Tech­nol­ogy roadmap for se­cure dig­i­tal econ­omy

Governance Now - - CONFERENCE REPORT -

MA khan, MD & ceo, idbi in­tech ltd

In or­der to grow in the evolv­ing dig­i­tal world, banks have to be fully dig­i­tal. This means more than just pay­ing lip-ser­vice in the form of In­ter­net bank­ing and mo­bile bank­ing. It means em­brac­ing dig­i­tal think­ing, en­abling scal­a­bil­ity, en­hanc­ing cus­tomer an­a­lyt­ics and de­liv­er­ing ser­vices di­rectly to cus­tomers at a time and place that suits them.

Dig­i­tal trans­for­ma­tion driven by ar­ti­fi­cial in­tel­li­gence and cloud com­put­ing have the po­ten­tial to trans­form both front of­fice and back of­fice op­er­a­tions and pro­vide the re­quired agility and elas­tic­ity to meet the grow­ing cus­tomer ex­pec­ta­tions.

Butchi Babu Burra, Ad­viser it, Bank of in­dia

Why are we con­fus­ing cus­tomers with lots of prod­ucts (mul­ti­ple wal­lets, cards, BHIM, etc.) for a trans­ac­tion rather than mak­ing it easy? Do I need an in­stru­ment to trans­act or can I trans­act any­where? Whether the digi­ti­sa­tion is to in­clude the peo­ple or to make my trans­ac­tion cheaper. Among all the kind of apps which are float­ing, prob­a­bly the best idea (in the re­cent past) is UPI, where you down­load the app and start trans­act­ing.

CA Jayant Gokhale, Chair­man, Au­dit Com­mit­tee, Syn­di­cate Bank

About dig­i­tal se­cu­rity, my ob­ser­va­tions are that the fo­cus of tech­ni­cal peo­ple tends to be more on sys­tems. I look at it with a slightly dif­fer­ent per­spec­tive as ul­ti­mately the proof of the pud­ding is in the eat­ing. I don’t care what sys­tem is run­ning in the back­ground. What I am con­cerned about is the out­put and its cost ef­fec­tive­ness. I have got two red flags to high­light; one is we all are fo­cus­ing on NPA. As I see loom­ing on the hori­zon the next threat be­fore NPA dies down is the fraud threat, and I think it is ac­cen­tu­ated by the fact that dig­i­tal pro­vides the anonymity, which en­ables crime. There­fore, one fac­tor that I flagged as the emerg­ing threat in the bank­ing in­dus­try is a risk of frauds. The se­cond is unique to In­dian bank­ing partly be­cause we had a large back­ground of pub­lic sec­tor banks, which are more reg­u­lated by check­list and are more com­pli­ance ori­ented rather than re­sult ori­ented.

Subrata Gupta, Chief Gen­eral Man­ager - Fi & Bank­ing Tech­nol­ogy, NABARD

In­for­ma­tion se­cu­rity is the area where it has to be preached that faster the in­for­ma­tion trav­els within the or­gan­i­sa­tion, faster we can take se­cu­rity mea­sures. Another prob­lem area that needs to be ad­dressed es­pe­cially from the se­cu­rity point of view is the out­sourc­ing of the busi­ness. Many busi­ness items are out­sourced, and lots of prob­lems can come from that side. I am of the firm opin­ion that there has to be some reg­u­la­tory sand­box for test­ing tech­nol­ogy. There are mul­ti­ple tech­nolo­gies com­ing in the field, which one should I take, which one I shouldn’t. How do I test and who tests it? How in­de­pen­dent is that?

TV Ra­man­murthy, Gen­eral Man­ager-IT, Bank of Ma­ha­rash­tra

More than se­cu­rity, our con­cern is frauds. Our bank has a lot of mid­dle class and lower mid­dle class cus­tomers through­out Ma­ha­rash­tra and else­where. The most com­mon form of fraud is phish­ing where th­ese peo­ple call and ask for

