Tag: Privacy

Open banking may potentially pose significant risks: RBI Dy Guv Rao

Banking & Finance

[ad_1]

Read More/Less


Open banking may potentially pose significant risks and concerns around financial privacy and data security, customer liability, cybersecurity and operational risks, among others, cautioned Reserve Bank of India (RBI) Deputy Governor M Rajeshwar Rao.

Open banking is the sharing and leveraging of customer-permissioned data by banks with third-party developers and firms to build applications and services, including those that provide real-time payments, greater financial transparency options for account holders, marketing and cross-selling opportunities.

In open banking, there can be wide-ranging third-party arrangements such as fintech firms, intermediary firms engaged in data aggregation and other service providers which may not have a contractual agreement with the bank over which regulators can exercise jurisdiction, Rao said in a webinar on Open Banking organised by Tata Consultancy Services (TCS) in association with the Embassy of India in Brazil

Further, it may be possible that several of these firms may not fall under the regulatory purview of any financial sector regulator. In such situations, it may become difficult for regulators to set requirements, specifications, and exercise regulatory jurisprudence, he added.

Loss/theft of personal data

“In open banking frameworks, risks associated with the loss or theft of personal data on account of poor security, data protection violations, money laundering, and terrorist financing concerns cannot be ruled out.

“Therefore, large scale adoption of open banking frameworks should ideally be preceded by strong data protection and privacy laws,”the Deputy Governor said.

Rao emphasised that such laws should anchor the ownership rights and ensure control and consent-based use of the data. They should also establish the boundaries of rights and obligations of third-party use, down-streaming data to fourth parties and reselling it.

“India has already embarked upon the same and The Personal Data Protection Bill, 2019 has already been introduced. The Bill seeks to provide for the protection of personal data of individuals and establishes a Data Protection Authority for the same,” the Deputy Governor said.

Redressal of grievances

Rao noted that in the absence of explicit arrangements for redressal of customer grievances and limiting their liability in case of erroneous or fraudulent activity, the acceptability of open banking frameworks may remain limited.

Therefore, the jurisdictions should address customer liability for third party access of data through customer protection or indemnity laws.

In this regard, Rao underscored that RBI had issued Charter of Customer Rights in December 2014, which lists ‘right to privacy’ along with ‘right to grievance redress and compensation’ among others.

Increase in surface area for cyber frauds

Rao cautioned that open banking architectures, which are premised on the enhanced sharing of data, increase the surface area for cyber frauds.

As the open API (Application Programming Interface) provides uncluttered access to customer banking data such as transactions and balance stored within the infrastructure, it may also pose a severe cybersecurity risk, he added.

“Losses caused to customers on account of cyber events would require financial institutions to compensate customers for such losses.

“Institutions may also face a variety of potential operational and cyber security issues related to the use of APIs, including data breaches, misuse, falsification, denial of service attacks and infrastructure malfunction,” the Deputy Governor said.

Difficult to assign liability

Rao remarked that with more parties and intermediaries involved in providing financial services in an open banking model, it is more difficult to assign liability. Suppose the regulations governing customer grievance redressals are not updated to consider available banking business models. In that case, the national authorities may find it challenging to provide the customers with adequate levels of protection.

In India, RBI implemented a separate Ombudsman Scheme for Digital Transactions in January 2019. The number of complaints received under the Ombudsman Scheme for Digital Transactions (OSDT) has been consistently increasing reflecting increased digital modes of banking, he said.

Potential disruptor

“Open banking is a potential disruptor in the financial system and may change the way of doing banking for both- customers and banks.

“New pure tech-play entities have the potential to snatch market share from established but traditional financial institutions because they are technologically more advanced, digitally agile to cater to customer needs with higher efficiency, have better user interface, and are more competitive in pricing,” the Deputy Governor said.

At the same time, all stakeholders need to appreciate that while technological innovation is of paramount importance, customer privacy and data protection are non-negotiable, he added.

[ad_2]

CLICK HERE TO APPLY

Leave a comment , , , , ,

Banks review services policy for WhatsApp, BFSI News, ET BFSI

Banking & Finance

[ad_1]

Read More/Less


Banks, which were looking to integrate WhatsApp as a key channel for customers to transact on, are reviewing their policies in respect of the use of the messaging platform. This comes after general concerns among the public that have arisen over Facebook sharing user data among its group companies.

HDFC Bank, which was earlier offering customers the option to obtain bank account balances through WhatsApp banking, has discontinued the facility. Customers seeking balance inquiry are asked to use the bank’s mobile banking app, net banking or other offline methods. Others — ICICI Bank, IDBI Bank, Kotak Mahindra Bank and IndusInd Bank — continue to allow customers to check their balance.

According to an industry source, earlier the idea was to have deep integration with the bank’s systems and artificial intelligence chatbots so that customers can get their servicing requests and even transactions done in a straight-through manner. The idea was to facilitate the entire banking experience through the social media platform, where customers spend most of their time, without having to log into net banking.

Now there appears to be some caution in using WhatsApp banking as a channel. It is not clear whether HDFC Bank’s change in WhatsApp services is part of its ongoing back office overhaul or review of the WhatsApp policy.

Incidentally, all Whatsapp banking chats come with a label stating that while these are encrypted, the bank may use a service to store, read and respond to messages and calls. According to Rajshekhar Rajaharia, a researcher on internet security who pointed out the policy change, businesses and solution providers will use WhatsApp’s parent company, Facebook, to securely store messages and respond to customers.

While Facebook will not automatically use messages to determine the ads that you see, businesses will be able to use chats they receive for their own marketing purposes, which may include advertising on Facebook.An ICICI Bank spokesperson, responding to a query from TOI, said, “Messages to the ICICI Bank WhatsApp Banking service are secured with end-to-end encryption. This means that WhatsApp or third parties cannot read them. Further, the delivered chats are neither shared with Facebook nor saved in the servers of Facebook. Facebook has meanwhile integrated a Whatsapp button on the homepage of banks. Customers will have the option to chat with the bank clicking on the button. The button is also available on some advertisements.”According to WhatsApp’s privacy policy, “Facebook may use the way you interact with these ads to personalise the ads you see on Facebook.”

Experts say that WhatsApp messages, being encrypted, are more secure than SMSs, which are viewable to telecom companies and government agencies and can also be intercepted by hackers. However, the concerns are not about hacking but privacy with organisations using customer data to sell third-party products.



[ad_2]

CLICK HERE TO APPLY

One comment , , , , , , ,