Notwithstanding the recent headwinds from Covid-19, India’s largely consistent economic growth for more than a decade has precipitated an unprecedented expansion of financial services in the country. With rising disposable incomes, more and more Indians are accessing banking, insurance and mutual funds, among others.
The advent and penetration of the internet has further simplified these daily financial tasks. However, in an era of inter-connected world of devices with cyber technology at its core, lack of awareness as well as the prevalence of ill-designed or inadequate security systems is always a challenge.
With 160 crore bank account holders, 32.8 crore life insurance and 47.2 crore health insurance policyholders, 2.78 crore registered investors with stock exchanges and 9.26 crore mutual fund accounts, India has a mammoth financial sector.
The sheer scale generating gigantic volumes of data on a continuous basis renders the sector vulnerable to frauds. As such, a large scale cyber security enlightenment drive is the need of the hour.
Global cybersecurity spending to rise to 2.5-5.6 pc in 2020: Canalys
Recent data breaches illustrate the risks
Although banks are considered as one of the world's most secure and sophisticated enterprises, banks are becoming a popular target for new-age hackers. Only last year, the RBI had to direct the banks to secure their customer data after reports of 1.3 million credit and debit card data of Indians found to be on sale on the dark net came out.
In another instance back in 2016, 32 lakh debit cards had to be recalled by several banks including State-run SBI on account of data breach. According to the latest RBI report, card and internet frauds, more than doubled to Rs 195 crore in 2019-20 from the previous year. Then last year, Aegon had to investigate a data breach involving 10,000 customers. Then this year, Religare is reported to have faced data leakage of 5 million customers and employees.
The modus operandi of a hacker
In recent times, unscrupulous hackers have evolved ingenious ways using unique and complex arrays of cyber-attacks to get past the ordinary security systems. The hackers are attempting to get hold of sensitive financial information of individuals, either from banking servers or an individual’s personal devices.
Infiltration of smartphonesOne of the ways of extracting a person’s financial information is by infiltrating his smartphone with malicious applications. When a user wishes to use an app requiring access credentials, a data-theft overlay mimicking the desired app user interface gets displayed tricking the user to think that he is clicking on the genuine app.
The unsuspecting user goes on to record the details of his access credentials which now get transferred to the hacker who now also has the app under his control.
Deploying banking Trojans
Going a step further, hackers also embed these fake applications with banking Trojans, such as bank bots’ cabarets pink slips intending to attack banks and stock brokerage firms with an eye on making hacking operations easier. These malware lock users using an Active Directory attack further bolting it up with many login attempts. These bots and Trojans are focused on stealing money from the bank accounts.
PhishingPhishing is another type of attack which involves the hacker sending an email to the victim claiming to be a trusted sender (like a bank or online shop), or by way of setting up fake websites claiming to be genuine.
A banking Trojan is attached to this email. Once the victim downloads it and opens it, the Trojan activates and steals information.
Retargeting real information from dark web using fake pages
Another method entails hackers first buying real account information in bulk quantities from the dark web and then retargeting those accounts using phishing emails. In such a phishing email, disguised hackers request victim to follow some simple procedures on a web page, which has been deliberately set up by hackers for stealing login information and other important credentials.
Hackers also employ what is known as macro malware which is developed using programs like VB Script programming language used for MS-Word and MS-Excel. Legitimate-looking files are usually sent via phishing email which comprises of malware-infected attachments such as CV by job seekers and cover letter reports in the form of MS Word files.
Even as several advanced antivirus programs claim to detect macro viruses, hackers are trying to stay ahead of the game. Now, malware can comfortably hide within a system for a long time that gives hackers ample time to infect the system of users.
5 Indian cybersecurity startups that offer high-quality security solutions
What is the way out?
First, financial institutions must identify micro malware during the initial phase itself with a view to pre-emptively block it. And for individuals, to protect your information and make India’s financial sector secure, some tips are as follows: never open or download any attachments on your device without knowing the context, Invest in a genuine and licensed antivirus software on all your devices, never click suspicious links within an email that claims to contain genuine intimation and abstain from sharing your personal details on social media.
Therefore, in order to mitigate financial risks and to rule out any breach, concerted steps are needed at both macro and micro levels. Banks and financial institutions must invest strategically towards improving cyber security with a view to protect customers as well secure the larger financial architecture of the country. More importantly, ordinary users need to be made aware of these risks.
(Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of YourStory.)
