Blog

Banking And Fintech In The Metaverse Of Finance

Posted on | by Signzian

Dolce and Gabbana had a peculiar sale last year. Their customers paid $5.7 million to the fashion conglomerate for basically… Nothing. Or that’s what people who do not understand virtual reality would say. In fact, the company sold primarily virtual products for customers to use in the Metaverse. This is why the Metaverse economy experienced retail sales of more than $20 billion with an annual growth rate of around 40%.

This is the mere beginning of using digital assets as a repository of value. It is the beginning of a digital renaissance, encompassing AR, VR, and other digital immersive technologies, which will lead to wide-scale adoption and regulations. Cryptocurrencies will also play a crucial role in this.

Financial institutions must secure their position in this enormous and novel part of the economy by incorporating Metaverse and crypto into their services and business models. This will lead them to a cryptocurrency-fueled metaverse economy.

As the metaverse users increase, financial transactions in the new realm will increase. The government will issue new regulatory guidelines in the coming future. But it is unwise not to adopt early. Banks and institutions should not wait for this. Instead, they should embrace the metaverse economy. Here are some of the ways in which this is possible.

Build And Leverage Trust

Customers usually trust banks more than even the government. This should be utilized in a positive fashion. Tap into the customers’ interests in crypto and digital assets. Despite the standard expectations, 45% of Boomers used cryptocurrencies to make a purchase, compared to the 30% of Zoomers, in 2021.

Mastercard is processing crypto payments and paving the way for other institutions to follow suit. Offering custody services and processing crypto payments help banks prepare for the digital future. Even mortgages, loans, etc., will have digital asset involvement. Banks and banking technology may also leverage their brand identity in user verification and risk management as more peer-to-peer crypto transactors want to trust authentic payment sources.

Metaverse Payment Platforms: Adopt The Boon

Metaverse virtual reality is all set to take over the shopping experience for customers. The fundamental fintech future will be altered to adopt the new paradigm. Financial institutions must process transactions on metaverse payment platforms to accommodate the customers and their needs. A trial pilot by Facebook, the Whatsapp digital wallet is the beginning of this transformation. It offers benefits like zero fees for international transfers, etc. 

These methods have so much potential and versatile applications. For example, such platforms will help fasten transactions and secure the customer’s safety and privacy. Moreover, the institutions can either provide such platforms or integrate the accounts into existing payment apps by utilizing their APIs. But it is noteworthy that most of these apps adapt to phones and screens and ARVR technology.

The metaverse economy is in the infant stage. But once it starts flying, the entire system will soar. This is the ripe time for banks and financial institutions to secure the fintech future. This is where banking technology ups its game a notch with payment platforms.

Integrate With AR And VR Platforms

Providing payment platforms in the new paradigm is essential. But banks need to do more than that. They need to integrate with the metaverse virtual reality. Banking technology must evolve to increase its presence in the Metaverse while ensuring that customers spend more time in it. 

This may be done in multiple ways:

  • Communications with customers- Include AR and VR where it is appropriate.
  • Increase Visual Presence- Transactional experiences should be encapsulating and immersive.
  • Explore the New Age Ads- Advertising is evolving along with technology. Digital billboards, avatars of celebrities, etc.

Banks In The Metaverse

The future of fintech is mainly altering. But it is not unpredictable. We may not be able to say how the Metaverse will affect us or how it will look, but we sure can understand how it can be leveraged. Financial institutions should not wait for regulatory guidelines to adapt to evolving technology. They must learn how to leverage their unique attributes.

Utilizing their attributes to meet the wants and needs of the customers helps and navigate the digital transition successfully. This includes the desire to be a participant in the metaverse and crypto economies. But all these financial institutions and banks need a reliable and trustworthy service source. A resource marketplace where you get all that you require. Signzy can help you with the best customizable APIs and resources with our efficient AI-based rule engine and technology.

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru, and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

Exploiting SSTI To Execute Arbitrary Code On Server

Posted on | by Signzian

Server-side templates create an accessible method for the dynamic generation of HTML code management. But they could also be susceptible to SSTI(server-side template injection). To fully comprehend these mechanics, we must understand what template engines and SSTI attacks are. This can also help execute arbitrary code on the server.

What are Template Engines and SSTI Attacks?

Template engines are created by including multiple specific templates with variable data to create web pages. Server-side template injection attacks can occur when user input is concatenated directly into a template without being sanitized against evil characters. As a result, attackers can inject arbitrary template directives into the template engine, allowing them to manipulate the template engine and, in some cases, gain complete control of the server.

Some of the Template engines are listed below : 

PHP – Smarty, Twigs                                                   

Java – Velocity, Freemaker                                                   

Python – JINJA, Mako, Tornado                                                   

JavaScript – Jade, Rage                                                   

Ruby – Liquid                                                    

 

Jinja: A Python Based Template Engine

Jinja is a Python template engine written as a self-contained open source project to create HTML, XML, or other markup formats returned to the user via an HTTP response. It is also referred to as “Jinja2”.

