Category: Security

Welcome to our Security category, a specialized space dedicated to delving into the critical aspects of data protection and security in the financial technology industry. We live in an era of digital finance where data breaches and cyber threats have become common occurrences, prompting to become a paramount priority for businesses and customers alike.

Our insightful articles deep-dive into the multifaceted world of fintech, shedding light on the most recent trends in data protection, the challenges inherent in securing digital transactions, and the emerging solutions to these challenges. Our objective is to offer a holistic view of the secure landscape, underlining the significance of solid security measures and the transformative role of technology in amplifying data protection.

At Signzy, our commitment to maintaining the highest echelons of security is unwavering. We design our innovative solutions with a strong foundation to ensure the safeguarding of sensitive data, providing our clients with a sense of assured security and peace of mind.

Whether you’re a fintech professional immersed in the industry, a business leader steering your company through the digital landscape, or just an individual keen on understanding the intricacies of data security, our this category offers a wealth of valuable insights.

We cordially invite you to join us as we embark on an exploration of the fintech domain, discussing the pressing importance of data protection in today’s digital age. This journey will illuminate the challenges, showcase the advancements, and highlight the preventative measures shaping the world of fintech security. Unravel the complexities of securing digital finance with us, and gain a deep understanding of why robust data protection is the bedrock of the digital finance industry.

Developing A Secure FinTech Application: Cybersecurity In FinTech

Posted on | by Signzian

When it comes to FinTech applications, cybersecurity is of paramount importance. In an industry where data security and privacy are of the utmost concern, any breach could have devastating consequences. That’s why it’s so important to make sure your FinTech application is as secure as possible.

But, how do you go about developing a secure FinTech application? Before you even start to think about that, we’d like to run you through some crucial stats:

  • More than $50 billion are invested each year in FinTech
  • 2 out of three transactions are made online
  • By 2030, the global FinTech market is expected to be worth $698.48 billion, growing at a CAGR of 20.3% from 2021 to 2030.
  • There are currently over 12,000 FinTech startups worldwide, with 500+ new FinTechs being created every year.

Now that you have a better understanding of the scope and significance of the FinTech industry, let’s take a look at how to develop a secure FinTech application.

But First, Cybersecurity!

How not to expose the personal data of nearly 145.5 million of your consumers in a single day, resulting in a $4 billion loss? Definitely don’t ask Equifax – a company that was responsible for one of the largest data breaches in history. The 2017 Equifax breach resulted in the exposure of names, Social Security numbers, birth dates, addresses, and driver’s licence numbers. But that’s not all – hackers also gained access to credit card numbers for more than 200,000 people and disputed documents with personal information for more than 182,000 people.

In short – it was a catastrophe. And it could have easily been avoided if proper cybersecurity measures were in place.

Secure FinTech Cybersecurity Challenges

When it comes to FinTech cybersecurity, there are a few key challenges that need to be addressed:

  1. Data Security And Privacy: In FinTech, data security is the top concern as 70% of banks consulted during the Sixth Annual Bank Survey. In the wake of high-profile data breaches, consumers are increasingly concerned about the security of their data. As a result, FinTech companies must go above and beyond to ensure that data is properly protected.
  2. Payment Security: With the rise of mobile payments, FinTech companies must be extra vigilant when it comes to payment security. Any breach could result in stolen funds or sensitive financial information.
  3. Fraud Prevention: The popularity of FinTech applications is contributing to the increase in cybercrime and fraud attempts. FinTech companies need to have strong fraud prevention measures in place to protect their customers.
  4. Employee security: In many cases, the weakest link in a company’s cybersecurity is its own employees. FinTech companies need to make sure that their employees are properly trained and educated on best practices for cybersecurity.

Secure FinTech Regulations And Policies

In addition to implementing strong cybersecurity measures, FinTech companies also need to be aware of the various regulations and policies that govern their industry. These include:

1. GDPR: The General Data Protection Regulation (GDPR) is a set of regulations that were introduced in 2018 to protect the personal data of individuals in the European Union. The GDPR applies to any company that processes or intends to process the personal data of individuals in the EU.

