (NCIIPC), SEBI said, VAPT must be performed at least twice in a fiscal year.
Furthermore, all KRAs are required to engage only CERT-In integrated organisations to conduct VAPT.
The final report on the VAPT must be submitted to SEBI after the approval of the technology standing committee of the respective KRA, within a month from the end of the VAPT activity.
“Any gaps/vulnerabilities detected must be remedied immediately and the closure compliance of the findings identified during VAPT will be sent to SEBI within 3 months after VAPT’s final report is submitted to Sebi,” the regulator said.
In addition, KRAs must also perform vulnerability scans and penetration tests prior to the roll-out of a new system that is a critical system or part of an existing critical system.
The new framework will come into force with immediate effect, SEBI said, adding that all KRAs must communicate the status of the implementation of the circular to the regulator within 10 days.
Amazon Suspends at Least 50 Workers After Employees Protested Against Fire Incident
By Associated Press | Updated: 5 October 2022
Amazon has suspended at least 50 warehouse employees who refused to work their shifts following a trash compactor fire at one of its New York facilities, according to union organisers.
The company suspended the workers, with pay, on Tuesday, a day after the fire disrupted operations at the Staten Island warehouse that voted to unionise earlier this year.
Derrick Palmer, the Vice President of the Amazon Labor Union, said day-shift workers were sent home with pay due to the fire, which began late afternoon Monday. But night-shift employees, who were just coming in for their shift, were told to remain in a break area until management figured out the situation, he said.
Dozens of workers began to raise concerns about safety. Some were worried the air in the facility would be unsafe to breathe because of smoke from the fire. Eventually, roughly 100 workers held a sit-down protest at the facility’s main office, demanding to be sent home with pay.
“They were saying ‘we don’t feel safe, we don’t feel safe to work’,” Palmer said.
Amazon spokesperson Paul Flaningan said in a prepared statement that the company had asked all night shift employees to report to their shifts on Monday after the New York Fire Department certified the building as safe.
“While the vast majority of employees reported to their workstations, a small group refused to return to work and remained in the building without permission,” Flaningan said. Some workers had also walked out, while others continued with the protest, according to organisers.
The suspended workers were notified by email and phone that their security badges would be inactive during the duration of the probe, Palmer said. The suspensions are in effect indefinitely as the company investigates. The number of suspended workers could rise. Seth Goldstein, an attorney for the union, said the workers intend to file unfair labour practice charges against Amazon with the National Labor Relations Board.
Amazon has filed over two dozen objections with the agency seeking to toss out the union’s April win. Meanwhile, warehouse workers at a separate facility near Albany, New York will be voting in their own union election next week.
RuPay Credit Card UPI Usage: No Charge for Transactions Up to Rs. 2,000, NPCI Says
By Press Trust of India | Updated: 5 October 2022
There will be no charge for RuPay credit card use on Unified Payments Interface (UPI) for transactions up to Rs. 2,000 in line with the RBI direction, a recent NPCI circular said.
RuPay credit card has been operational for the last four years, and all major banks are enabled and are issuing incremental cards for both commercial and retail segments.
“During credit card on-boarding on the apps, the device binding and UPI PIN setting process shall include and be construed as customer consent for credit card enablement for all types of transactions,” the circular dated October 4 said.
For international transaction enablement, the existing process from the app will apply to credit cards too, the National Payments Corporation of India (NPCI) said in the circular.
Nil Merchant Discount Rate (MDR) would apply for this category up to the transaction amount less than and equal to Rs. 2,000, it noted.
MDR is the cost paid by a merchant to a bank for accepting payment from their customers via credit or debit cards every time a card is used for payments in their stores. The merchant discount rate is expressed in the percentage of the transaction amount.
“This circular is applicable from the issuance date and members are requested to take note and bring the contents of this circular to the notice of the relevant stakeholders,” it said.
“The basic objective of linking credit cards to UPI is to provide a customer with a wider choice of payments. Currently, UPI is linked through debit cards to savings accounts or current accounts,” Reserve Bank Deputy Governor T Rabi Sankar had earlier said.
As per the circular, UPI apps would ensure complete transparency on transactions made by a customer using a credit card, by means of easily accessible transaction history and clearly visible user interface while making the payment.
Credit card issuers and apps will send appropriate notifications or communications to the customer during each event of the credit card lifecycle for such transactions, as per the circular.
The step will promote the homegrown payment gateway and encourage wider acceptance of RuPay cards.
It further said there is a need to maintain a separate mobile number attached to an add-on card.
Amazon, Five Publishers Win Dismissal of Lawsuits Alleging Conspiracy to Fix Book Prices: Details
By Reuters | Updated: 30 September 2022
A federal judge on Thursday dismissed two antitrust lawsuits accusing Amazon.com Inc and five large publishers of illegally conspiring to fix US prices of electronic and traditional books, causing consumers and bookstores to pay more.
