A few days ago, news reports of the personal data of 4.5 million Air India passengers leaked in a cyberattack on the airline’s data processor came out. The breach involved data such as name, contact, passport details, and credit card details of passengers. Air India faced this cyber-attack in February and quickly secured its servers right after.
News of cyber-attacks and data breaches is not as uncommon as you think. Larger organisations need to invest heavily in data security to prevent breaches such as the incident with Air India. Data security is a process by which data can be secured against unauthorised access, theft or corruption through its entire lifecycle. Usually implemented through a series of data encryption, hashtagging, key management, masking, and tokenisation practises, data security measures protect your organisation’s servers from cybercriminal activities and often against human errors.
Data Security in Video KYC and Digital KYC
As Video kyc was approved for use by the Reserve Bank of India in January 2020, the questions regarding data security in these processes became often debated. Video KYC or VKYC is a process by which banks and other financial institutions can authenticate your identity via live video interphase through a smartphone. In this process, a representative from the financial institution is present at the other end. KYC is a process by which institutions verify the identities of their customers to gauge their identity and credibility. Earlier, this process was done in person through a series of meetings and hand-written and signed documents. Reportedly, India is one of the first countries to introduce the Video KYC option for financial institutions.
VKYC has made the KYC process less tedious for both the institution and the customer and accelerated the response rate. Sometimes, a loan takes just a few hours to disburse from start to finish. Additionally, Video KYC also prevents data and identity thefts better since customers do not have to submit physical copies of identity proofs.
Last month, the RBI revised KYC norms and extended VKYC to small and medium enterprises and allowed limited KYC accounts to be converted to full KYC accounts through VKYC. The announcement also enables the use of a KYC identifier of the Centralised KYC Registry (CKYCR) to submit electronic documents (including Digilocker channels) as identity proof.
While VKYC is inherently more secure, it is still essential to implement specific security measures within your institution to keep your servers fully protected. It is vital to ensure that cybersecurity and customer due diligence processes are implemented hand-in-hand with protecting customer data. According to RBI’s guidelines, for a financial institution to implement VKYC or V-CIP, the technology infrastructure should be housed in its premises to meet the baseline cybersecurity framework. Industry experts do not recommend using third-party apps such as Zoom or Google Meet for Video KYC.
Kwik.ID offers a modular, platform-independent, and plug-n-play Video KYC solution as mandated by RBI, SEBI, IRDAI, and PFRDA. Our solution is platform agnostic and takes less than a week to integrate into your existing system. The VKYC solution includes a two-way video calling facility with one-way recording. Our Digital KYC and Video KYC solutions also consider RBI’s recommendation of having AI for better process integrity. We use an AI-enabled image processing software for identity verification by comparing user images across various documents, including ID documents, studio photographs, and selfies. Additionally, since the Video KYC for Banks process requires bank officials to validate each video through a ‘liveliness’ check, our solution has an integrated liveliness detection function – where the live-action commands can be customised as required by our clients.
We also provide DigiLocker integration to our Video KYC and Digital KYC solutions, using which we enable easy digital document exchange with consent. Our DigiLocker supports over 210 digital documents from several issuing authorities, including UIDAI, NSDL, CBSE, State Education Boards, and significant banking and financial institutions. As the pandemic threatens to bring financial transactions to a pause, adoption of Video KYC and Digital KYC are essential steps to help us collectively perform while accepting pandemic-related restrictions. While these digital disruptions are crucial in the long term, it is imperative to understand the threats involved in these processes and safeguard your institution against cybercriminal activities and data theft.