So why Jinja? 

Today Jinja is the most widely used Python-based template engine and is opted by configuration management tools Ansible and SaltStack and the static site generator Pelican to generate output files. Given its vast adaptation, we will have Jinja as a reference to understand how the SSTI attack works. 

The Vulnerable Code Snippet

 

 

Here, a part of the Template is dynamically generated using the form. Because template syntax is directly processed at the server-side without any filtration, an attacker possibly can inject a malicious payload inside the ‘name’ argument where user input is being placed within the template expression. 

Identifying The Vulnerability

As shown in the code snippet, the input we’ll provide will be rendered precisely by the template engine. 

So, if we put a mathematical expression to identify the vulnerability, if it is being rendered by template engine or not. 

 

 

 

Input value- {{7*7}} returned ‘Hello 49!’. So it is confirmed that the backend is using jinja2.

Python depends on specific modules like ‘sys,’ which includes other dependencies such as the ‘OS’ module; we will target the ‘OS’ module here for exploitation. However, the exploitation and getting shell would not be that easy here as Jinja does not support the import statement. 

Our very first goal here is to identify the template engine used by the target application, for which the TPLMAP tool can be leveraged. With numerous sandbox escape strategies, the TPLMAP tool aids the exploitation of Code Injection and Server-Side Template Injection vulnerabilities to get access to the underlying operating system.

Exploiting The Vulnerability

So as explained above, the import statement does not work in the case of Jinja; hence we will use some parts of code that are accessible to us, often called Gadgets, to achieve remote code execution.

 

The below payload will execute the malicious code which is inside the ‘popen’ function:

 

The above payload is explained in the below fig:

 

The RCE is achieved as shown below:

 

Workaround and Remediation

  • Templates should not be created using user-controlled input. To pass user input to the Template, use template parameters. Sanitize the data before processing it by removing any unwanted or potentially hazardous characters before putting it into the templates. This decreases the likelihood of your templates being maliciously explored.
  • Malicious code execution is inescapable if permitting certain dangerous characters to render specific elements of a template is a business requirement. Then encapsulating the template environment in a docker container is almost certainly the safer option. With this option, you may leverage Docker security to establish a safe environment that prevents dangerous actions.

 

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru, and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Ankit Pandey

Ankit is a cyber geek currently working in the information security team at Signzy. Ankit holds eWPTX, eCPPTv2 & CEH certifications. Ankit is also an active member of Synack Red Team actively hacking and securing companies globally.

 

 

3 Major Reasons Why Your Business Can not Skip Out On KYB

Posted on | by Signzian

Do you know how many shell companies are there in India?

Apparently, no one does. But, authorities identified 230,000 shell companies in the last 3 years. Scrutinized data mining revealed nearly 300,000 shell companies involved in hawala and other illegal transactions. Just government regulations won’t cut it to cut down on these launderers. Individual enterprises need to take action. Each business needs to know with whom they are getting involved.

When it comes to low, mid, or even high-level corporate collaborations, KYB (Know Your Business) is the ultimate evaluation mode to secure business interests and stay compliant with AML(anti-money laundering) obligations. Before an enterprise associates with another company, it should ensure authenticity. KYB provides this while verifying the organization on multiple dimensions.

Ponemon Institute concluded that companies unnecessarily spend more than $4 million due to not taking action and investing in regulatory and compliance practices. KYB, unlike KYC, verifies enterprises and businesses instead of customers. They use certified identification parameters that include the owner’s OVDs(Officially Verified Documents), CRN(Company Registration Number), etc.

Here are the 3 major reasons why you should always have KYB processes set up for your enterprise’s collaborations.

Reason 1- Safe and Secure Business Relationships

Any B2B service and interaction depends on mutual interests and understanding. The changing world of digital technology impacts significantly on your business. On top of this, business partners do not have directive authority over their partner’s vendors. Hence there is a constant and inevitable need to verify trust between the businesses for a stable relationship. This is where KYB forms a reliable standard for building trust and acts as a secure communication channel.

KYB essentially solidifies the reliance of companies and businesses on each other. Additionally, it also provides security and safety from external threats. Many regulatory bodies demand this as well. Hence a regulations compliant tag requires processes involving KYB.

Reason 2- Increased B2B Conversions

Any company that has accessed KYB processes generates more credibility and trust. Partner organizations receive a positive impression. The process is solid and safe with multiple identity checks and verification procedures. Since everything can be automated, any face-to-face fiddle can also be avoided. Trust between involved parties is directly proportional to a greater B2B conversion rate.

This way, the relationships help establish a well-formed reputation for the enterprises. Trust directly impacts the conversion rate; it is relevant for up-and-coming start-ups to ensure they have a built-in KYB process. KYB helps organizations identify themselves without any physical presence at sites or offices. It also helps provide interest-oriented services that increase the conversion rate for B2B services.

