By Sandeep Kamble, Founder and CTO, SecureLayer7
The Indian BFSI segment has been one of the fastest growing segments in the country, fuelled by fast paced technology adoptions and supportive government policies. The Industrial 4.0 revolution, that integrates smart technology tools with day to day business operations, leveraging AI, ML, and cloud computing etc., making essential functions accessible at the touch of a smart screen, have evolved rapidly. These innovations, integrated with a massive rise in fintech, are helping create a cashless economy for India. As per a report by RedSeer Consulting, India’s Digital Payments Market was valued at INR 2,162 trillion in 2019-20 and is expected to grow three fold, to reach INR 7,092 Trillion by 2025. Further, the current 160 million unique mobile payment users are set to multiply 5 times, to reach 800 million, by 2025.
However, with the increased digitisation, the rise in cases of cyber security breaches, have exposed several vulnerabilities. The security breach at the State Bank of India in 2019, for example, exposed the bank account numbers and bank balance information for its 422 million customers! Similar attacks of varying scales have also taken place across various public and private banks in the country, in the past few years. Globally, the BFSI Sector has been witnessing a rise in cyber-attacks where skilled hackers are able to carry out well planned breaches, heists, invasions, data thefts, malware and phishing attacks, etc., resulting in major financial loss and distress.
As per a report by the Reserve Bank of India (RBI), around 60,000 cyber frauds took place in the banking sector alone, including the Scheduled Commercial Banks (SCB), during the fiscal year of 2018-19, and resulted in a loss of INR 67, 432 Cr. for the last fiscal. According to a report by CISO, in 2018, the Indian BFSI segment clocked an average B+ OSINT Security score, and was ranked 50 in Security maturity and 42 in breach readiness. Some vital platforms which are most vulnerable and need a cyber-security assessment and action, include:
1. Solutions by Fintech Start-ups: Over the past few years, a number of technology start-ups specialising in financial segment have emerged, disrupting the way we make purchases. From app based wallets and adhaar/ UPI linked instant transactions to single window e-commerce apps, fintech start-ups need to be mindful of the threats and invest in creating a robust data security framework for the apps. This is generally ignored as these may be boot strapped start-ups and generally avoid hefty investment needed for a more than basic digitally secure ecosystem. This needs to be addressed by collaboration with cyber security firms that provide customised and value driven services, as against the big budget packages.
2. ATM Security: These have been very common and involve a combination of physical breach – where finger prints and card details are stolen by imprinting the contact point of the machine, and software breaches. As per a report by Positive Technologies, up to 69% of all ATM’s are vulnerable to cyber-attacks. Interestingly, ATM attacks have been getting complex and more sophisticated since the first ATM Malware attack of 2018, and it is expected to continue being a looming threat. ATM security assessment, an important exercise, is a recommended mode of addressing these vulnerabilities.
3. Mobile Apps and Integration: As per a report by Avaya India, 26% of Indian customers regularly avail digital banking services through the bank website and mobile app. With the increased use age of smartphones and the consumer friendly mobile app version for one tap transactions, mobile and digital banking is set to further enhance the vulnerability of the platform. Banks need to pay special attention to these platforms when it comes to cybersecurity.
4. Social Engineering: Data has become the new currency now and financial data is even more valuable. While innovative and complicated cybercrimes are on a rise, especially for newer platforms, the age old methods of phishing, network scanning, viral code, website defacements and intrusion and the conventional malware also continue to grow, mostly unchecked. These require a consistent effort to monitor using advanced detection technology processes to ensure there are no major or minor compromises.
While all of the above are important steps to be taken by BFSI players, including banks, service providers, fintech players and their technical support staff, a significant aspect of secure transactions is also consumer awareness. With automated messaging alerting consumers to not share their OTP or CVV numbers over a call or to use secure servers when making financial transactions, most banks, and financial institutes are taking basic steps towards educating their customers.
However, a strategic, technology expert led awareness campaign can play a significant role in educating masses about effective and secure use of digital platforms for financial transactions, which is the need of the hour as an increasing number of people are now operating from home, through barely secure servers.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]