People highlight genuine issues and are met with silence or blanket denials.
Someone shares a stupid video that goes viral on social media and they respond with a whole page of counter bullshit.
Hey @NPCI_NPCI if this is how your encryption/decryption system works, you are a bunch of incompetent morons.
Banks "lock" data with a "private" key and NPCI decrypts it with corresponding "public" key that only NPCI possesses! #DigitalIndia
WTF is "Hexadecimal Private Key"?
@NPCI_NPCI This statement from NPCI actually says a LOT more in what they left unsaid than the 6 points of bullshit that they hastily put together to put out a statement.
@NPCI_NPCI "built on a 4 party model" in which the owner of the FASTag who is paying money is not considered a party.
It's similar to horse racing, where the jockeys, horse owners, race organisers, bookies and gamblers all make money but horses don't.
@NPCI_NPCI "Several layers of security protocols" but not one word about the security features in the FASTag stickers that have been forced on almost all cars in India.
Because there isn't any?
All security protocols exist to only protect the interests of the 4 parties in the "ecosystem"?
@NPCI_NPCI Text: "an Individual cannot receive money... from fraudulent transactions"
Subtext: Only non-individuals can profit from fraudulent transactions,
(Including secret 5th party "System Integrators")
Remember how @airtelindia siphoned away 100s of crores of lakhs of victims?
@NPCI_NPCI @airtelindia From this Dec 2020, @FinancialXpress report...
According to WheelsEye Technology, one of the largest FASTag providers in India 3% of daily FASTag transactions are "faulty".
financialexpress.com/auto/industry/…
For a mango person using FASTag, both "fraudulent" and "faulty" txns aren't very different both force them to load more money.
Leading to more money parked with the "Issuer banks"! (1 of 4 parties secured by the "ecosystem")
For the first 5+ years of FASTag operation, the 3% "faulty" transactions were locked up for 30 days.
Effectively month long interest free credit.
And even after 5 years @NPCI_NPCI couldn't fix their system to eliminate these "faulty" transactions.
@NPCI_NPCI Since the FASTag system is defective by design and therefore unfixable, the "solution" to "faulty txns" is... Artificial Intelligence!
"The new AI-enabled FASTag management system will now auto-detect wrong transactions and generate refunds within 3-7 days."
@NPCI_NPCI Refunds going down from 30 days to 3-7 days may seem like an improvement, but remember from early 2021, FASTags became mandatory.
The "3% faulty txns" is now worth a lot more and <1 week of interest free credit to the "4 parties" is still worth many crores of rupees and growing.
Back to Captain Subtext and Point #2
At face value is near perfect. IP Firewall + Application Firewall+Hardware Security Module = 💯
Except.. toll plazas are in the middle of nowhere and need to be online 24x7 to make money, they aren't going to tie up with just one ISP/telco.
They'll need spare hardware ready to use in case of hardware failure.
Even if they don't, varying number of toll gates operational at different points of the day.
So at any point there are additional whitelisted IPs and Hardware Security Tokens lying around unused.
Point #3 is the only sensible part of the whole letter but it is a lot of jargon to impress people about what is the absolute bare minimum for any kind of private bank integration.
Point #5 is a free standing statement that doesn't tell us why that is a good thing or even what it is mapped to.
(Is Toll Plaza the entire structure or is each lane considered to be a "Toll Plaza"?)
This is NPCI telling the world that they are collecting and storing location information and can track vehicles on highways and even within cities via FASTag for Parking.
npci.org.in/what-we-do/net…
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.