Reason 3- AML CFT Compliance

The increase in financial crimes worldwide makes it necessary for governments and law enforcement agencies to ensure regulatory measles. For example, the 1970’s Bank Secrecy Act in the US was established to combat tax evasion and unlawful drug dealings. This was the first step in AML’s history. In addition, organizations like FATF((Financial Action TaskForce) and FinCEN (Financial Crimes Enforcement Network) are aimed at this same goal of AML and following government regulations.

AML practices safeguard the safety interests of businesses. Non-compliance with AML is an expensive deal. Companies pay more than $5 million to regulatory authorities for non-compliance with AML.

The 4AMLD, the anti-money laundering directive from the European Union, dictates and encourages financial institutions to follow KYB practices. This keeps a tab on potential money laundering and terrorism funding initiatives. Therefore, KYB is mandatory for AML implementation. As a matter of fact, it is the cornerstone in identifying potential dangers in B2B interactions.

A Bonus 4th Reason For You:

KYB Reduces Operational Costs

It is no novel fact that automation and digitization help reduce operational costs and TAT. It also helps reduce human interventions and, in essence, human resources. But KYB, primarily digital KYB, takes this up a notch. Digital KYB, just like Digital KYC, maintains the status quo of technological independence. The processes involved are designed to create minimal human intervention while providing the safe and secure fortification it demands. This reduces errors, resulting in costs saved from human errors while maintaining security for the businesses. As it reduces the TAT, this increases the scalability of operations. This renders the future of processing faster for the involved enterprises.

To summarize, KYB is an effective method for creating secure business relations. This is done by reducing the total operational expenses, enhancing the conversion rate in B2B services while complying with AML policies and procedures.

If you wish to create a fortified and user-friendly Digital KYC/KYB process, we can help you with the best resources in the industry. From scratch, Signzy helps build entire onboarding and KYB processes for our clients. These are incredibly customizable too. Of course, you can understand how secure they are as we use state-of-the-art AI rule engines and APIs on our website.

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru, and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

Blooming Blockchain- How It Can Help You KYC Faster, Safer, And Better

Posted on | by Signzian

Does $10 billion seem like a boatload of money to you? According to Compliance Week, financial institutions across the globe were charged $10.4 billion as KYC and AML fines in 2020. Adjusted to inflation, that’s nearly half the revenue of the entire Hollywood in 2020. That’s wasted money that could have been saved.

Know Your Customer(KYC) processes form the spine of financial institutions’ safety. It primarily encompasses their Anti-Money Laundering (AML) efforts. Traditionally they have always been tiresome and time-consuming. Even after, they were not issues-free, and they were not unhackable. The processes are inefficient and labor-intensive. The risk of error is also pretty high. 80% of efforts go for information collation and processing, whereas the rest 20% is only spent on assessing and monitoring. 

Let’s have a look at how we can change this.

How Traditional KYC IS Falling Short

Customers dread KYC. For them, it serves no purpose other than to increase the activation energy required for CTA. Traditional KYC is out of the question as it:

  • Is manual and prone to human errors
  • Tiresome and time-consuming
  • Heavily dependent on physical attributes like space, storage, etc.

Digital KYC was the solution some years ago. They had:

  • AI-based processing that reduced errors
  • Quick TAT
  • Server storage
  • Better user experience

Many institutions shifted to Digital KYC with advanced Video KYC as an option. But before that metamorphosis could complete, we got newer and better modes. The digitized is getting digitized. This was primarily due to the shortcomings in safety, security, and universal ease of accessibility for the data and the users. An incompetent digital KYC process also Misidentifies fraudulent data and cannot track the customers for verification.

The era for change is here, and it begins with understanding blockchain technology. Blockchain is versatile and resilient. But above these, it records information as electronic databases in the form of blocks.

 

Blockchain KYC- The Next generation of KYC Processing

 

A blockchain is a specifically distributed database shared among the nodes of a digital network. It stores information electronically as a database. Blockchain KYC occurs in multiple stages in a specific Distributed Ledger Technology (DLT).

Stage 1- KYC DLT System

IFI or Initial Financial Institutions ensure users set up their digital identity using valid documents on a Blockchain KYC platform. The data becomes available with consent to institutions for verification. Some of the available options for storage are:

  • DLT platform
  • FI’s server
  • Centralized server

Stage 2- User can transact with FI

The user provides consent. The FI can verify and save the data on the DLT platform using the ‘Hash Function.’ FI delivers digital copies of KYC to the users marked with a Hash Function which matches the DLT platform’s one. This ensures that if the KYC data is changed, it will not correspond with the one on the DLT platform. In addition, it will alert the FIs about the change.

Stage 3- User transacts with Final Financial Institution(FFI)

Users consent to share data with FFI, and the KYC is performed. Then, FFI reviews the data and the respective hash function with the ones IFI uploaded. If both match, FFI finalizes the data as valid.

