New Delhi: Services pertaining to Aadhaar-seeding with PF accounts done by Common Service Centre (CSC) have been suspended “pending vulnerability checks”, Employees Provident Fund Organisation (EPFO) said on Wednesday but maintained that there was no data leakage.
The statement from the retirement fund body came amid reports of a letter purportedly written by EPFO Central Provident Fund Commissioner VP Joy to CSC’s CEO, Dinesh Tyagi on March 23 flagging the data theft issue.
While announcing the suspension of CSC services, the EPFO said, “Warnings regarding vulnerabilities in data or software is a routine administrative process based on which the services which were rendered through the CSC have been discontinued from March 22, 2018.”
The EPFO said there is nothing to be concerned about and that all necessary measures are being taken to ensure that no data leakage takes place.
“No confirmed data leakage has been established or observed so far. As part of the data security and protection, the EPFO has taken advance action by closing the server and host service through the CSC pending vulnerability checks,” it said in a statement. The retirement fund body’s statement came after reports had suggested theft of data of subscribers by hackers from ‘aadhaar.epfoservices.com’, a website operated by the CSC that comes under the Ministry of Electronics and IT. The issue of data theft was purportedly raised by Joy in his letter dated March 23.
“… it has been intimated that the data has been stolen by hackers by exploiting the vulnerabilities prevailing in the website (aadhaar.epfoservices.com) of EPFO…,” the purported letter had said.
The retirement fund body has been seeding Aadhaar with Universal Account (PF) numbers of its subscribers to improve delivery of services. It has planned to go paperless by August 2018 and then all its services would be provided online. Separately, Aadhaar-issuing body, Unique Identification Authority of India (UIDAI) clarified that there is no data compromise from its servers, and asserted that the Aadhaar database “remains safe and secure”.
Asked about EPFO’s chief’s letter to CSC CEO, a top IT ministry official said that since vulnerability has been flagged, the ministry would take action to plug the gaps in case they exist.
“We will have it looked at. A vulnerability has been pointed out, and so we will (undertake) the exercise to plug the vulnerability, if it is there,” said the official who did not wish to be named.
When contacted by news agency PTI, CSC CEO Dinesh Tyagi emphasised that while the said application had been designed by the CSC, it is now hosted on EPFO data centres and servers.
“It is now fully under EPFO’s control… the (web) application has also been security audited by an empanelled auditor. But since the vulnerability has been pointed out, we are getting it audited by another auditor, and will send the report to the EPFO,” Tyagi said.
The report of the data leak and alleged data vulnerability comes at a time when a Constitutional bench of the Supreme Court is hearing a clutch of petitions challenging the Aadhaar Act and the use of biometric identifier in various government and non-government services.
CBDT identifies 20.4 million non-filers, asks I-T dept to take action
New Delhi :The Central Board of Direct Taxes (CBDT) has directed the Income-Tax Department to initiate penalty proceedings by June 30 against non-filers and ‘drop filers’ of tax returns.
According to the non-filer monitoring system (NMS) of the I-T department, data for 20.4 million non-filers has been obtained between 2013 and 2017, of which 2.5 million are those who are inconsistent — popularly known as ‘dropped filers’.
“We are issuing notices in all the non-filer/dropped filer cases across the country, and proceedings shall be initiated accordingly in the relevant cases,” said an assessing officer.
Typically, the penalty for non-filing is pursued under Section 271F of the Income Tax Act, and that for late filing under Section 234. If an assessee files returns after the due date of August 31 but before December 31, it will attract a penalty of Rs 5,000. For those who file returns after December 31, the penalty rises to Rs 10,000. However, there is an exemption for small taxpayers — if the total income does not exceed Rs 5 lakh per annum, the maximum penalty will be Rs 1,000.
The tax department has initiated action based on the NMS database, which has identified such non-filers and dropped filers. The said data has been shared with assessing officers. This information may be acted upon as efficiently as possible to widen the tax base, said the officer cited above.
chart The NMS data shows a sharp increase in non-filers since 2013. In 2014, the number of non-filers was 1.22 million, which surged to 6.75 million in 2015.