US District Judge Gregory Woods in Manhattan accepted a magistrate judge’s recommendations to end both cases against Amazon, Hachette Book Group, HarperCollins Publishers, Macmillan Publishing Group, Penguin Random House and Simon & Schuster.
Consumers accused the defendants of signing agreements that let the publishers inflate e-book prices by locking in a 30 percent “agency” fee for Amazon on each sale, and guaranteeing that Amazon’s prices would not be undercut.
Retail booksellers, meanwhile, alleged that Amazon had been awarded a “discriminatory discount” on hardbacks, paperbacks and mass-produced books, forcing them to pay higher wholesale prices to the publishers and depressing book sales.
According to the plaintiffs, Amazon commands 90 percent of retail e-book sales and 50 percent of print trade book sales, while the publishers account for 80 percent of both kinds of books.
But in two opinions totaling 113 pages, US Magistrate Judge Valerie Figueredo recommended last month that both lawsuits be dismissed, citing a lack of evidence of collusion.
She found it “telling” in the e-book case that the consumers offered “no plausible explanation for why the publishers would have been motivated to participate in a conspiracy that further entrenched Amazon’s dominance as an e-book retailer.”
Woods adopted Figueredo’s reasoning in full. The lawsuits were dismissed without prejudice, meaning the plaintiffs can try amending their complaints.
Lawyers for the plaintiffs did not immediately respond to requests for comment. Amazon had no immediate comment.
The trade book case was led by Bookends & Beginnings, a bookseller in Evanston, Illinois.
The cases are In re Amazon.com Inc e-Book Antitrust Litigation, US District Court, Southern District of New York, No. 21-00351; and Bookends & Beginnings LLC v Amazon.com Inc et al in the same court, No. 21-02584.
© Thomson Reuters 2022
RBI Unlikely to Extend Card Tokenisation Deadline Despite Payment Failures, Revenue Losses, Bankers Say
By Reuters | Updated: 29 September 2022
India’s central bank is unlikely to extend a Friday deadline for businesses to set up an additional layer of security for consumers’ credit card data even after some concerns remain over payments failing and revenue losses, say bankers and merchants.
Despite a demand by smaller merchants to delay the compliance date, there has been no indication so far by the central bank that there is likely to be an extension in deadline, three banking and merchant sources with knowledge of the matter told Reuters.
The Reserve Bank of India (RBI) did not respond to an email request for comment.
“The general sense is that banks, card networks and (bigger) merchants are better prepared and so the push from the ecosystem side for an extension has also not been massive and we haven’t received any indication to suggest an extension either,” said a banker with a large state-owned bank.
“If it happens, it will be a surprise,” he added.
Three years ago, India embarked on a mammoth exercise to secure card data by requiring businesses to tokenise cards by September 30.
Tokenisation is a process by which card details are replaced by a unique code or token, generated by an algorithm, allowing online purchases without exposing card details, in a bid to improve data security.
The RBI first introduced the norms in 2019 and after several extensions has ordered all companies in India to purge saved credit and debit card data from their systems by October 1, 2022.
While banks, card companies, and large retailers are prepared, smaller merchants may face trouble which they say could lead to revenue losses for them in the short-term.
Merchant associations have also reached out to the central bank to see if they can be given more time.
Some merchants and bankers also fear card-related transactions may drop in the short-term after tokenisation norms are introduced.
“The moment an additional layer or friction is introduced, payments seem to drop. And there are concerns that initially we may see recurring drop by similar levels to what we had seen,” said Rohit Kumar, Founding Partner of TQH Consulting, a public policy consulting firm.
When the previous tokenisation deadline was nearing, recurring payments were failing by 10-15 percent, according to merchants.
Apart from payments, other things that need to be stress tested include what happens when a product is returned and other post-transaction flows as card data will not be stored on the merchant servers, said Rajaram Suresh of Boston Consulting Group.
Unlike India where it has been made mandatory, European stakeholders have been encouraged to tokenise cards for security benefits, Suresh added.
However, analysts argue that at a time when digital payments are expected to reach the $10 trillion (roughly Rs. 8,17,37,500 crore) mark by 2026, tokenisation is imperative. Fraud concerning card or internet transactions have been on a rise and made up 34.6 percent of total number of fraud cases in FY21, according to central bank data.
“People are used to one-click checkout so adoption may take more time and some people may shift to cash but considering that this makes online transactions more secure, customers will adopt this faster without much chaos this time around,” said Jagdish Kumar Senior Vice President of Worldline India.
© Thomson Reuters 2022
Fast Company Shuts Down Website After Hackers Compromise Apple News Feed
By Reuters | Updated: 28 September 2022
US business and media publication Fast Company said it shut down its website on Tuesday evening after the site was hacked and sent “obscene and racist” notifications to Apple users via the iPhone maker’s Apple News service.