The Benefits of Blockchain KYC

  • Quality data with real-time monitoring and tracking.
  • Lower TAT- FIs have direct access to data without collation.
  • It eliminates paperwork
  • Decentralized, distributed data collection
  • Mandatory consent ensures safety for the user’s data.
  • Reduced expenses due to unhackable security and fortified operational efficiency.
  • Accurate information validation with DLT
  • Real-time user data appraisal- blockchain technology updates the FI of any new addition of user data.

The Culmination of Blockchain Technology and KYC

Collating user data and processing is expensive and time-consuming. But it has always been a mandatory part of any KYC process. But now, this has changed.

Blockchain not only provides an alternative for this but also helps enterprises monitor and assess user behavior. It saves time from tedious, laborious tasks of data accumulation and processing. It uses this time for the companies to focus on finding solutions for more creative KYC challenges.

It is important to note that Blockchain Technology is not magic and hence not the answer to all problems in KYC. It mainly helps in data collation. The validation process still is an unavoidable task.

Blockchain coupled with AI and cognitive processing technologies helps resolve this. They will create a synergistic and efficient system. However, it is hard to find the right solutions for your enterprise in such a saturated market. Signzy offers state-of-the-art resources and solutions for all your fintech needs. Ranging from onboarding to KYC, we have customizable solutions powered by AI decision engines to get you the best in the industry. 

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling 10 million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks.  It works with over 240+ FIs globally including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a strong global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

References

Evolution Of Digital Identity Verification

Posted on | by Signzian

As society and businesses move online, an identity check has evolved to digitally verify a candidate’s name, date of birth, address, and Nationality. However, digital verification is a must if you want to run a profitable organization, reduce fraud, stay compliant with international regulations and reduce the manual effort involved in physical verification. 

Digital verification supports multiple technologies like Image rectification, Blurriness detection, and Optical Character Recognition. These technologies will automate the identity verification process, making it reliable and time-efficient. 

But with the changing business behavior and behavior, how do you know that you are ready for what the future holds? This guide will cover almost everything about digital identity and related topics. In addition, we will be examining the current and emerging technology for online identity verification. 

What is Digital Identity Verification, and Why is It Necessary? 

Digital identity verification is a process that validates a person’s details and identifies who they are by computer technology. Digital identity is an online identity claimed in cyberspace by an individual, organization, or electronic device. 

In simple words, digital identity is the body of information about an individual that exists online. 

Through unique patterns, each identifier makes it possible to identify individuals. Initially, a digital identity arises from personal information on the web, and it may be the Pseudonymous profile linked to the device’s IP address. 

Why Has Digital Identity Verification Become Necessary? 

As technology helps us perform various complex tasks, cybersecurity threats also can’t be overlooked. Unfortunately, however, many people have their identities compromised. And cybercriminals are always on the hunt for frail networks. 

That means loopholes will be created in the complete identity management system that can be fatal for any organization. Organizations have to face millions of financial losses only because of the increase of identity thefts. 

That’s why the more robust line of defense in the form of digital identity verification is becoming necessary. 

Rise of Digital Identity Verification 

In the mindset of the social alarm created by the Coronavirus, many efforts are focused on regaining stability. However, since March 2020, we all have been asked to change our habits in most circumstances like everything has to be done without leaving home. 

From watching movies to banking, everything should be done remotely. With the rise of digital transactions, there is a positive impact in the world of banking. However, digital transactions open up various advantages and opportunities for users. 

But it also has some risks that did not exist before. That’s why digital banking requires a lot of security and trust between banks and consumers. For example, while interacting with new customers, banks need to know whether the customer is who they say they are. 

In that case, Banks conduct a Know your customer process to ensure that the individual is not a fraudster. Therefore, during the customer onboarding process, the online real-time identification of an individual’s identity through digital identity verification is also a must. 

Recently, the Fintech company allowed their customers to transfer money through an online app; as a result, their shares rise to 13% on the first day, and its market value reached up to $7.8 billion. 

Below, we will show you some points that will clarify the concept of digital identity verification evolution. 

  1. Rising Trend in the use of Digital Identity 

Identity verification is a critical issue in many companies that need to comply with KYC regulations during the personal onboarding process. Many financial institutions are turning to digital identity verification to safely and securely onboard remote customers. 

About 85% of BFSI companies have already started the digitization process and provided digital account opening. However, the budget allocated to the digital account opening has almost doubled the size before the current pandemic. 

After the COVID-19, many Financial institutions partially started digitizing the customer verification process. For example, an individual has to initiate a loan application online and then finalize it with an in-person visit to show their online identity. 

  1. Strong Security, Privacy and Compliance Requirements

The customers want to open a bank account with minimal friction. In addition, they want to feel secure that the right level of security is in place to protect their identity. 

Therefore, digital verification must consider anti-fraud, all security, and data privacy with the security of customers’ data. Anyone aiming to digitize an account opening process will be well aware of many requirements that need to be met.