pass­word and the cus­tomer is ready to share the debit card num­ber and other de­tails. This is go­ing to be one of the big­gest chal­lenges. Every day there are a cou­ple of queries ask­ing when will I get my lost money. Thanks to RBI, now they have come up with a pol­icy that the cus­tomer li­a­bil­ity is lim­ited in the case of an unau­tho­rised trans­ac­tion. Now, forgery in the trans­ac­tion will not di­rectly af­fect the cus­tomer, and it adds over digi­ti­sa­tion and fi­nan­cial in­clu­sion. Apart from that, dig­i­tal trans­ac­tions are cheaper. When a cus­tomer walks into a bank, then the cost of trans­ac­tion for the bank comes out to be ₹54 whereas in case of dig­i­tal trans­ac­tion, it costs ₹3-4. We can use the par­tic­u­lar fund – amount saved by adopt­ing dig­i­tal tech­nol­ogy – in cre­at­ing dig­i­tal ed­u­ca­tion fund. With this fund, we can ed­u­cate gullible cus­tomers, par­tic­u­larly the Jan Dhan ac­count hold­ers to adopt the dig­i­tal tech­nol­ogy with all se­cu­rity and con­fi­dence.

Ashutosh Jain, chief in­for­ma­tion se­cu­rity of­fi­cer, Axis Bank

Mo­bile bank­ing ser­vices are pro­vided by ei­ther banks or var­i­ous other ecosys­tems be­hind the bank to the cus­tomers. So, the ser­vices the bank pro­vides are safe and se­cure to that ex­tent, and not mis­used from the end point per­spec­tive. Then there are re­spon­si­bil­i­ties like the users have to en­sure safety and se­cu­rity of end points. For ex­am­ple, ev­ery­body knows about routed de­vices, an­ti­quated de­vices and lots of ma­li­cious ap­pli­ca­tions not to be used on the same mo­bile, which is used for mo­bile bank­ing. Th­ese ba­sic pre­cau­tions from cus­tomers are re­quired so that it be­comes a shared re­spon­si­bil­ity. Glob­ally, two years back, there were 2 bil­lion users hav­ing dig­i­tal iden­tity across the world out of to­tal ap­prox 6 bil­lion global pop­u­la­tion. Now that 2 bil­lion has sud­denly swelled to 4 bil­lion dig­i­tal iden­ti­ties across the world, which means 2 bil­lion peo­ple have sud­denly come into the ecosys­tem which is a huge num­ber. It is ac­tu­ally 100 per­cent jump in last two years. Nat­u­rally th­ese peo­ple are not the part of the ear­lier ecosys­tem and not savvy as the first 2 bil­lion peo­ple. Th­ese peo­ple are def­i­nitely sus­cep­ti­ble to all kinds of risks such as phish­ing and all kind of dig­i­tal crimes. They prob­a­bly are not aware and cau­tious of all the re­spon­si­bil­i­ties that they have to dis­charge. So it is the com­mon re­spon­si­bil­ity among all the in­sti­tu­tions, ir­re­spec­tive of what they are, to ed­u­cate th­ese peo­ple. So, you have to main­tain the same rigor to ed­u­cate them and en­sure that they are do­ing the right things while get­ting them on board.

rajendra Bhalerao, chief in­for­ma­tion se­cu­rity of­fi­cer, npci

Apps have to be cost ef­fec­tive, but the se­cu­rity as­sess­ment can­not be com­pro­mised. Usu­ally, peo­ple tend to go for open source, but they need to un­der­stand there are lots of vul­ner­a­bil­i­ties as­so­ci­ated with that as well. From the cy­ber se­cu­rity per­spec­tive, if we look at the apps we have de­vel­oped like BHIM, UPI, we en­sure that we have nec­es­sary con­trols in place, we have con­trol over Google app store i.e. on which it is get­ting up­loaded. We have in­formed the banks par­tic­u­larly about the phish­ing and rogue apps. Quite of­ten we have in­ter­ac­tions with CERT-IN. They have come and con­ducted au­dit with us too. We are as­so­ci­ated with CERT-FIN, which tack­les anti-fraud (email re­lated). One most im­por­tant point about cy­ber se­cu­rity is the threat vec­tors are in­creas­ing day-by-day. There are dif­fer­ent threat vec­tors, which gives us sleep­less nights. So nec­es­sary skills to ad­dress th­ese threats be­comes a big chal­lenge for ev­ery­one. An­a­lyt­ics will play a key role.