2. eIDAS: The European Union’s eIDAS regulation is a set of standards that govern electronic identification and trust services. The regulation applies to any company that offers electronic identification, signatures, or other trust services within the EU.

3. PSD2: The Payment Services Directive 2 (PSD2) is a set of regulations that were introduced in 2018 to improve the safety and security of online payments in the European Union. The PSD2 applies to any company that offers payment services within the EU.

4. PCI DSS: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that aims to protect the payment data of cardholders. The standard applies to any company that processes, stores, or transmits credit card information in any way.

5. APPI: The Association for Payment and Clearing Services (APPI) is a set of guidelines that were introduced in 2017 to protect the payment data of cardholders. The APPI applies to any company that offers e-commerce services within East Africa.

Secure FinTech Cybersecurity Solutions

So, how do you make sure your FinTech application is secure? Here are some tips:

1. Use Encryption

Data encryption is incredibly important when it comes to data security. As a FinTech company, you should never store your customers’ sensitive information in plaintext. Always use industry-standard encryption algorithms and protocols, such as 3DES or RSA – they can ensure that even if your data is stolen, it will be difficult for hackers to decipher and use.

2. Role-Based Authentication

Role-based authentication restricts access to data based on the user’s role (administrator, sales representative, etc.). This can help prevent unauthorized users from accessing sensitive information and make it easier for security teams to monitor access patterns.

With the varying access level requirements of different users within a FinTech application, role-based authentication can provide a seamless and secure experience that’s tailored to each user.

3. Multi-Factor Authentication

Multi-factor authentication adds an extra layer of security by requiring additional steps before authorizing access to data. This could include receiving a text message with a code or using biometric identification (fingerprint scanning, facial recognition software, etc.) to verify identity.

Multi-factor authentication also protects against phishing attacks, as it prevents hackers from accessing your application through fake login pages.

4. Short Login Sessions

Another way to increase security is to require users to re-authenticate after a period of inactivity. This will help prevent unauthorized access if a user’s device is lost or stolen.

Reduced session time can also reduce the risk of attacks that use brute-force methods to guess account credentials.

5. Force Password Change

Finally, to further protect your customers’ data, you may want to consider mandating users to change their passwords periodically. This can help prevent hackers from gaining access by guessing weak or compromised passwords.

To create a truly secure FinTech application, you must take these steps and leverage the latest cybersecurity technologies and best practices. And as always, make sure you partner with a trustworthy IT provider who will work with you every step of the way!

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru, and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

Fintech & Data Risk

Posted on | by Signzian

The global fintech market was valued at $127.66 billion in 2018, and it is anticipated to grow at a CAGR Of 24.8 percent to $309.98 by 2022. According to Statista, 66.7 percent of bank executives believe FinTech will have a global influence on wallets and mobile payments. 

This illustrates how the Fintech sector has experienced tremendous growth in recent years and will continue to do so in the future. Another aspect that is stealing the limelight as a result of this rapid expansion is data risk. As more individuals switch from conventional methods to Fintech, the risk of critical data being compromised has grown dramatically.

Exemplification of Data Risks

According to a study conducted by Keeper Security, 70% of financial services firms have experienced a cyber attack in the previous year. Since the outbreak of the pandemic, a surge in cyber assaults has prompted FinTech firms to rethink and refocus their security strategies

A few examples of data breaches in the financial sector:

1. Dominos India

Domino’s India suffered a major data breach in April when the credit card information of nearly ten lakh of its customers and employees was leaked on the Dark Web. Names, phone numbers, and payment information, including credit cards and pizza preferences, were among the information leaked.

Alon Gal, CTO of security firm Hudson Rock, discovered the leak when he came across someone offering 10 bitcoin (approximately US$535,000 or INR4 crore) in exchange for 13TB of data, which included one million credit card records and details of 180 million Dominos India pizza orders.

2. Facebook

When the personal data of over 533 million Facebook users was posted on a low-level hacking forum, it was exposed in a data breach. Phone numbers, full names, locations, email addresses, and biographical information of users from 106 countries were leaked, with India being one of them.