  1. Some Financial Institutions have a Solid Competitive Advantage in Enabling Digital Identity Verification by Adapting to New Customer needs

The digitally-enabled financial institutions whose employees work from home best fit social distancing and online financial services. The banks with a mature digitalization channel are on the success line, while others have to kick start their digitization program from starting. 

  1. Digital Transaction Volume Increases, But so do Fraudsters and Cyber-Attacks

Fraudsters are also taking advantage of the insecure online transactions during COVID-19. When the WHO declared the pandemic, there was an apparent rise in the loan fraud attacks and took the form of first-application fraud, third-party application, and synthetic identity fraud. 

That’s why financial institutions are incredibly vigilant in their onboarding and digital identification process to detect and prevent application fraud. 

How Does OCR Work for Identity Verification? 

The manual job of feeding the data needs to be automated to improve the process of identity verification. In that case, OCR (Optical Character Recognition) converts all the information on an ID into text for input and information validation. 

First, the digital identity will be scanned, then analyzed, and finally translated into the character codes. Further, you can use this machine-encoded text to validate the information against a genuine verification source. 

It will help you verify National IDs containing numbers, addresses, names, and various other parameters. 

Benefits of Using OCR Technology for Identity Verification

Here, we will walk through some of the benefits of using OCR technology for digital identity verification. 

  • Time-efficient: OCR will eliminate the need to enter details on every form or HR portal manually.
  • Cost-efficient: It will reduce manual labor for document sorting and filing, thus saving delivery and raw material used for physical verification. 
  • High accuracy and improved service: OCR ensures that the employees only access accurate and reliable information whenever needed. 
  • Storage space and data security: You can store the data inputted through OCR on servers that reduce the cost of maintaining the physical files. 

How Does Signzy Add Value to Your Digital Identity Verification Process? 

The benefit of partnering with Signzy for Banks and other financial institutions is that our combination of Artificial intelligence and blockchain will ensure that digital compliance is convenient but secure. 

Our solution is trained for document reading and facial recognition accurately representing an individual’s personal details. Our scalable backend operations help businesses to scale faster, cut turnaround time and reduce cost. 

Our data protection infrastructure can identify different types of IDs to input correct details and generate accurate and reliable results. 

Wrapping Up 

The organizations that haven’t yet indulged in the digital identity verification process gradually lose their customers. However, the evolution of OCR technology for digital identity verification benefited many financial institutions in time and cost efficiency, providing high accuracy and improved service. 

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling 10 million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks.  It works with over 240+ FIs globally including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a strong global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

Fintech & Data Risk

Posted on | by Signzian

The global fintech market was valued at $127.66 billion in 2018, and it is anticipated to grow at a CAGR Of 24.8 percent to $309.98 by 2022. According to Statista, 66.7 percent of bank executives believe FinTech will have a global influence on wallets and mobile payments. 

This illustrates how the Fintech sector has experienced tremendous growth in recent years and will continue to do so in the future. Another aspect that is stealing the limelight as a result of this rapid expansion is data risk. As more individuals switch from conventional methods to Fintech, the risk of critical data being compromised has grown dramatically.

Exemplification of Data Risks

According to a study conducted by Keeper Security, 70% of financial services firms have experienced a cyber attack in the previous year. Since the outbreak of the pandemic, a surge in cyber assaults has prompted FinTech firms to rethink and refocus their security strategies

A few examples of data breaches in the financial sector:

1. Dominos India

Domino’s India suffered a major data breach in April when the credit card information of nearly ten lakh of its customers and employees was leaked on the Dark Web. Names, phone numbers, and payment information, including credit cards and pizza preferences, were among the information leaked.

Alon Gal, CTO of security firm Hudson Rock, discovered the leak when he came across someone offering 10 bitcoin (approximately US$535,000 or INR4 crore) in exchange for 13TB of data, which included one million credit card records and details of 180 million Dominos India pizza orders.

2. Facebook

When the personal data of over 533 million Facebook users was posted on a low-level hacking forum, it was exposed in a data breach. Phone numbers, full names, locations, email addresses, and biographical information of users from 106 countries were leaked, with India being one of them.

Methods to Mitigate

To avoid data loss or theft, businesses must guarantee that data is appropriately safeguarded. When a data breach occurs, businesses should notify people, as well as report the risk of damaging their brand and consumer loyalty. Companies might face fines of up to €20 million or 4% of yearly sales under the General Data Protection Regulation

Following a variety of recommended practices can help to reduce the risk of data breaches:

  • Ensure the app’s secure architecture and code

Developing a safe app’s logic entails incorporating security into each phase of the app’s usage. You must evaluate what data to keep, where it will be saved, who will have access to certain app features and data, and more throughout the early phases of app development.

  • Use Code Obfuscation

Developing a safe app’s logic entails incorporating security into each phase of the app’s usage. You must evaluate what data to keep, where it will be saved, who will have access to certain app features and data, and more throughout the early phases of app development.

