After Singhealth Data Security Breach, Is Going Cashless Safe?

The recent data security breach at Singhealth raises questions of the Singapore Government’s vision of a cashless society. Is it safe? Will we all wake up one day to headlines screaming our financial system has collapsed because of an attack? Will all our money be gone, wiped out, disappeared forever?
Before the massive attacks on the Singhealth system which saw the theft of personal and medical information of 1.5m patients, few of us would paused and gave such questions even cursory attention.
Hopefully, the security violation at the healthcare provider will prompt us to do so now.
Imagine: 1.5m people’s personal financial accounts compromised, resulting in deletion of bank records or the complete shut-down of the banking system. Everything about your finances wiped out, or copied and stolen. 
It is an extreme scenario to contemplate. Is it possible? We do not know for sure, but it is something we should be concerned about. 
The consequences of such an occurrence would clearly be devastating, especially if all our financial transactions are done digitally. That is what a cashless society mean, ultimately.  There would be no more cash transactions at the MRT ticket machine (already happening), no cheques to bank in (coming soon), e-payment the order of the day for all purchases (many people now shop online and use digital payment). Those slim plastic cards will be king. Even children will own them.
Your wallet would no longer hold physical dollars and cents. In fact, as is happening in Sweden, physical coins and notes would become extinct. All your transactions done either through your personal smartphones, or electronic devices, or through machines. 
But while a digital economy has its advantages, it also has its downsides, which are less often talked about. 
Let’s look at Sweden, the most cashless country in the world, and which is being studied by others who have the same cashless ambitions. 
In Sweden, less than 20% of all transactions are in cash, according to its central bank, Riksbank, in 2017. Less than 1% involved coins. 
Everywhere, card payments are preferred. In fact, most businesses would only accept digital transactions, including those via apps like Swish and iZettle. Some expect that the country will completely abolish cash by 2030. 
Earlier this year, Bloomberg reported:
“No cash accepted” signs are becoming an increasingly common sight in shops and eateries across Sweden as payments go digital and mobile.
The reasons for this transformation in Sweden are several - going digital is more convenient for both customers and businesses, there is a high trust level of banks in Sweden, and the general comfort level of Swedes with things electronic.
Lauded by many when Sweden first started on this road to digitalisation, some are now however beginning to raise questions and concerns about its cashless ambitions. 
“An annual survey by Insight Intelligence released last month [Feb 2018] found that only 25 percent of Swedes paid in cash at least once a week in 2017, down from 63 percent just four years ago,” Bloomberg reported in February. “A full 36 percent never use cash, or just pay with it once or twice a year.”
This has the authorities concerned. The Swedish government ordered a parliamentary review of the central bank’s regulations regarding the disappearing use of cash.
“If this development with cash disappearing happens too fast, it can be difficult to maintain the infrastructure” for handling cash, said Mats Dillen, the head of the parliamentary review.
The authorities are considering forcing the banks to issue cash to customers, and are also examining the possibility of introducing an official form of digital currency, the eKroner, as a complementary currency to cash, not to replace the latter.
“The Riksbank is carefully analyzing this development,” Riksbank Governor Stefan Ingves told Bloomberg. “Overall, I think we are facing structural changes in areas that have previously been stable. This is a development which will affect all the Riksbank’s departments and we will need to make strategic decisions regarding the way forward.”
There are also other groups of Swedes who aren’t exactly thrilled about the country heading towards complete cashlessness - the older folks and the low-income who aren’t as technologically savvy as others. 
When businesses, such as retailers, do not take cash, these groups of people will have difficulty doing simple things like purchasing daily necessities.
Another concern the central bank has is the lack of physical currency during times of crisis, such as war or when a shut-down of the financial system happens. 
“It should be obvious that Sweden’s preparedness would be weakened if, in a serious crisis or war, we had not decided in advance how households and companies would pay for fuel, supplies and other necessities,’’ Mr Ingves said.
And going cashless means you leave private sector institutions, such as banks, with complete control over all transactions, which raises questions of data privacy. 
“Most citizens would feel uncomfortable to surrender these social functions to private companies,” Mr Ingves said.
“If you have control of the servers belonging to Visa or MasterCard, you have control of Sweden,” says Christian Engström, a former member of the European Parliament for the Pirate Party and an early opponent of the cashless economy.
“In other countries there is much more awareness that you cannot trust the government all the time,’’ he said. “In Sweden it is hard to get people mobilised.”
Which brings us back to Singapore.
Singaporeans too have a high level of trust in the government, and are apparently supportive of the drive to a Smart Nation, which the cashless society would be a part of. And like the Swedes, they also have a high level of comfort in things electronic. The Internet penetration and ownership rates of electronic devices in Singapore are among the highest in the world. 
But given the growing unease in Sweden about how its cashless ambitions are turning out, perhaps Singaporeans too should start asking questions about their own way forward towards this cashless society.
Remember, we can’t delink making financial transactions from the Internet if something goes wrong, unlike what Singhealth did to contain the damage from the attacks. 
In a cashless environment, the Internet is an integral part of the system. And it is also via the Internet that hackers enter via weaknesses in the system to steal your personal property.
Perhaps in recognition of the (potential) vulnerabilities of the financial systems, the Monetary Authority of Singapore (MAS) on Tuesday, 24 July, instructed all financial institutions to tighten their customer verification processes.
It also directed them to conduct a "risk assessment of the impact of the SingHealth incident on their existing control measures for financial services offered to customers, including transaction and inquiry functions.’’
"MAS will work closely with the financial institutions to ensure that robust cyber defences are in place so that customers can carry out online financial transactions with confidence," its chief of cyber security said.
While these measures are obviously necessary and good, they do not and cannot provide a 100% security for your personal information.
Indeed, the Chief Executive of the Cyber Security Agency of Singapore (CSA), David Koh, warned three years ago that such a guarantee cannot be made, and that a major cyberattack was a given. The intrusion into the Singhealth database is the biggest such incident in Singapore - and it won’t be the last. Now that Singhealth has proved to be vulnerable, other systems will be targeted by hackers, and other nation-states. 
All this makes questions about a cashless society even more pertinent and important, and whether Singapore’s march towards a Smart Nation should be reviewed thoroughly.

Enjoyed the article? Share it with others.


Joomla! Open Graph tags