Methods to Mitigate

To avoid data loss or theft, businesses must guarantee that data is appropriately safeguarded. When a data breach occurs, businesses should notify people, as well as report the risk of damaging their brand and consumer loyalty. Companies might face fines of up to €20 million or 4% of yearly sales under the General Data Protection Regulation

Following a variety of recommended practices can help to reduce the risk of data breaches:

  • Ensure the app’s secure architecture and code

Developing a safe app’s logic entails incorporating security into each phase of the app’s usage. You must evaluate what data to keep, where it will be saved, who will have access to certain app features and data, and more throughout the early phases of app development.

  • Use Code Obfuscation

Developing a safe app’s logic entails incorporating security into each phase of the app’s usage. You must evaluate what data to keep, where it will be saved, who will have access to certain app features and data, and more throughout the early phases of app development.

  • Build Secure Identification, Authentication, and Authorization Processes

When a person claims to be a user of your app, identification entails supplying a name or username. Authentication is supposed to show that they are who they say they are. The next stage is to decide what they are permitted to do after the system has identified and authenticated them.

Threat Landscapes Where Data are at Risk

Though Fintech in today’s world has become increasingly secure, there are still some weak spots that can put our data at risk. These are some of the risks which may emerge while you use any fintech platform.

  • Fraud Risk 
  • Merchant Risk
  • Regulatory risk 
  • Anti-money laundering and countering terrorist financing
  • Consumer Risks
  • Cybersecurity and Data Privacy
  • Credit risk and operational risk
  • Outsourcing Risk 

Data Risks & Third-Party Ecosystem

For specialist services, competitive advantage, operational efficiency, and cost savings, businesses have traditionally turned to third parties. However, as businesses extend their third-party ecosystems to perform fundamental tasks that are vital to operations, business models, and value propositions, a significant change is occurring. As a result, the dangers to the expanded company have increased.

As talent gaps emerge, as automation, analytics, and artificial intelligence (AI) progressively complement and enhance traditionally human-performed professions, businesses are reconsidering the nature of work, workforces, and workspaces. Many of these modifications can be influenced by third parties.

How Signzy Can Help?

With the increased data risks in the fintech sector, there is demand for securing the sensitive data of the customers successfully. But, the question is how do we do that?

That is precisely where we can assist you. 

We at Signzy, have a variety of AI-based solutions to digitally identify, verify, and authenticate customers, moreover helping in ensuring full security. Our solution for onboarding security has been deployed by more than 45 big and valued clients. These include leading banks, NBFCs, mutual fund managers, P2P lending banks, digital payment solutions, etc. Thus, making it promising and easier to trust us.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

Digital Identity in Fintech – Cyber Risks & Remedies

Posted on | by Signzian

A TransUnion Analysis found that digital frauds grew by 23.8% in the first four months of 2021 compared to the previous four months. At 60%, the financial services industry recorded the largest increase in online frauds.

To enable faster customer onboarding and an enhanced experience, Fintech providers and financial service companies are switching to digital identity technology. Also known as “Digital ID,” digital identification (or identity) is emerging as the new mode of identifying consumers lacking any legal form of ID documents.

Through this article, we shall look at the use of digital identity in the Fintech sector – and how to overcome its challenges.

Digital Identity in Fintech 

By using a digital ID, Fintech companies can unlock a huge market potential and offer a range of innovative financial services to their consumers, including financial inclusion of the “unbanked.” A Digital ID can streamline user authentication and improve the overall customer experience. 

Globally, governments and government agencies are putting together the infrastructure required for digital identity systems. For example, the Indian government has implemented the Aadhar-based eKYC registration process – which has reduced the cost of KYC registration from $5 to $0.70 for each customer.

How does this technology help in reducing identity thefts and cyber risks in the financial service sector?

  • Enabled by digital IDs, financial institutions can perform identity verification through the individual’s photo or video capture.
  • Digital IDs can also secure online transactions that are easier to manage instead of users having multiple online accounts that cyber attackers can target.

Why is Digital Identity Important in Fintech? 

