{"id":7697,"date":"2020-06-17T08:21:51","date_gmt":"2020-06-17T08:21:51","guid":{"rendered":"https:\/\/www.happiestminds.com\/blogs\/?p=7697"},"modified":"2024-04-24T06:39:31","modified_gmt":"2024-04-24T06:39:31","slug":"a-pandemic-shifting-digital-paradigms-know-your-technology-video-kyc","status":"publish","type":"post","link":"https:\/\/www.happiestminds.com\/blogs\/a-pandemic-shifting-digital-paradigms-know-your-technology-video-kyc\/","title":{"rendered":"A Pandemic shifting digital paradigm &#8211; Know Your Technology: Video KYC"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div><p>The Unprecedented pandemic outbreak, \u2018Novel Corona 2019\u2019 has made overwhelming impacts on our lifestyles, modus operandi of businesses and many other aspects. This calls for an inevitable need for top notch UI\/UX in consumerization of the B2C technology.<\/p>\n<p>The urgency to have technology which can effectively replace physical presence- the human touch and feel, has put exorbitant pressure on enterprises to fast track and widen the scope of their digitization roadmap.<\/p>\n<p>The need for this phase shift got its due realization when RBI the Indian banking regulator, issued a circular on Jan 9, 2020, allowing banks to accept digital video-based customer identification and onboarding process, V-CIP (video KYC).<\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone wp-image-7698\" src=\"https:\/\/www.happiestminds.com\/blogs\/wp-content\/uploads\/2020\/06\/blog-image.png\" alt=\"\" width=\"700\" height=\"180\" \/><\/p>\n<p style=\"text-align: left;\">Being a witness to Information <a href=\"https:\/\/www.happiestminds.com\/services\/it-security-services\/\">security<\/a> paradigm shifts for past 20 years, I cannot help but think about what is in here for hackers\/wrongdoers<u>?<\/u>\u2019 Obviously, with the increase in the \u2018attacking surface\u2019 the chances of system exploitation rise exponentially.<\/p>\n<p style=\"text-align: left;\">Hence, the most effective way to secure a system is to understand the underlying technology and adopt most effective, time tested \u2018assessed-<a href=\"https:\/\/www.happiestminds.com\/services\/governance-risk-and-compliance\/\">risk\u2019<\/a> approach.<\/p>\n<p style=\"text-align: left;\">In this series, we are detailing the important considerations the consumers of V-CIP, banks and other financial institutions, should make while inculcating it in their business processes:<\/p>\n<ol style=\"text-align: left;\">\n<li><strong>Data Privacy <\/strong>(Loose lips\/systems, sink\/leak ships\/information)<\/li>\n<\/ol>\n<p style=\"text-align: left;\">With various <a href=\"https:\/\/www.happiestminds.com\/services\/gdpr\/\">regulations<\/a> being enacted the importance of <a href=\"https:\/\/www.happiestminds.com\/services\/data-security-privacy-services\/\">data privacy<\/a> is getting realized in India. Section 43A of IT Act defines personal and sensitive information, Personal Data Protection bill (PDP) of 2018 and Section 8A of AADHAR act elaborate roles and responsibilities of various actors:<\/p>\n<ul style=\"text-align: left;\">\n<li>Data Fiduciary: Determines purpose and means of processing personal data<\/li>\n<li>Data Principal: Person to whom the data is related<\/li>\n<li>Data Processor: Processes personal data on behalf of data fiduciary<\/li>\n<\/ul>\n<p style=\"text-align: left;\">Which establishes banks and all other financial institutions as referred in RBI\u2019s guidelines as Regulated Entity (RE) as data fiduciary.<\/p>\n<p style=\"text-align: left;\">Whilst incorporating V-CIP is need of the hour, RE should make themselves well assured of the following:<\/p>\n<ul style=\"text-align: left;\">\n<li>Where does the customer personal data reside? Most of the V-CIP providers have hosted their <a href=\"https:\/\/www.happiestminds.com\/services\/managed-infrastructure-services\/\">IT infrastructure<\/a> on public <a href=\"https:\/\/www.happiestminds.com\/services\/cloud-data-center-advisory-transformation\/\">clouds<\/a>, which means scrutinizing the regulatory requirements of live and backup data residence is very important.<\/li>\n<li>How <a href=\"https:\/\/www.happiestminds.com\/services\/identity-and-access-management\/\">access management<\/a> is enforced? \u2018need to know, and least privilege\u2019 is the second most consideration for RE. Data being on cloud and V-CIP providers being startups having single person bearing various roles makes assurance on access controls enforcement important for RE.<\/li>\n<li>How is the data life cycle enforced? Start from first-time data storage to how it is being processed and security of the channels it uses to get transmitted, and then how it is backed up, frequency of backup, storage location and how the V-CIP provider is destructing the data, How RE is accountable to ensure these follow various applicable regulatory provision.<\/li>\n<\/ul>\n<ol style=\"text-align: left;\" start=\"2\">\n<li><strong>Vendor Risk Assessment <\/strong>(\u2018Wise enemy is better than foolish\/vulnerable friend\u2019)<\/li>\n<\/ol>\n<p style=\"text-align: left;\">Meagre questionnaire-based methods of assessing vendor risks may not be enough in current technology dependence times. These risk assessments need a facelift and to be robust enough to assure the Regulated Entity (RE) the probable exposure while it contracts any of the V-CIP providers.<\/p>\n<p style=\"text-align: left;\">Contactless assessments, phishing tests, internal and external penetration testing need to be conducted by RE on the V-CIP providers to assess focus areas of improvements.