With the numbers of data theft incidents increasing in India, Ramaswamy Venkatachalam, Managing Director, Banking and Payments, Fidelity Information Services told Aparajita Gupta during an interview that companies should pick proven technologies – be it open-source or commercial. He advises on selecting only the technology that has been around for some time and has established credentials in providing secure applications or systems.
As companies get to be more digital in their customer engagement as also internal operations, it is inevitable that they will be more exposed to potential cyber-attacks and data theft attempts. India is no exception to this phenomenon and the rising reportage of frauds and data thefts only confirm the situation. So while there is a real and persistent danger, companies need to look at insulating themselves from the reputation and the financial risk involved in an unfortunate breach.
There are a few key aspects that companies can keep in mind as they embrace digitisation to prevent cyber data thefts and frauds. To start with, choice of technology, companies should pick proven technologies – be it open-source or commercial, and select only the technology that has been around for some time and has established in providing secure applications or systems. The next important aspect to consider is the ongoing operations. Many companies are increasingly outsourcing large parts of their businesses, so it is about picking an outsourcing partner who has a clearly established dedicated security practice and has the controls largely focused on external threats. If on the other hand, it is internally managed, it is imperative to have a dedicated team focused on fraud prevention and information security. Lastly, the most important aspect, ongoing operations, which comes after the system is set up and the need to have the right operations team who understand the risks and continuously monitor for any incidents. It is worth highlighting that most data thefts and cyber fraud incidents reports are from actors who are internal to a set up.
In conclusion, it is also useful to look at the government initiative - CERT-IN (Computer Emergency Response Team – India) which is a body dedicated to the prevention of cyber incidents/data theft as a national priority. Participating and supporting these initiatives can also help improve a company’s understanding of its security posture and help addresses too.
India has seen amazing shifts in digitisation of payments, aided by unbelievable level of innovations in startup payment ecosystem. In fact, over the past year, penetration of digital payments is no longer limited to urban India and is increasingly being embraced by tier II, tier III and tier IV cities across the country. The increase in acceptance of digital instruments has been supported by the increase in merchant outlets, as well as proliferation of UPI that provides a simple and convenient way to transfer money across bank accounts. Interestingly, a large part of the activity in the digital payments space has been led by non-banks, the mobile wallets companies have acquired millions of merchants using QR code, while digital giants like Google and Facebook offer seamless payment services leveraging UPI. Another important innovation in the payment sector is the interoperability of banks. To facilitate the interoperability between prepaid payment instruments UPI handles and debit cards, non- bank PPIs will become quasi-banks in terms of payments. As we move forward, the digital payments industry will need to continue creating new user experiences which are need-based and innovative. The “auto payment” option has made life really easy while paying for daily use cases like cabs, etc. The Indian digital payments is poised for exponential growth driven by continued growth and penetration of smart-phones, increased adoption of digital payments by both consumers and merchants and technological innovation by key ecosystem players.
The financial sector continues to evolve at a rapid pace and is expected to see even greater change in the payments landscape, thanks to continuous advances in technology and regulations. The adoption rate of mobile apps has created new opportunities for financial institutions to tap this growing segment of users. We expect a continued push towards digital channels, while the physical branches will become leaner and focused. The banking and payment industry would give a greater push towards near real time analytics, machine learning, and AI to earn mindshare and wallet share from clients. Customer expectations from their financial institutions will continue to grow with emphasis on tighter engagement, focus on aspirational goals and not just sustenance. We also expect to see higher number of real-time decision-making processes become mainstream especially in areas like loan underwriting and processing. Mobile devices and wearables may find deeper integration with banking services. While, regulatory changes continue to drive technology changes like Aadhaar verdict on eKYC imposes a significant change to the banking and payment industry, we also see technology advance creating opportunities for banks to offer new and improved ways to interact with their financial institution. Whether there is a possibility of using live video for remote customer verification or workflows in loan origination, technology tools are able to dynamically adapt to changing demands. Ensuring regular upgrade in technology, and innovation will help maintain and grow the lending standards in India. The goal now becomes to automate the entire lending activity from origination to collection -- beginning to end. With a basic workflow framework, we can expose more processes efficiently. The key is to be able to trail what the consumer tells us, and use that as the foundation for the final event.
A recent survey by a data analytics company stated that India has a healthy proportion (>40 per cent) of its workforce that is data literate. While this portends well for the country overall, it is important to understand that data literacy is about the ability to read, use, analyse data in the workplace. With more data being produced that even before and at a pace that is almost incomprehensible to the human mind, we are increasingly going to depend on data to derive important insights, make significant decisions and even conduct normal day to day interactions. The challenge, therefore, is that it is vital that the right type of data be gathered and maintained in a way that supports data literacy. A lot of what is available today is only the tip of the iceberg. The enormous digitisation and modernisation effort led by the government and various national agencies is also creating its own data streams. These are going to be massive in proportion and we will soon need a number of skilled people (not just data scientists but a whole host of domain centric experts) who will leverage the power of data in their workplace on a daily/regular basis. So as it stands today, a good start but miles to go.