Here is what makes digital identity important to the Fintech sector:

  • It helps in improving operational efficiency and eliminates “human error” from manual verification processes through building accurate customer profiles.
  • Increasing financial revenue by offering innovative products or services to previously unavailable consumers due to verification constraints.
  • Providing a superior user experience by removing any barriers to online transactions and securing user attributes.

Further, digital IDs can reduce the cost of customer service – by eliminating calling customers requesting for resetting their “forgotten” account passwords. At the same time, a digital identity can improve risk management by streamlining the eKYC process and safeguarding customer data from security breaches.

Digital Identity – Validation Workflow

How does digital identity work? A video-enabled digital identification process can help in identifying and validating individuals in the following ways:

  • Matching the person (on video) with the face on the ID document (example, PAN or Aadhar card).
  • A highly intuitive user interface for the best video interaction.
  • Use of video-based forensics for detecting any fake identity or spoofs.
  • High-end encryption for video transmission and communication.
  • Real-time capture of geolocation and IP address.

Digital Identity – Challenges

As stated by Phillip Malcolm of Refinitiv, banks and financial service providers must be able to “provide products and services (with increased scalability) that need to be technologically advanced.” Any large-scale disruption in anti-money laundering practices can result in irreversible damage – and large investments into digital identity technologies and infrastructures.

Additionally, with billions of dollars being transferred through online payments and eCommerce transactions, financial service companies will be regulated for compliance and penalized for any failures.

What is Signizy’s Role?

At Signzy, we believe that efficient digital identity solutions can go a long way in validating banking consumers and improving their banking experience. Designed for high-grade banking, Signzy’s VideoKYC solution is being used to onboard new banking customers according to financial regulations.

Through its partnership with the UAE-based Seed Group, Signzy is set to expand its footprint among banks and financial institutions based in the Middle East. With its global presence, Signzy has been instrumental in the digital transformation of leading banks and improving their global market share. This includes complete automation of their back-office operations and empowering their security infrastructure – among other capabilities.

Want to know how we can help? It is time to get in touch with us.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

KYC in the USA- The Origin, Evolution, and Future of America’s Frontier Against Financial Fraud

Posted on | by Signzian

Introduction

In 2017 a survey from FDCI revealed that 25% of all US households were unbanked or underbanked. This meant that more than 30 million households did not have a bank or credit card account. In 2019 the numbers fell to less than 5.4% of the households being unbanked. That was an estimated 7 million households. This indicates the untapped potential in the banking industry.

More customers than ever will start a bank account in the coming years. This pace at which citizens are starting a relationship with a bank is impressive. But how much can we ensure that all the applicants are legit? How can we make sure that no fraudsters are aided? To put things into perspective 2019 alone saw 650,572 cases of identity theft and 271,823 cases of credit card fraud in the US. To prevent this, KYC comes into play.

KYC process in banks is used to obtain information about the customer with their consent. The obtained information includes their identity details and addresses. It ensures that there is no misuse of the bank’s services. This stops fraudsters who try to imitate or forge identities for financial crimes.

We must also notice that fraudsters have found newer ways to evade KYC through the ages. These include digital synthetic ID frauds and scraping for ATOs(Account Takeovers). In 2021, we have enough resources and methods to maneuver the issues with traditional KYC processes. An upgrade is inevitable. The introduction of Digital KYC is set to change the whole process of onboarding. Let’s have a detailed look at the KYC process in banks in the US and what its future holds.

Does KYC Require The Attention It Demands?

Before the introduction of the KYC process in banks, fraudsters conducted crimes without much resistance. The lack of regulation coupled with unverified customer identifications caused easy manipulation of the financial system. Combatting this was inevitable. With the introduction of KYC financial crime has reduced, but new challenges await the sector.

According to a report from Atlas VPN, Q1 2020 saw a 116% increase in loan/lease fraud, alone. Credit Card frauds were at an all-time high of 435.8% during the same quarter. To add flame to the fire, overall fraud reports compared to Q1 2015 were over 435%. We can not attribute this to solely human errors or insufficient data collected.

