Everyone should be delighted that financial organizations are successfully adopting multiple facets of digitization to augment offerings, improve CX, reduce operating cost and enhance operational efficiency. Open APIs have infinitely empowered collaborations and experiences for organizations by simplifying complexities. This happiness comes with an equally big fear - with every new technology and innovation, cybercrime is escalating, resulting in losses, penalties and loss of trust and reputation. To identify how business and management strategies can arrest the rising threats and ensure smooth continuity, Banking Frontiers organised an insightful session of senior business and technology leaders from the BFSI to discuss cyber security risks in current scenario of business and strategies to combat them.
Anup Purohit, Sr. President & CIO, Yes Bank: Security is the mindset, 20% of our applications are developed by our in-house team. Our development team is a mix of employee and partner staff. Our 10% applications have an agile methodology while the applications which we purchase from technology vendors are still not getting into an agile methodology. The applications which are developed in-house are driving the developers. These have almost zero application security vulnerabilities. Applications which come from tier-1 vendors have failed to comply with the top 10 IOS guidelines.
Technology companies need to create a mindset before developing products and customization as per banks’ requirements at a lowest common denominator. For example, when Yes Bank did core banking migration, I ensured my CISO and IT team were sitting with the developer’s team in their office. We daily visited that office during the development lifecycle and a created mindset among the developer staff. All my applications which are coming from the vendors have a huge number of security vulnerabilities. We have a team of 40 people to check these vulnerabilities. After that our CISO checks them, before it goes to the final production.
We are in no way close to open banking in India. In European countries all the banks have come together, and they have decided on standardized format in which APIs are developed. So, unless there is a standard format made by a governing body for APIs, API banking will not be a reality. We will continue doing open banking in a individualized manner. There is scope for the open banking, all the API need not to be standardized, banks have right to do innovations in API and they can build their own innovations.
No one in the organization can say no to security, including the board members. Security infrastructure should not have any budget constraints. It is up to the CISO and the CIO of banks to have right kind of security tools and framework.
Sharatee Ghosh, EVP-Service & Quality, Kotak Mahindra Bank: The risk versus convenience issue is always a problem in banking. Product managers and marketers want the best possible UI and UX in their products. None of the global organizations which are into fintech have strong regulatory guidelines. We are all living in a viral world. For example, there was a problem in the mobile banking service of a bank, which went viral on Twitter and WhatsApp.
You can read up to 3 premium stories before you subscribe to Magzter GOLD
Log in, if you are already a subscriber
Get unlimited access to thousands of curated premium stories, newspapers and 5,000+ magazines
READ THE ENTIRE ISSUE