Safeguarding Customer Data

Lessons from Data Breaches- Safeguarding Customer Data and Trust in the Digital Age

Amit Das

Table of Contents

Air India Data Breach: A Wake-Up Call

A few years ago, a significant data breach exposed the personal information of 4.5 million Air India passengers due to a cyberattack on the airline’s data processor. The compromised data included passengers’ names, contact information, passport details, and credit card details. The cyberattack occurred in February, and Air India promptly took action to secure its servers and mitigate further risks.

BSNL Data Breach: Telecom Vulnerabilities Exposed

In May 2024, Bharat Sanchar Nigam Limited (BSNL) suffered a major data breach, exposing sensitive information of millions of Indian users. The attack reportedly compromised over 278 gigabytes of data, including International Mobile Subscriber Identity (IMSI) numbers, SIM card details, Home Location Register (HLR) information, and much more. Despite no service outage, the Union government formed an inter-ministerial committee to audit telecom networks and enhance security measures to prevent similar breaches in the future.

 

Safeguarding Customer Data

Data Security in Video KYC and Digital KYC

Evolution of Video KYC in India

As Video KYC was approved for use by the Reserve Bank of India in January 2020, questions regarding data security in these processes have often been debated. Video KYC, or VKYC, is a process by which banks and other financial institutions authenticate a customer’s identity via a live video interface using a smartphone. In this process, a representative from the financial institution is present at the other end. Previously, KYC was conducted in person through physical documents and meetings. Notably, India is one of the first countries to introduce the Video KYC option for financial institutions.

Advantages of VKYC

VKYC has streamlined the KYC process, making it less tedious for both institutions and customers while accelerating the response rate. For instance, loans can now be disbursed within hours from start to finish. Additionally, Video KYC enhances security by reducing the need for physical copies of identity proofs, thereby preventing data and identity theft.

Recent Updates in VKYC Regulations

Last month, the RBI revised KYC norms to extend VKYC to small and medium enterprises. It also allowed limited KYC accounts to be converted to full KYC accounts through VKYC. Furthermore, the updated guidelines enable the use of a KYC identifier from the Centralised KYC Registry (CKYCR) and support the submission of electronic documents via DigiLocker channels as identity proof.

Implementing Secure Video KYC Solutions

Best Practices for Security

While VKYC is inherently more secure, institutions must adopt specific measures to protect their infrastructure and customer data. Cybersecurity and customer due diligence processes must work together to safeguard sensitive information. According to RBI’s guidelines, financial institutions must host technology infrastructure in-house to meet baseline cybersecurity requirements. Using third-party apps such as Zoom or Google Meet for VKYC is not recommended by industry experts.

 

Kwik.ID’s Comprehensive VKYC Solution

Kwik.ID offers a modular, platform-independent, plug-and-play Video KYC solution compliant with mandates from RBI, SEBI, IRDAI, and PFRDA. Our solution is platform-agnostic and can integrate into existing systems within a week. The VKYC solution includes a two-way video calling facility with one-way recording. Additionally, it incorporates AI-enabled image processing software for identity verification by comparing user images across ID documents, studio photographs, and selfies.

Our solution also features a customisable liveliness detection function, enabling bank officials to validate videos through real-time actions as required by clients. To further streamline the process, we provide DigiLocker integration, facilitating secure digital document exchange with user consent. DigiLocker supports over 210 digital documents from issuing authorities, including UIDAI, NSDL, CBSE, and State Education Boards.

Adopting Digital KYC Amid Pandemic Challenges

The adoption of Video KYC and Digital KYC has become essential in maintaining financial transactions during pandemic-related restrictions. While these digital disruptions offer long-term benefits, it is crucial to understand the associated risks and implement robust measures to safeguard against cybercriminal activities and data theft.

For more questions and commercial quotes, write to sales@think360.ai or dial +91 8779798844.