CONTACT US
By Vibhu Swami On 17 Jun 2020
The Unprecedented pandemic outbreak, ‘Novel Corona 2019’ has made overwhelming impacts on our lifestyles, modus operandi of businesses and many other aspects. This calls for an inevitable need for top notch UI/UX in consumerization of the B2C technology.
The urgency to have technology which can effectively replace physical presence- the human touch and feel, has put exorbitant pressure on enterprises to fast track and widen the scope of their digitization roadmap.
The need for this phase shift got its due realization when RBI the Indian banking regulator, issued a circular on Jan 9, 2020, allowing banks to accept digital video-based customer identification and onboarding process, V-CIP (video KYC).
Being a witness to Information security paradigm shifts for past 20 years, I cannot help but think about what is in here for hackers/wrongdoers?’ Obviously, with the increase in the ‘attacking surface’ the chances of system exploitation rise exponentially.
Hence, the most effective way to secure a system is to understand the underlying technology and adopt most effective, time tested ‘assessed-risk’ approach.
In this series, we are detailing the important considerations the consumers of V-CIP, banks and other financial institutions, should make while inculcating it in their business processes:
With various regulations being enacted the importance of data privacy is getting realized in India. Section 43A of IT Act defines personal and sensitive information, Personal Data Protection bill (PDP) of 2018 and Section 8A of AADHAR act elaborate roles and responsibilities of various actors:
Which establishes banks and all other financial institutions as referred in RBI’s guidelines as Regulated Entity (RE) as data fiduciary.
Whilst incorporating V-CIP is need of the hour, RE should make themselves well assured of the following:
Meagre questionnaire-based methods of assessing vendor risks may not be enough in current technology dependence times. These risk assessments need a facelift and to be robust enough to assure the Regulated Entity (RE) the probable exposure while it contracts any of the V-CIP providers.
Contactless assessments, phishing tests, internal and external penetration testing need to be conducted by RE on the V-CIP providers to assess focus areas of improvements.
First, it is important to incorporate technology to ensure BAU to bridge the gaps introduced by social/physical distancing norms making it more important to ensure the availability of the technology and necessary processes during the times of need.
Regulated Entity (RE) need to assure themselves on the following important questions
Security programs at Happiest Minds
Complete Exploit Assess and Negate (CLEAN) program
Regulatory Compliance Assurance (RCA)
Business Resilience Assurance Program (BRAP)
Conclusion: Technology adoption has benefits which come with word of caution and as the saying goes ‘Devil lies in detailing’. Technology increases the attack surface and slight miss in the adoption lifecycle may lead to severe monetary and reputational impacts. Happiest Minds is specialized security services provider and our expertise can be leveraged for securing digitization initiatives of enterprises.
No related posts.
is a certified CISSP and ToGaf professional with 20 years of experience in various Life Insurance and IT/ITES organizations in India. He is currently part of our Infrastructure Management and Security Services (IMSS) business unit in Happiest Minds Technologies Limited. He is responsible for designing solutions for customers and prospects in the BFSI vertical.
Vibhu Swami is a certified CISSP and ToGaf professional with 20 years of experience in various Life Insurance and IT/ITES organizations in India. He is currently part of our Infrastructure Management and Security Services (IMSS) business unit in Happiest Minds Technologies Limited. He is responsible for designing solutions for customers and prospects in the BFSI vertical.
Read other blogs by Vibhu Swami
These blogs might interest you
by Tarun Vijay Bonthu on 21 Sep 2023
by Namrata Biradar on 8 Aug 2023
by Amit Kumar on 31 Jul 2023
by Kiran Chandran on 10 Jul 2023
Tag Cloud
Subscribe for blog updates
Technology Focus
News & Events
RESOURCE CENTER
ABOUT HAPPIEST MINDS
Happiest Minds enables Digital Transformation for enterprises and technology providers by delivering seamless customer experience, business efficiency and actionable insights through an integrated set of disruptive technologies: big data analytics, internet of things, mobility, cloud, security, unified communications, etc...
© Happiest Minds 2023 Terms and Conditions Privacy Policy