The real culprit( other than the fraudsters, of course) is the inefficient handling of KYC. It might come as a shock that all this fraud occurred even after concerned institutions implemented the KYC process in banks. One can only imagine the outrageous leaps these numbers might have taken if such a regulatory process didn’t even exist.

KYC acts as the firewall against these fraudsters, but with advancing technology and global connectivity the fraudsters have an edge. The era of traditional KYC is nearing dusk. It is only a matter of time before the government brings regulations and advises for digitized KYC process in banks.

The primary objective of KYC is not fraud prevention, even though it does filter out the fraudsters for the better. The Patriot Act intended CIP or KYC to prevent Terrorist Funding and Money Laundering. To an extent, it has been effective. But as all things go, it can be better. This is where banks should upgrade their processes..’ A system devoid of human errors and manual processing will be the next step for this.

How KYC process in banks Came Into Being In The US

 

The need for KYC came with an increase in financial crimes in the Country. Every decade fraudsters find ways to commit crimes avoiding the regulatory oversight. To eliminate the problem at the source, the government and experts came up with KYC. Proper verification of the customer helps identify fake and fraudulent activities if any.

Though KYC was introduced under The USA Patriot Act, its history spans several decades before. Here is an overview:

  • In 1950, Congress passed the Federal Deposit Insurance Act to govern FDIC( Federal Deposit Insurance Corporation). It had regulations for banks to comply with to be insured by the FDIC. This was the first primitive step towards modern KYC.
  • In 1970, Congress passed the FDI Act Amendments also known as the Bank Secrecy Acts(BSA). It was a modified take on the FDI Act adding five types of reports for banks to file with the Treasury Department and FinCEN.
  • On October 26, 2001, Congress passed the USA Patriot Act. This act contained all the ingredients for modern manual KYC.
  • On October 26, 2002, The Secretary of Treasury finalized regulations defining KYC mandatory for all financial institutions. All associated processes conformed to CIP(Customer Identification Program) under this act.
  • In 2016, FinCEN made it necessary for banks to collect the name, address, social security number, and date of birth of persons owning more than 25% of an equity interest in any legal entity.

KYC was met with mixed reception during the two decades that have passed since it became mandatory in the US. Nonetheless, none of its criticism countered that KYC helps ensure safety and prevent fraudulent activities. Rather most of it was associated with the difficulty in implementing such a procedure and the privacy concerns.

What Does KYC Mean In The US?

KYC refers to the process implemented by a financial institution or business to:

  • Establish verified customer identity.
  • Understand the exact nature of the customer’s activities. This is to confirm that the source of associated funds is legitimate.
  • Assess money laundering risks.

 

It has 3 aspects:

1. CIP- Customer Identification Program

Any individual associated with a financial transaction requires identity verification in the US. CIP ensures this. This is under the recommendation of the FATF( Financial Action Task Force). FATF is a pan-government anti-money laundering organization.

A pivotal element to proper CIP is risk assessment. This has to be at the institutional level as well as at the level of procedures for individual accounts. Most of the exact implementation decisions are left to the institution, but CIP provides a guideline to follow.

The minimum requirements for opening a financial account in the US are:

  • Name of the customer
  • Address of the customer
  • Date of birth
  • Identification Number/ Social Security Number(SSN)

The documents verified for KYC include social security card, passport, driving license, and credit/debit cards. It is up to the institutions to install the necessary protocols for the specific documents.

The institution is to verify this information within a reasonable time. This includes comparing provided information with information from public databases, consumer reporting agencies, among other diligence measures.

2. CDD- Customer Due Diligence

CDD ensures if you can trust a particular client. It assesses the risks and protects the institution against criminals, PEP(Politically Exposed Persons) presenting a high risk or even terrorists.

It has 3 levels:

  • SDD(Simplified Due Diligence)- it is a simplified procedure. The risk of money laundering is low.
  • CDD(Basic or Standard CDD)- standard procedure for average or moderate levels of risk. Performed for most clients.
  • EDD(Enhanced Due Diligence)- Additional information is obtained. It has a clearer understanding to mitigate associated risks. Mostly done in high-risk circumstances.