News publishers using the Apple News aggregation app can connect their digital publishing tools to Apple News to send push notifications to Apple customers who subscribe to the publisher’s channel. Fast Company said hackers broke into those publishing tools.
Hackers sent two “obscene and racist push notifications” about a minute apart, Fast Company said in a tweet, adding it had suspended the Apple News feed until the situation was resolved.
“We are investigating the situation and have suspended the feed & shut down FastCompany.com until we are certain the situation has been resolved,” the publication added.
Fast Company’s website was down and the page displayed a 404 error when viewed by Reuters on Tuesday evening.
In a subsequent tweet after the shutdown, Fast Company said that its content management system – software used by news outlets to publish and manage their stories – had been hacked to send the notifications.
Apple News said in a tweet that it had disabled Fast Company’s channel.
Fast Company said it had earlier suffered an “apparently related” hack of its website on Sunday afternoon, when similar language appeared on its home page, causing it to shut the site down for about two hours.
Fast Company is owned by publishing firm Mansueto Ventures LLC.
© Thomson Reuters 2022
Elon Musk Fake Accounts Claim Not Backed Up by Data Scientists’ Findings, Twitter Lawyer Tells Court
By Agence France-Presse | Updated: 28 September 2022
Twitter and Elon Musk sparred in court on Tuesday, each digging for evidence to prevail in a high-stakes trial next month over the billionaire’s bid to break his buyout deal.
Musk has been keen to find evidence to back his accusation that Twitter misled regulators and investors about what portion of accounts are actually spam or software “bots,” as well as its key measures regarding growth.
Twitter, which has sued Musk to force him to complete the $44 billion (roughly Rs. 3,60,140 crore) buyout deal, seeks material or testimony to prove he is contriving excuses to walk away because he changed his mind.
A Twitter attorney told the judge it was a struggle to get documents from data scientists Musk used to estimate the portion of fake accounts on the social network, and that what they finally got did not back his accusation about it being much higher than five percent.
Attorney Brad Wilson contended that Twitter has encountered a “pattern of delay and obfuscation” when it comes to what Musk learned from data scientists he had study Twitter data.
Musk attorneys, in turn, pressed the judge to make Twitter hand over more messages or other material, particularly regarding “monetisable daily active users” and “user active minutes.”
The hearing came during a discovery phase in which rival sides seek documents, emails, depositions, and more to back their positions.
The long list of those called on to provide documents or to answer questions in the case includes Twitter co-founder and former chief Jack Dorsey.
Tesla chief Musk will be deposed under oath over the course of two days next week in sessions that are to be recorded by “stenographic, sound and visual means,” according to a filing.
Musk’s deposition is set to take place privately in law offices ahead of a five-day trial scheduled to begin October 17 in the Court of Chancery in the state of Delaware.
Musk, the world’s richest man, said in a letter in April that he was canceling the deal because he was misled by Twitter concerning the number of bot accounts on its platform, allegations rejected by the company.
He later added accusations made in a whistleblower complaint by a former head of security at Twitter to his reasons for walking away from the deal.
Twitter has stood by its assessment of user numbers, and portrayed the whistleblower as a “disgruntled former employee” whose allegations are without merit.
“There are a range of possibilities that can come from the Delaware court including settlement, breakup fee paid, deal enforced, and a myriad of other outcomes,” Wedbush analyst Dan Ives said of the trial.
“We also continue to believe there is a possibility behind the scenes both parties look to attempt negotiations before stepping into court in a few weeks.”
SpaceX Rocket With Next International Space Station Crew Enters Orbit, Including Russian Cosmonaut: All Details
Roblox Faces Lawsuit for Enabling Minor’s Sexual, Financial Exploitation; Meta, Snap, Discord Also Targeted
Spotify Acquires Content Moderation Firm Kinzen to Detect Harmful Content on the Platform
India Is Planning to Roll Out 6G Telecom Network by Decade End, 5G to Launch in Few Months: Prime Minister Modi
Hyundai Partners With Tata Power to Set Up Electric Vehicle Charging Infrastructure
India’s 5G Testbed Successfully Tested in IIT Madras, Union Minister Ashwini Vaishnaw Made First 5G Call
Internet2 weeks ago
Meesho Records Nearly 87.6 Lakh Orders on Day 1 of 5-Day Festive Sale
Games2 weeks ago
Take-Two’s Grand Theft Auto VI gameplay leaked online – Bloomberg News
Social Networking3 weeks ago
Dutch town takes Twitter to court to remove conspiracy theories
Entertainment2 weeks ago
Steven Spielberg’s The Fabelmans wins Toronto audience award
Science2 weeks ago
Australian fish fossils get to the heart of vertebrate evolution
Cryptocurrency2 weeks ago
Bitcoin falls below $19,000 as cryptos creak under rate hike risk
Technology2 weeks ago
Uber says Lapsus$-linked hacker responsible for breach
Internet3 weeks ago
Chubu Electric joins all-Japan Toshiba buyout consortium