India’s most prolific entrepreneurship conference TechSparks is back! With it comes an opportunity for early-stage startups to scale and succeed. Apply for Tech30 and get a chance to get funding of up to Rs 50 lakh and pitch to top investors live online.
Original Source: yourstory.com
Founded in 2017, WorkApps with its enterprise-grade messaging platform for large organisations has been working towards enabling enterprises to augment their communication efforts, improve efficiency and change the way people collaborate and work together. “While we worked with enterprises, we realised the communication requirements for sectors were different and specialised and needed messaging solutions,” shares Rudrajeet Desai, Co-Founder and CEO, WorkApps.
The realisation saw the startup led by Rudrajeet Desai, Shankar Borate and Kaizad Shroff mastering workflows to make chatting as well as audio and video calling more effective for banks, NBFCs, insurers and the other players of the FinTech sector.
“Today, we are synonymous with being a video banking company. WorkApps’ video platform enables banks in the sector to migrate business processes and customer interaction to video channels,” he says.
This includes 14 key processes such as KYC, credit verification, loan and wealth advisory, customer support, online assistance during digital onboarding, video Medical Examination Report, and asset verification among others.
As the WorkApps’ video banking solution gained momentum, one use case in particular, began gaining increased traction – the VideoKYC. Further impetus came in the form of an RBI amendment to the KYC norms in January 2020 that allowed banking and other lending institutions regulated by it to use Video-based Customer Identification Process to onboard customers remotely. And, with the onset of the COVID-19 pandemic in India, the nationwide lockdown thereafter, and the need for minimising physical interaction saw the video KYC solution gaining increasing significance so much that VideoKYC has been rolled out as a product in itself within the larger gamut of the WorkApps’ video banking solution.
Watch the video to see how VideoKYC makes it easy for banks, NBFCs, payment banks, small finance banks, wallets, fintech to onboard customers remotely seamlessly
How MapmyIndia built much needed map-based COVID solutions and mapping & location APIs leveraging AWS Cloud
Building on AWS
While the environmental factors provided the nudge for accelerated adoption, the key growth drivers for VideoKYC have been its depth of features, smooth user journey, security and data ownership. And AWS has played a key role in enabling this. “VideoKYC’s development, staging, testing and production setups are hosted on AWS enabling a product company like us to focus only on core product and feature development. It helped us reduce the effort required to deploy and manage development infrastructure by almost 80 percent,” says Rudrajeet.
This has translated into a faster time-to-market. “What would otherwise take three months gets done in three weeks when you are leveraging AWS services.” Pointing to the face match with documents feature on VideoKYC, Rudrajeet says it would have been extremely challenging for a small startup like WorkApps to create a face comparison feature on its own from scratch. On AWS, it’s literally like a takeaway. You can integrate a face comparison feature by leveraging Amazon Rekognition in just about three hours.”
In addition to Amazon Rekognition, VideoKYC uses a range of services like AWS Elastic Load Balancer, Amazon Relational Database Service (RDS) for MySQL, Amazon ElastiCache for Redis, Amazon Elasticsearch Service, AWS Lambda, Amazon CloudWatch, and Amazon Simple Email Service, among others.
“The Video KYC platform runs on different traffic such as https, web sockets for web and TCP (Transmission Control Protocol)/UDP (User Datagram Protocol) for audio/video traffic. The different load balancer options such as Application Load Balancer (ALB) for https and Network Load Balancer (NLB) for TCP and UDP available on AWS Elastic Load Balancer addresses our different needs. The inherent capabilities of these load balancers to scale for different loads solve our scalability concerns,” explains Shankar, the CTO and Co-founder. And, given that different banks have different capacity needs, which also vary at different times during a day, Amazon EC2 helps to scale up and down the infrastructure, providing cost savings in addition to flexibility. VideoKYC also leverages Amazon Simple Email Service to send notifications to email and uses AWS Lambda to call their messaging service to integrate alerts to its chat platform. “This way we can see all the alerts in e-mail as well as in the chat application,” says Shankar.
The AWS advantage
The breadth of AWS services, its ability to facilitate scale, and the quick turnaround time to setup infrastructure were critical aspects that led VideoKYC to choose AWS. But another but equally critical reason to choose AWS was its strong security framework.
“AWS provides many native security features, which are required when you operate in the Banking and Financial Services space. And, KYC in particular is a highly regulated subject in India because you are owning very critical information such as bank account details, Aadhar card details, among others,” says Shankar.