na­bankur sen, chief in­for­ma­tion se­cu­rity of­fi­cer, Band­han Bank

We started with the cus­tomer base of about 50 lakh in mi­cro­fi­nance, in­clud­ing ru­ral ar­eas and the poor. It has in­creased to 70 lakh now. The chal­lenge con­cern­ing the dig­i­tal econ­omy is ed­u­cat­ing th­ese cus­tomers. Se­cur­ing the dig­i­tal econ­omy is about cre­at­ing aware­ness on how they are duped. Some peo­ple are al­ways on the prowl for phish­ing at­tack. It is very dif­fi­cult to teach ru­ral and poor peo­ple that they are be­ing de­ceived. We are try­ing to find out the so­lu­tion and the one so­lu­tion we are think­ing is that we must an­a­lyse the cus­tomer and then give the prod­uct. We should do the cus­tomer pro­fil­ing and un­der­stand which prod­ucts they need. So the dig­i­tal prod­uct which we cir­cu­late or place in the en­tire chan­nel, we must an­a­lyse the need be­fore­hand. There is a term in in­for­ma­tion se­cu­rity “Deny all, al­low re­stricted”. The other thing is the dig­i­tal prod­ucts are com­ing; the se­cu­rity of prod­ucts lies in the se­cu­rity of the process. The process in­cludes get­ting the cus­tomer on board, is­su­ing the ATM card, file gen­er­a­tion, and file move­ment in the or­gan­i­sa­tion. This en­tire process should be looked into by the se­cu­rity staff. They should test and then cer­tify. The

process of cer­ti­fi­ca­tion is very im­por­tant. We have seen many in­stances of fraud in the re­cent past, which hap­pened due to some faults in the process. Another thing is that the an­a­lyt­ics should be done very ju­di­ciously, and also the on­line prod­ucts should be com­pre­hen­sive and manda­to­rily cer­ti­fied by an ex­ter­nal body.

raghava rachuri, chief in­for­ma­tion se­cu­rity of­fi­cer, sidbi

In to­day’s world of busi­ness trans­for­ma­tion, you can’t move data in si­los. You need to in­te­grate and un­leash the 3D’s of data – di­verse, dis­trib­uted and dy­namic data. You have to in­te­grate them across not only on an en­ter­prise level but also on the cloud. Now data-cen­tric busi­nesses are the or­der of the day, and we have to tear down the bar­ri­ers i.e. dig­i­tal bar­ri­ers, the busi­ness bar­ri­ers and unify the data. But se­cu­rity is the chal­lenge. Ear­lier, se­cu­rity was al­ways an af­ter thought, and most of the times the busi­ness head will an­nounce the re­lease date and say se­cu­rity will be dis­cussed later. But now that has changed. Now, the busi­ness head will send the re­port first and ask for clear­ance be­fore launch­ing the soft­ware, that is the key change. We also face key chal­lenges in get­ting qual­ity data and get­ting it in dy­namic and cur­rent form. We re­quire strong stan­dards which are vi­tal for the growth of the dig­i­tal econ­omy. But then who will de­cide th­ese stan­dards, whether busi­ness and con­sumers or tech­nol­ogy com­pa­nies through the stan­dard bod­ies or gov­ern­ment. So th­ese are the key ques­tions that need to be ad­dressed. We have to have a good bal­ance be­tween the stan­dards and also the flex­i­bil­ity re­gard­ing in­no­va­tion and de­vel­op­ment. One of the chal­lenges we face in the SME sec­tor is how do we adopt dig­i­tal econ­omy and dig­i­tal pay­ment in SME sec­tor. Many of you have heard about Fin­tech com­pa­nies. They are bring­ing a lot of new in­no­va­tive prod­ucts which by just fill­ing the few pages of data on­line, they col­lect the data in a non-in­tru­sive way. Every time th­ese peo­ple, when they do an on­line trans­ac­tion, or they browse, they leave dig­i­tal foot­prints. So, we can use strong an­a­lyt­i­cal tools to find out what are the busi­ness and non-busi­ness trans­ac­tions that they are do­ing and we can find out whether the fi­nance is be­ing used for busi­ness pur­pose. The same thing is done by Fin­tech com­pa­nies to find out the cus­tomers’ needs, and they can give work­ing cap­i­tal on­line within days. There is hu­mon­gous amount of data. You re­quire right kind of skill sets and tech­nol­ogy. We re­quire the PPT - peo­ple, process and tech­nol­ogy. Even though tech­nol­ogy is an en­abler and also gives the plat­form, it is the process and peo­ple with right skill sets, which will sus­tain and re­alise the trans­for­ma­tion.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.