In an interview with Global Finance, Asit Oberoi, chief operating officer of India’s YES Bank, talks about how banks are countering threats from hackers and cybercriminals.
Global Finance: What are the main security challenges facing digital banks today?
Asit Oberoi: The fundamental challenge is the validation of user identity. The physical signature that is used to uniquely identify the credentials of the users in the physical world needs to be replaced by a scalable and convenient-to-use equivalent in the digital world. The other significant challenge is identity spoofing and other cyberthreats like the infusion of malware through unsolicited emails and the vulnerabilities they expose the user’s systems to. The objective for the bank is to try and achieve the right blend of robust security and customer convenience.
GF: So what do clients ask of digital banking security?
Oberoi: The level of awareness of information security strategies among corporate customers in India is still at a nascent stage. The onus is therefore on the bank to enhance awareness and insist on the right kind of online risk mitigants, while ensuring that customer convenience is not compromised in the process. Additionally, the Reserve Bank of India has adopted a very proactive approach towards information security and has stringent guidelines for banks to deploy potent mechanisms of online second-factor authentication.
GF: What strategies have YES Bank employed to protect the security of its systems?
Oberoi: YES Bank offers its corporate Internet banking customers multiple and reliable second-factor authentication options and stronger fraud deterrents than other systems. Among them are biometric authentication, public key infrastructure (PKI) authentication (based on the digital identity of individuals, established through digital certificates) and a transaction security and challenge response authentication utility. These are seamlessly integrated with the corporate net banking application, and the user is authenticated only if second-factor validation requirements are met, in addition to user ID and password. Other solutions like managed PKI and device-controlled messaging services ensure that the customer’s overall digital (non-Internet) experience is also secured. In its host-to-host interactions with clients, the bank is progressively moving away from SFTP [Secure File Transfer Protocol] and its equivalent infrastructures to more secure transmission protocols.
GF: What is the next frontier of system security?
Oberoi: The need of the hour is to mount an active defense to preempt threats and counter them using an intelligent and evolving security landscape. We are embracing a threat-centric outlook over a compliance-centered one—which can be especially tricky in an industry that is so heavily focused on compliance.