AWS provides different security control such as Virtual Private Network (VPC),Security Groups, and Identity and Access Management (IAM) roles to control the accesses of infrastructure along with secure connections using Virtual Private Network (VPN) and Secure Shell (SSH), Shankar explains.
While VideoKYC offers a number of deployment options – from a complete SaaS model hosted on AWS (Mumbai Region) to Hybrid SaaS model to private cloud or even traditional on-premise model, most of its clients are on AWS. “So this makes deploying and managing our platform on their AWS infrastructure extremely simple, reducing the time-to-market and the cost of management and support.”
A pioneering effort
Today, VideoKYC powers over a million transactions for India’s top banks, which includes Kotak Bank, Axis Bank, IndusInd Bank, ICICI Bank, Paytm Payments Bank, RBL Bank, and Yes Bank. In addition to that, other BFSI players like HDFC Life, Aditya Birla Capital, Max Life Insurance, Tata Capital, Muthoot Capital also use various other services of WorkApps. Rudrajeet says that VideoKYC has been a pioneer in the space. “We were the first to launch the solution with Kotak 811, and today we are also the largest deployed solution in the BFSI sector.”
The on-ground impact speaks for the efficiency and effectiveness of VideoKYC.
“It has brought down the customer onboarding time to 15 minutes from an average of 48 hours as is the norm in a physical KYC process. Banks also save about 90 percent of the KYC cost when done on video. In addition w.r.t. the consumer convenience perspective, the impact is massive,” says the CEO. He adds, “The Video KYC platform, which is deployed on AWS by most of our customers has become the largest customer acquisition channel for banks in India.”The global opportunity
Reflecting on VideoKYC, Rudrajeet says creating a video KYC platform when there was no set precedent and then working on it to develop and nurture into a market-winning enterprise grade platform has been a journey that has catapulted the startup to growth.
“VideoKYC has today become a WorkApps’ flagship product.” The support of angel investor Sashi Reddi (SRI Capital) has also provided the startup much needed guidance on building a global product.
The founder explains that the startup’s strong understanding of the banking and NBFC sector and its dominance in the Indian market has doubled up as an advantage to further its global expansion plans. “The volume that Indian banking players handle is very large. In fact, the volumes handled by one single leading banking player in India is often equivalent to an entire country’s banking volume in some cases. In addition, when it comes to digital banking regulations, India is a forerunner in the space. So, there’s a lot to learn from India for other markets.” It has already channelised efforts in the direction by launching in Thailand in August. “We are in talks with local banking players,” reveals the Founder. Middle East and SouthEast Asia will be a key focus area for VideoKYC's global expansion in the coming months. “While the KYC regulations will be different across regions, we are looking at co-creation to win the market,” says Rudrajeet.
Industry experts say that the accelerated shift to digital will fundamentally change the way banks will scale and grow. Rudrajeet concurs and says “Video will be the future of banking and WorkApps aims to become the default video banking platform for the sector.”
Want to make your startup journey smooth? YS Education brings a comprehensive Funding Course, where you also get a chance to pitch your business plan to top investors. Click here to know more.
Original Source: yourstory.com
This is a preview of The Digital Identity And The Future Of Banking research report from Business Insider Intelligence.
Purchase this report.
Business Insider Intelligence offers even more insights like this with our brand new Banking coverage. Subscribe today to receive industry-changing banking news and analysis to your inbox.
Disruptive digital-only banks, innovative regulations, and shifting consumer demands have made today’s banking digital-first — but the benefits of digitization are being held back by identity verification challenges.
Identity verification underlies many of the core processes associated with financial services, with banks required to subject their customers to strict identity checks, both to protect those users’ finances and to meet regulatory compliance demands.
There have been a plethora of efforts aimed at streamlining identity verification online, but these attempts have largely failed to address the issue in its entirety. For example, customers are often required to create unwieldy passwords and verification details that can be difficult to keep track of to access their accounts. Not only have these efforts created new points of friction for users, but they’re also expensive for banks, with each password reset costing up to $70 according to Forrester Research estimates.See the rest of the story at Business Insider
Deutsche Bank is partnering with Google Cloud to use its cloud computing capabilitiesPaytm has agreed to acquire insurance firm Raheja QBE for $76 millionGig workers pose a huge revenue and brand image opportunity for banks
Original Source: feedproxy.google.com