By Sumana Iyengar, CEO & Co-founder, Goavega Software India
Open banking, a practice that provides third-party financial service providers an open access to consumer banking, transaction, and other financial data from banks and NBFCs through the use of application programming interfaces (APIs), has been rapidly catching up and is said to be the future of financial technology.
While this has several benefits, the innovation is also a high-risk practice as it involves sharing of and trading vast amounts of data. And while financial technology, over the past few years, seen tremendous growth in India, the Covid pandemic has facilitated a huge surge.
Online transactions worth INR 4.3 lakh crore were reportedly carried out on UPI in January, 2021 vs. INR 2.1 lakh crore in the January, 2020 that has highlighted the urgent need for building a robust open banking system with set data security protocols.
As per a recent report, The Reserve Bank of India has announced a new set of guidelines for the digital banking and payments ecosystem, which requires regulated entities (REs), scheduled commercial banks, small finance banks, payments banks and credit card issuing NBFCs to conduct periodic assessment of apps and associated third party services. From conducting source code checks, vulnerability testing, and penetration testing every six months for payment systems, RE’s will also be required to conduct rigorous third party periodic testing, and also be subject to penal provisions in case of no compliance.
Key Data Security processes that needs to be adopted urgently by Banks and other NBFCs:
- API Security and access management: Considering the omnipresence of Application Programming Interface (API’s) and vital role in ensuring app based secure transactions, access control, and overall API security is a non-negotiable factor for open banking. Effective API security looks at Data security and content filtrations, through procedures that like API gateway, encryptions and signatures, and using quotas. For ensuring a successful and effective API and Access Management security, it is vital to focus on the type of API, its key functions…