Why no two factor authentication for advance tax payments in India?

I made an advance tax payment online today and it struck me that the bank never asks for two factor authentication for advance tax payments. It seems scandalous to me that payments of several hundreds of thousands of rupees are allowed without two factor authentication at a time when the online taxi companies are not allowed to bypass two factor authentication for payments of a few hundred rupees.

I can think of a couple of arguments why advance tax is different, but none are convincing:

• The advance tax will be refunded if it is excessive. This argument fails because the refund could take a year if one is talking about the first instalment of advance tax. Moreover, the taxi companies will also promise to make a refund (and much faster than a year).
• The hacker would gain nothing financially out of making an advance tax payment. This argument forgets the fact that a lot of hacking is of the “denial of service” kind. A businessman could hire a hacker to drain money out of his rival’s bank account and prevent the rival from bidding in an auction. That would give a clear financial benefit from hacking.

The point is that the rule of law demands that the same requirements apply to one and all. The “King can do no wrong” argument is inconsistent with the rule of law in a modern democracy. I believe that all payments above some threshold should require two factor authentication.

Posted at 4:41 pm IST on Mon, 8 Dec 2014         permanent link

Categories: taxation, technology

Comments