  • Build Secure Identification, Authentication, and Authorization Processes

When a person claims to be a user of your app, identification entails supplying a name or username. Authentication is supposed to show that they are who they say they are. The next stage is to decide what they are permitted to do after the system has identified and authenticated them.

Threat Landscapes Where Data are at Risk

Though Fintech in today’s world has become increasingly secure, there are still some weak spots that can put our data at risk. These are some of the risks which may emerge while you use any fintech platform.

  • Fraud Risk 
  • Merchant Risk
  • Regulatory risk 
  • Anti-money laundering and countering terrorist financing
  • Consumer Risks
  • Cybersecurity and Data Privacy
  • Credit risk and operational risk
  • Outsourcing Risk 

Data Risks & Third-Party Ecosystem

For specialist services, competitive advantage, operational efficiency, and cost savings, businesses have traditionally turned to third parties. However, as businesses extend their third-party ecosystems to perform fundamental tasks that are vital to operations, business models, and value propositions, a significant change is occurring. As a result, the dangers to the expanded company have increased.

As talent gaps emerge, as automation, analytics, and artificial intelligence (AI) progressively complement and enhance traditionally human-performed professions, businesses are reconsidering the nature of work, workforces, and workspaces. Many of these modifications can be influenced by third parties.

How Signzy Can Help?

With the increased data risks in the fintech sector, there is demand for securing the sensitive data of the customers successfully. But, the question is how do we do that?

That is precisely where we can assist you. 

We at Signzy, have a variety of AI-based solutions to digitally identify, verify, and authenticate customers, moreover helping in ensuring full security. Our solution for onboarding security has been deployed by more than 45 big and valued clients. These include leading banks, NBFCs, mutual fund managers, P2P lending banks, digital payment solutions, etc. Thus, making it promising and easier to trust us.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

Digital Identity in Fintech – Cyber Risks & Remedies

Posted on | by Signzian

A TransUnion Analysis found that digital frauds grew by 23.8% in the first four months of 2021 compared to the previous four months. At 60%, the financial services industry recorded the largest increase in online frauds.

To enable faster customer onboarding and an enhanced experience, Fintech providers and financial service companies are switching to digital identity technology. Also known as “Digital ID,” digital identification (or identity) is emerging as the new mode of identifying consumers lacking any legal form of ID documents.

Through this article, we shall look at the use of digital identity in the Fintech sector – and how to overcome its challenges.

Digital Identity in Fintech 

By using a digital ID, Fintech companies can unlock a huge market potential and offer a range of innovative financial services to their consumers, including financial inclusion of the “unbanked.” A Digital ID can streamline user authentication and improve the overall customer experience. 

Globally, governments and government agencies are putting together the infrastructure required for digital identity systems. For example, the Indian government has implemented the Aadhar-based eKYC registration process – which has reduced the cost of KYC registration from $5 to $0.70 for each customer.

How does this technology help in reducing identity thefts and cyber risks in the financial service sector?

  • Enabled by digital IDs, financial institutions can perform identity verification through the individual’s photo or video capture.
  • Digital IDs can also secure online transactions that are easier to manage instead of users having multiple online accounts that cyber attackers can target.

Why is Digital Identity Important in Fintech? 

Here is what makes digital identity important to the Fintech sector:

  • It helps in improving operational efficiency and eliminates “human error” from manual verification processes through building accurate customer profiles.
  • Increasing financial revenue by offering innovative products or services to previously unavailable consumers due to verification constraints.
  • Providing a superior user experience by removing any barriers to online transactions and securing user attributes.

Further, digital IDs can reduce the cost of customer service – by eliminating calling customers requesting for resetting their “forgotten” account passwords. At the same time, a digital identity can improve risk management by streamlining the eKYC process and safeguarding customer data from security breaches.

Digital Identity – Validation Workflow

How does digital identity work? A video-enabled digital identification process can help in identifying and validating individuals in the following ways:

  • Matching the person (on video) with the face on the ID document (example, PAN or Aadhar card).
  • A highly intuitive user interface for the best video interaction.
  • Use of video-based forensics for detecting any fake identity or spoofs.
  • High-end encryption for video transmission and communication.
  • Real-time capture of geolocation and IP address.

Digital Identity – Challenges

As stated by Phillip Malcolm of Refinitiv, banks and financial service providers must be able to “provide products and services (with increased scalability) that need to be technologically advanced.” Any large-scale disruption in anti-money laundering practices can result in irreversible damage – and large investments into digital identity technologies and infrastructures.

Additionally, with billions of dollars being transferred through online payments and eCommerce transactions, financial service companies will be regulated for compliance and penalized for any failures.

What is Signizy’s Role?

At Signzy, we believe that efficient digital identity solutions can go a long way in validating banking consumers and improving their banking experience. Designed for high-grade banking, Signzy’s VideoKYC solution is being used to onboard new banking customers according to financial regulations.