The number of dropped filers in FY18 stood at 2.52 million, down from 2.83 million in FY17.
“If the existing database is acted upon, coupled with optimum tax administration, and if legislative impetus — such as periodical review of provisions related to exemption, deductions, tax incentives, tax collection from the third parties, and taxing new areas such as digital economy — is provided, there will be considerable increase in the tax base,” said a senior tax official.
An assessing officer can initiate proceedings for prosecution from three months to two years, along with a fine. The period could be extended if the taxable income exceeds Rs 25 lakh.
RBI releases draft framework for regulatory sandbox to help fintech space
Mumbai :The Reserve Bank of India (RBI) released a draft ‘Enabling Framework for Regulatory Sandbox’ in order to support the country’s rapidly growing fintech space.
The sandbox will begin the testing process with 10-12 selected entities focusing on financial inclusion, payments and lending, digital KYC, etc. The cohorts (end-to-end sandbox process) may run for varying time periods, but should ordinarily be completed within six months, said the RBI.
A regulatory sandbox usually refers to live testing of new products or services in a controlled/test regulatory environment for which regulators may (or may not) permit certain regulatory relaxations for the limited purpose of the testing.
The regulatory sandbox would be within a well-defined space and duration where the RBI will provide the requisite regulatory guidance, so as to increase efficiency, manage risks, and create new opportunities for consumers.
The draft guidelines highlight the clear principles and role of the proposed regulatory sandbox, its pros and cons, the reasons for setting up the regulatory sandbox and expectations of the RBI from the sandbox. The central bank has invited comments on the draft guidelines from stakeholders by May 8.
The draft framework was released on the recommendation of an inter-regulatory working group set up by the RBI in July 2016 to review the regulatory framework and respond to the dynamics of the rapidly evolving fintech scenario.
The target applicants for entry to the regulatory sandbox are fintech firms which meet the eligibility conditions prescribed for start-ups by the government. The entity also needs to have a minimum net worth of ~50 lakh, according to its latest audited balance sheet.
The RBI said that it shall bear no liability arising from the regulatory sandbox process and any liability arising from the experiment will be borne by the applicant as a sandbox entity.
The focus of the regulatory sandbox will be to encourage innovations where there is absence of governing regulations or a need to temporarily ease regulations for enabling the proposed innovation or the proposed innovation shows promise of easing/effecting delivery of financial services in a significant way.
The applicants should highlight how it would address an existing gap in the financial system through its product/service and demonstrate that there is a relevant regulatory barrier in its deployment.
The guidelines listed out the various entities that can apply for the sandbox process as well as the ones that won’t be eligible for the sandbox.
Mallya asks SBI to disclose ‘legal fees’ spent to recover funds
New Delhi: Fugitive businessman Vijay Mallya on Friday urged Indian media to file an RTI against the State Bank of India (SBI) to ascertain how much money it has spent on the legal fees of the lawyers while recovering money from him in the United Kingdom.
“Whilst media love sensational headlines, why doesn’t anybody ask the PSU State Bank of India under RTI on how much they are spending on legal fees trying to recover money from me in the United Kingdom (UK) when I have offered 100 per cent payback in India,” Mallya tweeted.
To further substantiate his point, he said: “Assets belonging to me in the UK were sold and the costs of sale were almost 50 per cent of value. The remaining assets yet to be sold won’t cover legal costs. So what’s this all about? To enrich UK Lawyers?”
He also demanded an answer from the public sector bank on the same lines.
Mallya also accused the SBI Lawyers representing SBI in the UK of “making presentations on their accomplishments against him” at the “cost of Indian taxpayers’ money.”
Mallya is facing trial for alleged fraud and money laundering amounting to Rs 9,000 crore.
On April 8, a United Kingdom court had denied permission to the liquor baron to appeal against his extradition order to India to face trial for alleged fraud and money laundering amounting to Rs 9,000 crore.