The world around us has been progressing at an unimaginable pace, in sync with technological advancements. Alongside technology’s rapid upgrades, several cyber threats have emerged, underlining the need to level up the cybersecurity infrastructure, especially during the festivities.
Banks, being responsible for safeguarding critical financial data, are one of the most preferred targets of cyber criminals. A GOI report shows that between June 2018 and March 2022, Indian banks reported 248 successful data breaches by hackers and criminals.
In an exclusive interaction with ETCIO, Nilesh Sangoi, Chief Information Officer, Fincare SFB, sheds light on the transformative role of technology in promoting financial inclusion and addresses the critical cybersecurity challenges faced by financial institutions.
Fincare SFB has been promoting financial inclusion since its inception. How has technology played a role in extending banking services to underserved communities, and what impact have you observed as a result of these initiatives?
Technology has played a pivotal role in our journey towards financial inclusion. Our mobile and internet banking platforms have bridged the gap, allowing customers in remote and underbanked areas to access their accounts and perform transactions conveniently.
Leveraging the Aadhaar infrastructure, we have enabled biometric authentication, simplifying the account opening process and making it accessible to even those without traditional identification documents. We have also implemented Aadhaar enabled Payment System (AePS) where rural customers can withdraw cash from BC and branch outlets via biometric Aadhaar authentication.
We have established a network of banking correspondents and micro-ATMs in remote areas, allowing individuals to deposit, withdraw, and transfer money with ease. These correspondents act as a bridge between the bank and the customer, facilitating last-mile connectivity.
We have built numerous mobile apps that help our thousands of field team members in providing banking services to rural customers at their doorsteps. Our teams serve more than 57,000 villages every month.Nilesh Sangoi, CIO, Fincare SFB
For instance, the bank offers retail products and services through various assisted channels, including Smart Branch Banking, DLite (Mortgage Loan origination system), FLAG (Loan Against Gold onboarding and servicing), mCare (microloans origination app), and mServe (microloan servicing app). These applications cater to branch and retail banking, mortgage loan origination, gold loan onboarding and servicing, microfinance loan origination, and rural banking services.
The bank introduced ‘FinSeva’ to manage recoveries from overdue customers, further enhancing debt management capabilities.
We open savings accounts for every microfinance customer and do a cashless disbursement in their account. Our microfinance and other lending customers can make payments digitally via UPI and multiple other means. Furthermore, the introduction of credit and savings opportunities through digital financial services has helped individuals mitigate vulnerability, manage economic risks, and actively contribute to overall economic growth.
In recent years, there has been a surge in cyberattacks, exposing vulnerabilities in our digital infrastructure. How would you describe the current cybersecurity challenges faced by financial institutions, particularly in the context of digital banking and online transactions?
To counter sophisticated cyber threats such as phishing, ransomware, and malware, targeting both institutions and customers, Fincare Small Finance Bank has worked on multiple front to ensure safety.
During the FY23, the bank has implemented multiple new solutions and tied up with renowned partners to enhance its security. This includes the implementation of (i) Cyber Threat Intel Platform; (ii) Brand Monitoring Solution; (iii) Advanced BOT Protection through WAF; (iv) Brand Indicators for Message Identification (BIMI); (v) In-House Phishing Setup; (vi) Secure File Sharing Solution; (vii) ATM Malware Engagement; (viii) New Cyber Forensics Engagement; (ix) SD-WAN; (x) In-House Automation for Endpoint Software and Vulnerability tracking amongst others.
We are prioritizing cybersecurity through investments in advanced tools, regular training, and real-time monitoring. Our incident response, commitment to regulatory compliance, and regular security audits help us combat cyber threats. Collaborating with peers and law enforcement agencies enables us to share threat intelligence for a collective, proactive response.
What measures have Fincare SFB implemented to safeguard customer data and maintain the integrity of digital transactions?
We employ encryption protocols to safeguard customer data during both transmission and while stored on our servers. This ensures that sensitive information remains confidential and secure, reducing the risk of unauthorized access.
Multi-Factor Authentication (MFA) is another essential component of our security framework. MFA adds an extra layer of protection by requiring customers to provide multiple pieces of information to access their accounts or complete transactions. This verification process enhances the security of digital transactions and verifies the identity of customers effectively.
Additionally, we conduct regular security audits and assessments. These assessments help us identify vulnerabilities and weaknesses in our systems and processes, enabling us to take corrective action before they can be exploited by fraudsters. Real-time monitoring is a critical aspect of our security strategy.
We have systems like Data Loss Prevention that continuously track and analyze transactions and customer activities. Any suspicious or anomalous behavior triggers immediate alerts, allowing us to respond promptly to potential threats.Nilesh Sangoi, CIO, Fincare SFB
Furthermore, we have implemented firewalls and intrusion detection systems to prevent unauthorized access and to detect and respond to intrusion attempts or any suspicious activities effectively. In the event of a security breach, we have a well-defined incident response plan in place to address and mitigate the situation promptly. This plan includes steps for notifying affected customers and authorities, if necessary, to ensure transparency and adherence to regulatory standards.
While new solutions have been implemented and existing solutions have been made more effective, the Bank continued to conduct extensive Information Security exercises such as continuous vulnerability scanning of infrastructure and applications, monthly configuration assessment of infrastructure and endpoints, daily monitoring of SIEM, antivirus, data leakage prevention, deception technology, web proxy, web application firewall alerts, quarterly configuration reviews of security solutions and access reviews.
Employee awareness is critical in maintaining cybersecurity. How does Fincare SFB educate its employees about cybersecurity best practices, and how often is this training updated to address new threats?
At Fincare Small Finance Bank, employees are educated on how to securely use internal applications and systems. This includes understanding data access permissions, secure file-sharing practices, and adherence to security protocols while using company-owned devices.
Our employees are encouraged to promptly report any suspicious activities or security incidents they encounter. This helps in identifying and addressing potential threats in a timely manner. Employee education is an integral part of our cybersecurity strategy.
How do you navigate the balance between innovation and compliance in the banking industry?
Proactive engagement with regulatory bodies keeps us on pace with the evolving compliance requirements, and our organizational structure promotes cross-functional collaboration between innovation and compliance teams.