BFSI VISION | Cyber Security


Kishor Chitale
CEO - Local Business Services, India and
Middle East, Capgemini

Cyber Security Landscape in the BFSI Sector

In the recent past, there has been a significant growth in cybercrimes across the country. According to the Computer Emergency Response Team-India (CERT-In), 62,189 cyber security incidents were reported in the first five months of 2014. The key reason for this trend is that traditional approaches to fraud detection and prevention are under strain. For instance, cyber security is ever so important in the BFSI sector due to the increased use of mobility channels for transactions and financial communication. While most banks have tighter two factor authentication (2FA) for online banking, mobile banking has relatively higher vulnerability due to the risk of device loss and usage of weak passwords, despite common knowledge of the importance of strong passwords.

It is also increasingly getting imperative for financial organizations to design the right metrics to measure the risk associated with cybercrime and develop digital forensic frameworks to identify and counter these threats. On its part, RBI has provided guidelines on Information security in a white paper “Guidelines on Information security, Electronic Banking, Technology risk management and cyber frauds”. It has also enforced 2FA for credit card transactions to minimize fraud. Guidance on the metrics design process has been published by both NIST (SP 800-55) and Centre for Internet Security. These can be used by financial organizations as a starting point on designing the metrics that suit their organization, business, and client needs.

Additionally, to counter the ever potent threat of Cybercrime in the mobile channels, BFSI organizations can incorporate the API’s provided by the Digital Forensics Framework (DFF) to embed into its home grown applications that deal with financial transactions and data to gather enough data and intelligence to detect fraud. Organizations can further mitigate the financial risk that might arise out of cybercrime, by purchasing cybercrime insurance to partly transfer the risk to an external insurance company and also to set aside funds to compensate for future loss.