<\/p>\n<ol style=\"text-align: left;\" start=\"3\">\n<li><strong>System Availability <\/strong>(\u2018Friend\/system in need is friend\/system in-deed\u2019)<\/li>\n<\/ol>\n<p style=\"text-align: left;\">First, it is important to incorporate technology to ensure BAU to bridge the gaps introduced by social\/physical distancing norms making it more important to ensure the availability of the technology and necessary processes during the times of need.<\/p>\n<p style=\"text-align: left;\">Regulated Entity (RE) need to assure themselves on the following important questions<\/p>\n<ul style=\"text-align: left;\">\n<li>How will the technology work in various scenarios? Pandemics, epidemics, city-wide natural calamities, national\/international restrictions<\/li>\n<li>Who and how will technology interact with necessary systems? Most important, while planning technology advancements is \u2018integration\u2019 points in various scenarios of unavailability<\/li>\n<li>Resilience in the processes? It is important to understand what trade-offs the process can withstand without impacting the core business objectives and customer servicing<\/li>\n<\/ul>\n<p style=\"text-align: left;\"><strong>Security programs at Happiest Minds<\/strong><\/p>\n<p style=\"text-align: left;\"><strong><u>C<\/u><\/strong>omplete <strong><u>E<\/u><\/strong>xploit <strong><u>A<\/u><\/strong>ssess and <strong><u>N<\/u><\/strong>egate (<strong>CLEAN<\/strong>) program<\/p>\n<ul style=\"text-align: left;\">\n<li>Phishing handling and defense building lifecycle which includes regular, automated, and customized phishing simulations and user awareness sessions<\/li>\n<li>360<sup>0<\/sup> <a href=\"https:\/\/www.happiestminds.com\/services\/advanced-threat-management\/\">VAPT lifecycle management<\/a><\/li>\n<li>Vulnerability prioritization based on the availability of its exploit code<\/li>\n<li>Thick and thin client-based apps vulnerability assessment and penetration testing (VAPT)<\/li>\n<li>Mobile application VAPT<\/li>\n<li>\u2018Contactless\u2019 tests done to generate end to end external cyber risk scoring based on its performance on various parameters like IP reputation, Email reputations and others<\/li>\n<\/ul>\n<p style=\"text-align: left;\"><strong><u>R<\/u><\/strong>egulatory <strong><u>C<\/u><\/strong>ompliance <strong><u>A<\/u><\/strong>ssurance (<strong>RCA<\/strong>)<\/p>\n<ul style=\"text-align: left;\">\n<li>RBI, IRDAI and SEBI mapping with ISO 27001 and PCI-DSS<\/li>\n<li>Data privacy requirements of guidelines of AADHAR (UIDAI), Personal Data Protection bill 2018 and IT Act<\/li>\n<li>IRM\/DRM framework using applicable regulatory guidelines and digital security standards from CIS and NIST<\/li>\n<\/ul>\n<p style=\"text-align: left;\"><strong><u>B<\/u><\/strong>usiness <strong><u>R<\/u><\/strong>esilience <strong><u>A<\/u><\/strong>ssurance <strong><u>P<\/u><\/strong>rogram (<strong>BRAP<\/strong>)<\/p>\n<ul style=\"text-align: left;\">\n<li>Ensures technology systems and relevant support services available in times of pandemic and cyber outbreaks<\/li>\n<li>The Pragmatic program takes a holistic approach from documentation to implementation<\/li>\n<\/ul>\n<p style=\"text-align: left;\"><strong>Conclusion:<\/strong> Technology adoption has benefits which come with word of caution and as the saying goes \u2018Devil lies in detailing\u2019. Technology increases the attack surface and slight miss in the adoption lifecycle may lead to severe monetary and reputational impacts. Happiest Minds is specialized security services provider and our expertise can be leveraged for securing digitization initiatives of enterprises.<\/p>\n<div class=\"pld-like-dislike-wrap pld-template-2\">\r\n    <div class=\"pld-like-wrap  pld-common-wrap\">\r\n    <a href=\"javascript:void(0)\" class=\"pld-like-trigger pld-like-dislike-trigger  \" title=\"Like\" data-post-id=\"7697\" data-trigger-type=\"like\" data-restriction=\"cookie\" data-already-liked=\"0\">\r\n                        <i class=\"fas fa-heart\"><\/i>\r\n                <\/a>\r\n    <span class=\"pld-like-count-wrap pld-count-wrap\">0    <\/span>\r\n<\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>The Unprecedented pandemic outbreak, \u2018Novel Corona 2019\u2019 has made overwhelming impacts on our lifestyles, modus operandi of businesses and many other aspects. This calls for an inevitable need for top notch UI\/UX in consumerization of the B2C technology. The urgency to have technology which can effectively replace physical presence- the human touch and feel, has [&hellip;]<\/p>\n","protected":false},"author":33,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[550,183,139,123],"tags":[1403,1671],"class_list":["post-7697","post","type-post","status-publish","format-standard","hentry","category-data-privacy","category-digital","category-security","category-technology","tag-pandemic-shifting-digital-paradigm","tag-video-kyc"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts\/7697","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/users\/33"}],"replies":[{"embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/comments?post=7697"}],"version-history":[{"count":3,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts\/7697\/revisions"}],"predecessor-version":[{"id":12746,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts\/7697\/revisions\/12746"}],"wp:attachment":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/media?parent=7697"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/categories?post=7697"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/tags?post=7697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}