Some of the important measures taken during CDD are:

  • Confirm the identity and location of the client including a proper understanding of their business venture. This might be a simple act of verifying the name and address of the potential customer.
  • Categorize clients based on their risk profiling. This must be done prior to any digital storing of information and documentation
  • In areas that require EDD, ensure that the entire process is performed. This is an ongoing process as any low-risk client can become high-risk. Thus, periodic CDD is necessary.
  • The necessity of EDD depends on certain factors. These include the location of the person, occupation of the person, types of transactions, and pattern of activity.

3. Ongoing Monitoring

It refers to the program monitoring the customers on an ongoing basis. This includes oversight over accounts and financial transactions. This includes accounts with spikes of activity, adverse media mentions, or any other concerning occurrences. Periodical reviews of accounts and risk factors are done.

What Are The Types Of KYC?

 

Standard KYC

Includes the KYC performed for individual customers and clients. It is most widely done. The process has slight variations depending on the jurisdiction the banks fall under.

KYB- Know Your Business

It is an extension of KYC for anti-money laundering. It verifies a business including the registration credentials, UBO(Ultimate Beneficial Owners), location, and other factors. The institution screens the business against the grey and blacklists that include entities involved in fraudulent activities. It identifies fake businesses and shell companies.

It is also known as Corporate KYC.

KYCC- Know Your Customer’s Customer

It identifies the activities and nature of the customer’s customer of a financial institution. It includes identifying the people involved, assessing the risk levels and major activities of all entities.

eKYC- Electronic KYC

eKYC, also known as Digital KYC is the remote and digital transposition of the KYC process. Authentication is done through electronic and digital methods with verification performed digitally without the requirement of physical documents. It uses the aid of technology like OCR and live-video access.

The Not-Too-Distant Future Of KYC

KYC is criticized for the increase in dropout rates during onboarding as it makes the process more complex. This overwhelms the customers trying to onboard who become reluctant to do business with the banks.

This is worth notice as newer fintech startups are increasing their customer onboarding every year. Since 2018, Venmo has performed KYC on more than 30 million customers before onboarding them. They do this through technology and digitization. eKYC or digital KYC was the key factor that gave such impressive results.

Another concern regarding KYC is the amount of machinery and expenditure associated with the traditional modes. In 2016, regulatory compliance cost banks over $100 billion. This cost was expected to rise by 4% to 10% by the end of 2021 by Forbes. The expenses banks have to bear for KYC compliance is high.

This can be reduced to fascinating degrees with proper digitization of the entire KYC process. The perks of adopting such revolutionary technology will drive companies to success. It is time we understand this and proceed further into the future. For the future is not too distant!

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

The Common Factors Of Global Privacy Framework — A Brief Overview On GDPR, CCPA & DEPA

Posted on | by Signzian

“India needs a paradigm shift in personal data management” — stated in the NITI Aayog draft on DEPA architecture. With the introduction of the PDP Bill, the argument holds rightfully so. We already have the blueprint, so isn’t it time we get started on the building architecture itself? So the DEPA was just a matter of time.

The DEPA framework is robust and unique to Indian data privacy laws. Anyone who goes through the proposal will agree that it overlays some areas which are not unique. These areas can be found in the data privacy framework of other nations as well. Let us take examples of the two prominent ones — Europe’s GDPR and California’s CCPA.

CCPA — Popularity Of Privacy In California

There is no single authority for oversight on data privacy in the U.S.

Instead, the country maintains a sectoral approach. It is dependent on a collective of sector-specific laws and state laws.

 

There are almost 20 industry — or sector-specific federal laws. on the state level, more than 100 privacy laws exist (in fact, there are 25 privacy-related laws in California alone) .

The California Consumer Privacy Act (CCPA) provides citizens of California with 4 rights for power over personal data:

– right to notice

– right to access

– right to opt-in (or out) and

– right to equal services.

Any organization which gathers the personal data of California residents must adhere to CCPA.