Through its partnership with the UAE-based Seed Group, Signzy is set to expand its footprint among banks and financial institutions based in the Middle East. With its global presence, Signzy has been instrumental in the digital transformation of leading banks and improving their global market share. This includes complete automation of their back-office operations and empowering their security infrastructure – among other capabilities.

Want to know how we can help? It is time to get in touch with us.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

New Norms For Digital Lending- How RBI’s Working Group Will Change The Terrain

Posted on | by Signzian

The report brings to the spotlight such shortcomings while providing a better framework for the sector. The relevant points from the report are explored below to create a better understanding of the proposal and the effect it can have on the industry.

Distinction Between LSPs and BSLs

There is a clear distinction between Loan Service Providers(LSPs) and Balance Sheet Lenders(BSLs). LSPs can be applications that provide borrowing options for the customers. They certainly need not be directly regulated but do require to partner with only regulated financial entities that can provide the services. BSLs on the other hand, provide loans and securely take credit risks. They are always regulated. This distinction allows LSPs to manage the front-end experience while BSLs manage regulatory compliance and risk.

A Ban On FLDG

First Loss Default Guarantee or FLDG instrument allows unregulated entities to offer loans to customers and take credit risk. The report strongly suggests against this backdoor entry. This is challenging to many new-age lenders as their processes are oriented around shadow lending. Additionally, neo-banking and DeFi(decentralized finance) models are also included in this section for a modal check. Fundamentally, the report directs that only regulated entities should hold taking credit risk options.

Eliminate Regulatory Arbitrage

The report advises to deem all products involved with credit risk as lending products and eliminate regulatory arbitrage. For example, most BNPL(Buy Now Pay Later) providers consider this option, not as a loan, and hence do not have apt KYC processing. They have no relation with the credit bureau.

Safety Of The Customer

In certain cases, the charges and rates can be as high as 100%(The normal being 40-45%). The working group recommends several actions to ensure consumer protection from such practices. These recommendations include:

  • Include all interests and charges as transparent APR(Annual Percentage Rate).
  • STCC(Short Term Consumer Credit)- must follow appropriate guidelines to prevent usurious charge rates.
  • Restrict very short-term loans with no instalments that are high risk.
  • Restrict Refinancing and over-indebtedness.

Regulated entities must also ensure fair treatment of borrowers by the LSPs involved, especially in the collection practices. All coercive behaviour is avoided to ensure confident customers and a healthy ecosystem.

Data Privacy

The consumer and not the entity is the owner of the data. All crucial lending decisions require explicit consent from customers for using their data. This extends to even any e-commerce platform which uses consumer data for underwriting decisions. This helps enhance security and overall data protection while maintaining consumer trust.

SRO And DIGITA

The report advises RBI to create a Self-Regulatory Organization (SRO) to govern activities and frame standards. It also recommends creating DIGITA(Digital Trust of India Agency). DIGITA will determine the minimum requirements and standards to verify compliance. If entities are not approved by DIGITA, they will be deemed non-compliant.

What Does This Mean For The Industry And You?

The initiatives outlined by the working group helps create a balanced framework that encourages innovation while protecting its consumers and minimizing financial risks in the system. This will help improve the dynamics in the ecosystem rendering growth in the industry. There are many venues that require clarifications and dialogue, but this preliminary report is a step in the right direction to achieve a more sustainable and secure environment. This ensures that the future of digital India is now… And it’s happening.

With the blessing of better lending ecosystems and safer financial environments comes the burden of stricter regulations and rigid compliance guidelines. If not careful, your enterprises can get affected and suspended due to bureaucratic complications. You can avoid this by availing reliable service providers for all your regulatory requirements. But how do you choose a good one? Opt one that gives you quick, safe, and customizable solutions. It should have a track record of good services and lots of options. This is why Signzy is the right choice for you. We can handle all your needs ranging from Video KYC to complete Onboarding Processes.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

RBI’s New PCA Framework for NBFCs

Posted on | by Signzian

The new Prompt Corrective Action(PCA) framework set forth by RBI for troubled NBFCs ensures market discipline and resilience of their financial health. In the past, PCAs were exclusive to banks. But, because many major NBFCs like SREI Group, IL&FS, DHFL, and Reliance Capital have run into financial crises over the past couple of years, this move comes at an apt time. The PCA framework targets to strengthen the supervisory tools from October 1, 2022. This will be based on the NBFCs’ financial position after March 31, 2022.

The primary objective of the PCA or Prompt Corrective Action framework is oriented and much mandated. It enables supervisory intervention at the precise and appropriate time, mandating the supervised entity to properly initiate and implement remedial measures. This is done to restore the supervised entity’s financial health in case of considerable deterioration. The PCA framework also acts as a tool for effective and strict market discipline maintenance.

Which are the entities included?

Previously, The PCA Framework applied to all banks operating in India. This includes foreign banks operating through subsidiaries or branches based on breach of risk thresholds of identified indicators. Now, via the RBI Notification dated December 14, 2021, It will also be applicable for all deposit-taking NBFCs, and other large NBFCs that position on the middle, upper, and top-most levels of the scale-based regulation for NBFCs of the RBI.

