Data breaches not only cost companies and our economy millions of dollars but also greatly affects consumer confidence in the Fintech ecosystem leading to users avoiding the process as a whole.
As an increasing number of financial activities go digital, the large-scale adoption of eKYC is imperative. New age fintechs with their innovative organisational structures and out of the box products have ensured financial inclusion to the remotest corner of India – from Kashmir to Kanyakumari. Nonetheless, in order to maintain ethical practices in the system and ensure that there is strict compliance with the regulatory requirements as mandated – it is important that these Fintechs also implement a sacrosanct process of preventing Know Your Customer (KYC) led data breaches.
In November 2021, the KYC arm of the Central Depository Services Limited exposed data of over 4.39 customers twice in a span of 10 days. This data including sensitive financial and personal information was open to a slew of mishaps like financial frauds, identity thefts and grave crimes like extortion and threats before the organisation could resolve the issue. While one may think this is a one off incident, reports prove otherwise.
As per Netherland based cybersecurity firm Surfshark VPN, India ranked second amongst countries worldwide in terms of maximum number of data breaches in 2022 while IBMs Cost Of a Data Breach report has quantified this to almost USD $2.32 Million. An increase of almost USD$ 2 Million since 2020.
These data breaches not only cost companies and our economy millions of dollars but also greatly affects consumer confidence in the Fintech ecosystem leading to users avoiding the process as a whole. Thus making it imperative for Fintechs to adopt online KYC measures that curb data breaches to the highest possible extent.
Solutions to prevent data breaches
Adoption of security measures in eKYC systems is a no-brainer. However, Fintechs and other financial institutions must go a step ahead and implement advanced security measures to further secure their systems and prevent them from cybercrimes and other unscrupulous activities.
Due to the convenience provided by smartphones, most financial transactions are now performed by a simple click on a mobile application. This makes it a breeding ground for potential hackers since it is very easy to break into a weak developer’s application or mobile service provider. Nonetheless, latest mobile phones also have features like a biometric scanner and facial recognition sensors. These can be used by companies to implement cyber security measures and save the organisation and KYC data from any cybersecurity attacks.
Regulatory Technology (RegTech) and Supervisory Technology (SupTech) helps financial institutions especially Fintechs maintain compliance with regulatory processes including compliances relating to data protection and security. This ensures that company management is on top of all data protection measures at all times and there is minimal room for error.
RegTech also helps identify potential risks and threats and reports them to the management. This serves as a warning bell incase of a potential attack and helps catch it in time. Most of the time before any damage has happened. Moreover, it is also very cost effective to implement and includes processes that monitor data exchange and keep a hawk’s eye on all data streams of the organisations.
Contribution of RegTech to data security and the way forward
The issue of data theft, especially data received through eKYC was a lingering problem in the Indian financial ecosystem. While security measures and regulatory mandates like the Data Protection Bill were proposed from time to time – none proved to be 100% effective in fencing the field.
RegTech however is a glistening ray of hope here. With the help of RegTech, information provided by potential fraudsters can be cross verified against existing data to check the veracity of the documents. This helps in preventing identity theft. It also helps in monitoring an applicant’s previous financial activity that can give a clear view of any fraudulent or money laundering activities conducted by them.
Lastly, this system also helps in providing advanced security features like multi factor authentication, encryption and other tools for data that is stored on cloud servers or platforms.
Having a secure online KYC data protection system is vital for a company’s growth. As mentioned above, it is not only important from a monetary perspective but it also saves the company from a slew of potential litigations that can drain resources like manpower and time. Today most businesses, especially in the financial services sector have moved online. This makes a digital onboarding process non-negotiable and so does the need to implement a system that guarantees 100% security for vulnerable customers against any attacks.
—The author,Nageen Kommu, is Founder & CEO of Digitap. The views expressed are personal.
(Edited by : C H Unnikrishnan)