Personal Data Classification in CCPA

The CCPA defines personal information as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” In other words, the State recognizes a “broad list of characteristics and behaviors, personal and commercial, as well as inferences drawn from this information” that can be used to identify an individual. Examples of covered personal information include:

  • Personally identifiable information (PII) . This can be name, address, phone number, email address, social security number, driver’s license number, etc.
  • Biometric information, such as DNA or fingerprints.
  • Internet or similar electronic network-based activity information. This can be browsing history, search history, and information regarding a consumer’s Internet activity.
  • Geolocation data
  • Audio, electronic, visual, thermal, olfactory, data or similar format of data.
  • Professional or employment-related information.
  • Education information, defined as information not readily available for the public.
  • Inferences drawn from any of the above examples that can create a profile about a consumer. This reflects the consumer’s preferences, characteristics, psychological trends. It also displays predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

GDPR — The European Breakthrough In Privacy

GDPR is an EU regulation that has been designed to protect user’s personally identifiable information (PII). It also enables businesses to hold a higher standard in terms of how they collect, store, and use this data.

Similar to CCPA above, GDPR gives EU citizens control over their personal data. It also assists in changing the data privacy approach of global organizations.

Key Highlights

 

  • GDPR is applicable to all who process “personal data”. Most obviously, these are names, email addresses, and other types of PII
  • It creates significant new responsibilities. Processing personal data makes you responsible and accountable for its security and use.
  • It has a global reach. Despite being an EU law, it applies to all, regardless of their location.
  • It doesn’t just apply to traditional businesses. The principles are concerned with what you do with other people’s data, not who you are or why you do it;
  • There are hefty fines for non-compliance. These can go up to €20 million ($24m) or 4% of global revenue, whichever is higher.

What are the common denominators?

The CCPA is about increasing transparency for California residents. It allows them to discover and change how their data is collected and transacted. Meanwhile, the GDPR is a binding regulation. It monitors data privacy across the E.U., replacing dozens of national privacy laws with a single framework. However, GDPR does have implications for businesses in the US, despite originating in Europe.

Side by side, here’s how they compare:

Both regulations arose to protect people in a world of increasing global interconnectivity. This is in a world where international transfers of personal data are more frequent and elaborate. Regrettably, advances in technology have resulted in data misuse scandals & sophisticated cyber attacks.

CCPA and GDPR apply to individual organizations in different ways. While there are some nuances in scope that distinguish both sets of legislation, they share similar goals.

How do the laws define personal information?

Personal information (CCPA) vs. personal data (GDPR)

CCPA deals with the collection and sale of personal information. GDPR on the other hand addresses personal data processing.

The CCPA defines personal information as any information that identifies, describes, relates to, or can be linked with a consumer or household. This includes PII as previously discussed.

Under the GDPR, personal data refers to any information that directly or indirectly identifies someone. While this doesn’t include household identifiers, any identifying personal data that is not anonymized falls under the GDPR. The CCPA, however, exempts specific categories of medical and personal information from its scope.

Contributions of CCPA & GDPR:

The two regulations overlap when it comes to some rights — so if you’re already compliant with GDPR, you’re well on your way to meeting CCPA requirements.

Here’s what the CCPA and GDPR have in common:

  • The right to know: Under the CCPA, businesses must disclose to consumers (upon request) the information that is collected, used, disclosed, and sold. Organizations under the GDPR must notify individuals at the time of collection and inform them of the purpose. They must also inform how long they’ll retain this data, and who it will be shared with.
  • The right to access: Individuals are entitled to access their personal data. They can request copies of their personal information verbally or in writing. Businesses have a month to respond to requests under the GDPR and — most of the time — can’t charge fees to deal with them.
  • The right to portability: Individuals protected by the CCPA and GDPR have the right to request their personal information. This can be inaccessible, machine-readable formats such as CSV, XML, and JSON.
  • The right to erasure: Consumers have the right to request the deletion of any personal information. This can be to an organization has collected or stored under a variety of circumstances.

 

DEPA — How Laws Like GDPR and CCPA laid the groundwork?

The PDP Bill introduces the construct of consent managers. They are data fiduciaries registered with the DPA. They provide interoperable platforms that aggregate consent from a data principal. This is similar in many ways to the GDPR Data Controllers. As mentioned above, personal data identification is also similarly reflected by the CCPA. The assigning of key stakeholders is also the same here.