This includes  Investment and Credit Companies, Core Investment Companies (CICs), Infrastructure Debt Funds, Infrastructure Finance Companies, Microfinance Institutions, and Factors. But it excludes NBFCs not accepting Public money, Government companies, and Housing Finance companies. This would, therefore, apply to a smaller percentage of 10,000 NBFCs, most of which would be excluded from such tight regulatory purview as of now, till they grow up in size

What Is The PCA Framework

An NBFC will be placed under the PCA framework based on the Supervisory Assessment made by the RBI and/or the audited Annual Financial Results. However, the RBI can impose PCA on any NBFC(if they deem it fit) during a year.

For NBFCs-D and NBFCs-ND, indicators to be tracked would be Capital to Risk-Weighted Assets Ratio (CRAR), Tier I Capital Ratio (*refer to footnotes for definitions), and Net NPA Ratio (NNPA). For CICs, indicators that need to be tracked would be ANW/ARW(Adjusted Net Worth/Aggregate Risk-Weighted Assets), NNPA, and Leverage Ratio. The framework defines 3 risk levels with varying seriousness, criteria to enter either of these risk thresholds and RBI mandated controls (a summary of these is explained in the below table)

For further understanding, Capital Adequacy Ratio (or CRAR) is the ratio of the total capital(tier 1 and tier 2) and risk-weighted assets. For example, a house loan with strong collateral is inherently less risky than a loan given on a letter of credit and hence might need a higher capital cover in case it goes bad. This ratio is used to protect depositors. It also improves the efficiency and stability of financial systems around the world. Tier 1 capital is core capital. It consists of equity capital, intangible asset, ordinary share capital, and audited revenue reserves. Tier-1 capital absorbs losses and doesn’t require a bank to stop operations. Tier 2 capital is made of unaudited retained earnings, unaudited reserves, and general loss reserves. This capital absorbs losses in the event of any company entirely winding up or liquidating. 

 

What is the PCA framework’s impact?

These tight regulations would force the NBFCs to act in the best interest of public investors and make them better handle their financial books and asset quality. This, in turn, will make a provision of timely intervention to avoid a total wind-up and loss of money for equity holders and depositors. These steps are excellent for the current financial ecosystem as they provide a check on any company faltering in its functions. Prima facie, this might seem a bit too stringent, but in the long run, this will ensure better safety of both the customers as well as the companies.

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling 10 million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks.  It works with over 240+ FIs globally including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a strong global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

RRA

RBI Reduces Redundancy on RRA Recommendation

Posted on | by Signzian

The Reserve Bank of India withdrew over 100 previously issued circulars citing redundancy of their effects in current times on RRA Recommendation.

The move comes as a result of strong recommendations for the initiative from The Regulations Review Authority. This will reduce friction in financial transactions and other interactions. While this is a boost for the economy as a whole, prima facies, it does call for closer scrutiny to evaluate its actual extend.

The withdrawn circulars primarily focus norms concerning standards of:

  • Foreign Portfolio Investors and their Foreign Investments in India
  • RTGS- Real Time Gross Settlement
  • KYC- Know Your Customer
  • AML- Anti-Money Laundering
  • CFT-Combating of Financing Terrorism

RBI had set up Regulations Review Authority(RRA 2.0) in April 2021. The  RRA 2.0’s primary objective is reviewing regulatory advice and instructions while ensuring to identify and remove duplicate or redundant directives. It also streamlines reporting structure to decrease the compliance burden on REs(Regulated Entities). The RRA makes sure to revoke obsolete instructions while actively taking the effort to efface paper-based returns submissions.

The RRA has engaged in extensive communication and consultations with internal and external stakeholders in the industry. It conducted a review to simplify and easily implement supervisory and regulatory directives with these parties.

Mr. Swaminathan J, MD of the State Bank of India holds the chairmanship for the prime advisory group for RRA. The group itself was formed by the RRA shortly following its own constitution.

“The RRA has been engaging in extensive consultations with both – internal as well as external stakeholders, on review of the regulatory and supervisory instructions for their simplification and ease of implementation. Based on these consultations and the suggestions of the Advisory Group, the RRA has recommended withdrawal of 150 circulars in the first tranche of recommendations,” the RBI issued a statement.

With many of the surfeit roadblocks in financial interactions and transactions removed, this is a good time for companies and entities to take new initiatives. It is prime time for them to completely digitize and optimize their processes in the financial sphere.  Even the RRA promotes paperless submissions for applications and returns.

But the initial concern they have is to find trustable service providers for regulatory technology. Good resources, products, and services need to be available at a reasonable cost. Signzy can get you exactly that. We emphasize delivering the best regulatory and other financial technology services for you at state-of-the-art standards.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

1 12 13 14 15 16 26