Banks have been the backbone of our country as they can propel or plummet the country’s GDP. By 2020, Indian banking is set to become the fifth largest, according to a joint report prepared by KPMG and Confederation of Indian Industries (CII). But 2016 was a rollercoaster ride, as the banks battled demonetization and the debit card breach affecting close to three lakh accounts. The year ahead too won’t provide any relief, as the task to do damage control and the pressure to leverage digital is huge.
Banks have begun to fully integrate digital in their business. Demonetization has opened the gates for massive digitization drive. Payment companies and gateways drive the financial inclusion, which is unprecedented. However, the banking sector faces huge technical and regulatory challenges in absorbing the digitization wave. The mobility-based feature phones, multiple gateways and Aadhaar-based biometrics, all demand innovative approach to create a responsive and secure ecosystem.
The challenges are at multilevel–at one level to have innovative technology products and processes, and at other to create seamless digital platforms to expand the customer base exponentially.
CIO India spoke to three CIOs from top banks: Mithilesh Singh, Director-Technology Audit, IDFC Bank, Anup Purohit, CIO, YES BANK, Nirmala Sridhar, CIO and GM–IT, Vijaya Bank, on the digital plans and priorities for 2017, challenges the banking sector will face, and security measures for the growing online transactions.
With digital banking gaining momentum, what are the steps your bank will be taking this year to provide seamless service to customers?
Mithilesh Singh: Being a new bank we focused to capture the market through latest digital technologies and in this regard we took many new innovative initiatives. One of the very prominent initiatives taken by our bank is MicroATM Technology for retail customers across Tier 1, 2 and 3 cities, and rural areas.
We were the first bank to roll out Aadhar PAY for cashless payments to merchant nationally. The solution has been developed by our bank in association with UIDAI & NPCI. We in partnership with NHAI introduced a solution for hassle free trip on national highway called IDFC Bank FASTag. The bank is committed to offer innovative solutions to simplify the banking experience for the end users.
Anup Purohit: Our product, SIMsePAY, has been launched, primarily for adoption in rural India. It will come handy for the customers in rural areas as they don’t have banking services on their cell phone. It does not require internet connectivity and is economical. Also, we want to grow our wallet and enable mobile banking adoption, where we integrate UPI with yeswallet, yesmobile and Simpay. We will also enrich our products with Unified Payment Interface.
Nirmala Sridhar: To make rural India part of Digital India, we have launched the concept of digital villages and already five villages have been fully digitized. On 26 January, 2017, we are declaring 100 villages across India as Digital Villages, where in customers will be able to seamlessly access all digital products.
With respect to digitization, what are the challenges the banking sector is going to face in 2017? How do you plan to leverage IT to overcome these challenges?
Singh: Cyber Security is the immediate need of the hours. Due to the transformation from manual to digital means of banking the risk of cyber threat increases many-folds for the financial sectors. Financial institutions today are being targeted by hackers with increasingly sophisticated techniques. Traditional cyber defences may be apt against thwarting malwares with known signatures, but such defense strategies are fast losing their effectiveness against more sophisticated cyber-attacks such as zero-day or customized exploits.
The banks need to look for bug bounty kind of security program to address such kind of emerging threats.
Purohit: Sim cloning is one of the challenges. With technology, sims can be cloned and misused. As hackers are one step ahead, banks have to aggressively think of an idea to combat threats to protect customers. Bank should get hold of ethical hackers. Having said that, we are onboarding partners and trying to find key niche players who can offer such services. As phones have become banks, there is a need for banks to do three factor authentication by providing a good user experience. Banks have to think of a solution to make phones secure too.
Sridhar: We feel that the biggest challenge is going to be cybersecurity. Due to high number of security breaches, banks have to lay a razor sharp focus on securing all their products. Banks need to align with cybersecurity framework. Banks need to follow a rigorous security testing process before launch of any digital product, have to carry out vulnerability and penetration assessment, and network security audit. Overall, banks’ approach should be proactive and not reactive. During this year, our key focus would be on building fraud risk framework.
How do you plan to stave off competition from payment companies?
Singh: Traditional banks are not lagging behind. Most of the traditional banks have started to offer a digital platform or solutions. The space for wallet companies will be challenging in 2017, as many banks will have a wallet. And as NPCI has come up with a UPI platform, the role of wallet companies will diminish.
Purohit: One, banks have an advantage in terms of size, and have more complex technologies. Two, all the banks have digital teams and have become more agile in terms of IT. Payment banks will be regulated by RBI and will have a restriction in terms of assets and liabilities.
Sridhar: Competition is a must for improving performance. Our bank’s USP is customer service and unique IT products. We feel that public and private banks have a personal touch with customers and they have a diversified portfolio of products suiting the needs of customers, which would be leveraged.
With Modi’s idea becoming a cashless economy, what kind of security measures your bank will implement to secure online transactions?
Singh: We have stringent rules on applications before it goes live. My team performs a technical review of the application in a detailed manner, from development to deployment. If we don’t do it, any small flaw will have a cascading effect. This year we will continue to do it. Also, we are in search for new companies who can provide expertise like reviewing our environment, with respect to emerging threats in today’s digital world. We have deployed best in class security solutions to meet the cyber defense related challenges.
Purohit: We are strengthening our fraud risk management application software by integrating with enterprise. Also, we are focusing on integrating analytics on various channels through which loans can be seen. In the risk and security area, analytics will play a key role this role.
Sridhar: With cashless economy and online transactions surge, security threat is looming large. As such we already have in place two-factor authentication for all our products. We regularly conduct security audit and all our digital products undergo rigorous security testing before being launched. Presently, the communication is secured. However, with more and more mobile-based apps, we feel that the hardware security of the customer devices would be a challenge. We are taking measures to identify rooted or jailbroken devices as a step to provide secure transactions.
Last year, many banks were affected by cyberattacks, like the debit cards breach. This year, what are your plans to prevent thefts?
Singh: This year we have developed an automated tool to measure the cyber security maturity of the bank. There are around five hundreds maturity indicators controls which we evaluate on annual basis. These controls are classified in five domains. The evaluation of these controls will enable the organizations to assess their Cyber Security readiness. This Model will also provide a measureable road-map to achieve the Cyber Security Maturity.
Purohit: As products are designed on various platforms, we’ll see if windows is the right platform to conduct a transaction for critical services like debit or credit cards. The entire solution needs to be secured. One weak link in the solution can compromise infrastructure.
Sridhar: We are strengthening security features in the net banking through the implementation of software and hardware tokens and other rule- based checks. We are in the process of implementing fraud risk management solution to identify and prevent fraudulent transactions based on various parameters like geographical fencing, velocity checks etc. We have in place 24/7 Security Operations Center which is manned by a specialized team who proactively monitor and mitigate the probable threats. We are also aligning our security controls as per the regulators and market trends.
As a CIO, what are your priorities for 2017?
Singh: Digital transformation (such as block chain) and cyber security are crucial as everything is digitized.
Purohit: We have a vision of scaling banks to the next level by 2020. Our focus is to continue on innovation and block chain. We are waiting for a scalable platform, so that we are ready to enter the market in a big way. This is done to make sure we give consistent and predictable services to customers.
Sridhar: Our priorities are to be in the forefront of our government’s vision of digital transformation of the country and make it a less-cash society. The other major focus would be on cybersecurity.