Data principals may provide their consent to these consent managers. The consent is for the purpose of sharing their information with various data fiduciaries. They may even withdraw their consent through these consent managers. This is a unique construct. This concept has been introduced to support the Data Empowerment and Protection Architecture (DEPA) for financial and telecom data. This currently powers the Account Aggregators licensed by the RBI.

DEPA — Building From The Data Privacy Blueprint

 

NITI Aayog has presented a draft policy highlighting DEPA. DEPA stands for Data Empowerement and Protection Architecture. It allows individuals to “seamlessly and securely access their data. This can be shared with third-party institutions.

The report looks into assisting organizations with sharing the personal data of an individual with one another. This can be done through the concept of “consent managers”. They will manage people’s consent for data sharing.

The policy constitutes this new data governance model in light of ‘individual empowerment’. This is done by enabling the seamless exchange of personal data among institutions. The process is secure and minimizes privacy harms.

This draft policy follows the myriad of other data-related policies in India. These include the Non-Personal Data Governance Framework and the National Digital Health Mission. NITI Aayog has stated that the policy will be publicly launched and operationalized in 2020 itself.

Features:

  • DEPA will authorize individuals with control over their personal data. This will be done by implementing a regulatory, institutional, and technology design for secure data sharing.
  • DEPA is designed as an evolvable and agile framework for good data governance.
  • DEPA empowers people to seamlessly and securely access their data. It can be shared with third-party institutions.
  • The consent given under DEPA will be free, informed, specific, clear, and revocable.
  • Consent Managers: DEPA will involve the introduction of new stakeholders — User Consent Managers. They will ensure that individuals can provide consent for all data shared. These Consent Managers will also work to protect data rights.
  • Account Aggregators: Reserve Bank of India (RBI) had earlier issued a Master Directive for creating Consent Managers in the financial sector. They are to be known as Account Aggregators (AAs). A non-profit collective or grouping of these stakeholders form the DigiSahamati Foundation.
  • Open APIs: These enable the seamless and encrypted flow of data between data providers and data users through a consent manager.
  • Implementation: RBI, SEBI, IRDAI, PFRDA, and the Ministry of Finance are set to adopt and execute this model. This regulatory foundation will eventually evolve with the onset of new legislation (eg. with the forthcoming Data Protection Authority envisaged under Personal Data Protection Bill, 2019).

Background:

The regulatory direction on data privacy, protection, consent, and the new financial institutions required for DEPA’s application in the financial sector was provided through the following sequence of events:

  • Supreme Court Judgement on the Fundamental Right to Privacy in 2017.
  • Personal Data Protection Bill (PDP), 2019.
  • Justice Srikrishna Committee Report, 2018.
  • RBI Master Direction on NBFC-Account Aggregators, 2016 (for the financial sector).

Impact On Financial sector:

  • Individuals and Micro, Small and Medium Enterprises (MSMEs) can use their digital footprints with DEPA. They can also access not affordable loans. Other amenities include insurance, savings, and better financial management products.
  • The framework is expected to become functional for the financial sector starting fall 2020.
  • It will help in greater financial inclusion and economic growth.
  • Flow-based lending: DEPA can provide portability and control of data. This could allow an MSME owner to digitally share proof of the business’ regular tax (GST) payments or receivables invoices easily. On the other hand, a bank could design and offer working capital loans. This can be based on the demonstrated ability to repay. (This is known as flow-based lending). This is suitable for offering bank loans backed by assets or collateral.

Conclusion

This is the beginning of a new uniquely Indian journey on data empowerment and financial inclusion. An open and vibrant data democracy can be created. But this is only if we can enable a billion individuals to thrive in an increasingly digital economy.

The digital economy should comprise digital public goods. These should be designed to scale to meet the needs of a diverse population. Moreover, the technology standards constituting DEPA are open and publicly available. This also means that the technical and institutional architecture can also be applied to other countries. An institutional body could even be designed to help globalize this standard. This will help apply it to other nations facing similar challenges as appropriate.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Reach us at: www.signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

1 2 3 4