Categories: SecurityTop Stories

The brass tacks of building a secure digital enterprise

BMC Autonomous Digital Enterprise

Digital enterprises are companies that exist and operate predominantly in the digital economy. From lead sourcing, to sales, to payments, and delivery of products and services all happen over the internet. Over the last decade and a half, digital enterprises have become more the norm than the exception. Sectors dominated by digital enterprises are Fintechs, Gaming, Shared & On-demand Economy, E-commerce, and Payments.  

A lot of the focus of digital enterprises have been on service delivery, technology infrastructure, and operational efficiencies. However, with online fraud on the rise and fraudsters finding innovative ways of trapping consumers, security and safety of these digital networks have come under scrutiny. 

So what goes into building a safe digital enterprise? Let’s explore. 

Regulations

Regulations form the bedrock of a free functioning economy. They are meant to protect consumers, foster the growth of industries and allow businesses to thrive. However, it is not uncommon to see mixed opinions on their impact, especially from private corporations.

Nonetheless, compliance remains a major point of concern for regulated entities. And while the mandate to comply lies only with those regulated entities, some businesses function on a self regulatory model.

Some digital economy sectors like fintechs have come under strong KYC norms that these companies need to comply with. However, there are other digital economy sectors that are relatively free of regulatory mandates in India. 

Consider the gaming industry. While some mandates do exist here, they are mainly to ensure users from legally allowed states are signing up for gaming apps. However, top gaming companies self regulate themselves to make sure their platforms are not used for money laundering or illegal purposes. This is also true for cryptocurrencies that put in self mandates for KYC keeping a long-term perspective. 

Security

What gives digital businesses their edge is the amount of data that can be collected and utilized for providing superior, personalized experiences. Ironically, the flip side of running a digital business is also data. Or rather the management of it, more specifically.

How businesses manage and acquire customer consent, store their data and build systems to ensure they are able to fend off cyber attacks go a long way in determining their success as a digital enterprise.

This becomes especially important when we are dealing with PII (personally identifiable information) data. Think of all KYC related documents. Foolproof security has to be ingrained in the design of the system. No third party should be able to access your data. Even first party access should be put through a layer of authentication to secure data from the inside out.


Encryption and localisation form two other important dimensions of security. Data should always be encrypted using the best available algorithms, whether we’re talking about data at rest or in transit. Localisation pertains to the storage of data. For instance, the RBI requires all its regulated entities to store their data in India itself. This eases access to data and prevents it from being exposed to the threats of cross-border transfer.

Fraud prevention

While regulations can provide the guardrails for creating a safe ecosystem for both consumers and businesses, they are seldom self-sufficient. Make regulations stringent and you are potentially strangling economic growth. Make them liberal and you risk letting the subjectivity of interpretation trickle in.

Regulators, across industries, are essentially working to close this gap. However, it’s a tricky affair. An affair that is inviting fraudsters, and in some cases, even letting them thrive. For instance, consider the string of ghost loan cases that surfaced recently. These are loans taken by fraudsters using stolen identities with no intention of paying back. They have long been in the system, but caught the public eye owing to some high profile victims.

Such frauds happen despite being in compliance with the prescribed regulations. But they can be prevented by introducing appropriate fraud checks over and above those that are mandated.

In this case, such checks can include the use of a modern AI-ML powered document tampering solution, a facial comparison of the applicant with the photo present on identity documents or perhaps using other compliant and secure sources like Digilocker for procuring documents.

The world of gaming is no stranger to frauds either. Consider the chip dumping fraud for instance – here, one gamer loses purposely to another so that he can launder money through the portal. Or the classic multiple accounts per person fraud. Most of these can be prevented by using advanced fraud detection solutions like phone number verification and AML screening.

The kind of impact such frauds can have on your business is often a function of what you optimize for: providing a flawless user journey or dealing with the added friction that comes from having additional fraud checks in place.

The article has been written by Ashish Sahni, Chief Technology Officer, IDfy

DQINDIA Online: