Sumana is an experienced IT professional, having spent over 23 years in the industry. This includes global experience across the domain, which includes Delivery management, Risk management, operations management to strategic planning and consulting. She has successfully executed several business plans and has a strong business acumen for handling channel management activities. Before starting Goavega, she worked in several large MNC’s and product companies. Some of her past stints include Symphony Services Corp India Pvt Ltd, where she served as a director for 6 years. Additionally, she was at AIG (American International Assurance), Singapore as Assistant Manager from Jun’01 – Apr’04.
‘Open banking’, a practice that provides third-party financial service providers an open access to consumer banking, transaction, and other financial data from banks and NBFC’s through the use of application programming interfaces (APIs), has been rapidly catching up and is said to be the future of financial technology. While this has several benefits, the innovation is also a high-risk practice as it involves sharing of and trading vast amount of data. And while financial technology, over the past few years, seen tremendous growth in India, the COVID pandemic has facilitated a huge surge. Online transactions worth INR 4.3 lakh crore were reportedly carried out on UPI in January 2021, Vs. INR 2.1 lakh crore in the January 2020, highlighting the urgent need for building a robust open banking system with set data security protocols.
As per a recent report, The Reserve Bank of India has announced a new set of guidelines for the digital banking and payments ecosystem, which requires regulated entities (REs)—scheduled commercial banks, small finance banks, payments banks and credit-card-issuing NBFCs—to conduct periodic assessment of apps and associated third-party services. REs will also be required to assess cyber-risk parameters like technology stack, operational risk, and data storage. REs will also have to employ trained, in-house resources for managing cyber-risk, and adhering to guidelines on engaging third-party operators, in case of out-sourcing. From conducting source-code checks, vulnerability testing, and penetration testing every six months for payment systems, RE’s will also be required to conduct rigorous third party periodic testing, and also be subject to penal provisions in case of no compliance.
Key Data Security processes that needs to be adopted urgently by Banks and other NBFC’s:
- API Security and access management: Considering the omnipresence of API’s or Application Programming Interface, and vital role in ensuring app based secure transactions, access control, and overall API security is a non-negotiable factor for open banking. Effective API security looks at Data security and content filtrations, through procedures that like API gateway, encryptions and signatures, and using quotas. For ensuring a successful and effective API and Access Management security, it is vital to focus on the type of API, its key functions and interactions on the web and timely assessments to track and fix any vulnerabilities.
- Stringent KYC and encryption infrastructure: One of main features of open banking is its transparency. Offering customers greater control of their data, allows them a deeper understanding of how it is being used. However, this is also a major security concern as transparency can give rise to data piracy and theft. Encryption technology is important here in making sure that the sensitive information are end-to-end encrypted i.e. protected from hackers when it’s in transmission or storage. Also regular KYC on behalf of the banks, helps them to keep track of updated data and ensure it is well encrypted and managed.
- AI enabled authentication protocols: Securing data and encrypting vital KYC information is just the first step to ensuring data security. Effective authentication is a vital step. AI, coupled with other emerging technologies like ML, has been used in data security for a few years now and the same holds true when it comes to API and banking data security. AI enabled processes can help effective and timely KYC, and faster and effective authentication, making the process faster and effective.
- AI and ML empowered cyber security processes: The baking sector has been one of the widely targeted sectors for cyber-crimes and open banking can come with its own set of vulnerabilities. Through leveraging AI and ML powered cyber security procedures, with combined intelligence and information sharing across companies, can help make open banking a safe and efficient platform for financial transactions. Better access to more data means better intuitions, which implies that banks can more effectively combat against hostile parties, rather than sitting passively and waiting to be the target of cyber-attacks.
Every new technology comes with new risks and uncertainties. However, the open banking platforms has the potential to re-write the relationship between the bank and its customers. It has the potential to make money management more secure, more convenient and customer-centric with the help of technology such as data security. Open banking is about using technology to empower better and more secure relationships between customers and service providers.
More About Sumana Iyengar and Goavega
Sumana is also the Co-founder of Krimzen, which she manages at a part-time basis. Sumana has received the prestigious ‘Women Entrepreneur of the year 2018-19’. Award from WeLeed and Women Empowerment Summit and GIWL Awards 2019 from UBS Forums. At Goavega, she provides leadership to drive growth and customer delight. Sumana has assisted several start-ups in building products from ground zero and launching products to the market.
Established in 2014 “Goavega” is a Bangalore based product engineering services organisation delivering customer needs with high quality and cost-effectiveness. At Goavega, they have straightforward and single-minded focus: to help the customers with innovative and unmatched tools, services, and solutions and make them future-ready / prepare them for the future.