Post demonetisation, payment apps are turning to ethical hackers. Here’s why

When it comes to hacking, most of us think about a geek sitting infront of a super cool laptop and he can steal a lot of money from banks. It’s not entirely our fault that we think of it like that but we have grown up watching movies and this is what happens in them. Apart from such hackers there are hackers which are good people and go for ethical hacking or white caller hacking and recently, there demand has increased exponentially in India.

White hat hackers, or ethical hackers, who scope out and report bugs in software are in high demand globally. Tech giants spends a hefty amount on bug-bounty programmes every year rewarding lone-wolf white hat hackers for finding weaknesses in their applications. Companies also specifically hire these hackers to probe their apps and websites.

The trend has hit India too and Shashank Kumar, a second-year engineering student, has been swamped this winter break. As a freelance white hat hacker, he has been spending most of his vacation scanning payment applications and ecommerce websites for security vulnerabilities.

"Indian companies have now woken up to cybersecurity," 22-year-old Kumar, who has been approached by several Indian firms post the government's recent demonetisation decision and embrace of cashless transactions, told ET.

Kumar, who has signed nondisclosure agreements with these companies, says he has earned about Rs 1.2 lakh in the past two months alone. The spike in online transactions since November has put digital payment companies under severe scrutiny, with users and experts questioning their readiness against sophisticated cyberattacks. And what better approach to safeguard systems than to put them under attack by the good guys?

Another white hacker, Prakhar Prasad, is a student of computer application. During the past two months, he has been busy on assignments for big payment companies trying to worm his way into their payment gateways to find leaks. Prasad gets paid by the severity of the bug he discovers. A few companies also pay him on a monthly contract, in the range of $500 to $600 a month.Overall, he's made up to Rs 4 lakh since November.

Prasad, now 22, has been participating in bug-bounty programmes since he was 16. But this is the first time he is working for Indian companies.

"Security is a new concept for Indian companies," Prasad, who has found bugs for Google, Facebook, Twitter and PayPal, among others, told ET.

Indian online payment companies have been announcing various measures, including hiring ethical hackers, to beef up security against online frauds and attacks.

Globally, security platforms such as HackerOne also facilitate bug-bounty programmes, connecting white hat hackers with companies.

In India, however, white hat hackers are discovered by virtue of their online profiles, says Anand Prakash, bug-bounty hunter who got famous for finding a vulnerability in Facebook and earning $15,000 for it.

"In most cases, it is the chief technology officer or director of a company who emails you asking if you'd be interested in an assignment," Prakash, 24, who has taken up three assignments in the past two months, told ET