Tips for building a secure digital business
Digital businesses are businesses that exist and operate primarily in the digital economy. From finding leads to sales, payments and delivery of products and services, everything happens on the Internet. Over the past decade and a half, digital businesses have become more the norm than the exception. Sectors dominated by digital businesses are Fintechs, Gaming, Shared and On-Demand Economy, E-Commerce and Payments.
Digital businesses have focused a lot on service delivery, technology infrastructure, and operational efficiency. However, with the rise of online fraud and fraudsters finding innovative ways to trick consumers, the safety and security of these digital networks have come under intense scrutiny.
So what goes into building a secure digital business? Let’s explore.
Regulations are the foundation of a freely functioning economy. They aim to protect consumers, help industries grow and businesses thrive. However, it is not uncommon to see mixed opinions on their impact, especially from private companies.
Nevertheless, compliance remains a major concern for regulated entities. And while the mandate to comply rests solely with these regulated entities, some companies operate on a self-regulatory model.
Certain sectors of the digital economy like fintechs are subject to strict KYC standards that these companies must comply with. However, there are other sectors of the digital economy that are relatively free from regulatory mandates in India.
Consider the gaming industry. While some mandates exist here, they are primarily aimed at ensuring that users in legally permitted states sign up for gaming apps. However, top gaming companies self-regulate to ensure that their platforms are not used for money laundering or illegal purposes. This is also true for cryptocurrencies that set up standalone mandates for KYC keeping a long-term perspective.
What gives digital businesses their edge is the amount of data that can be collected and used to deliver premium personalized experiences. Ironically, the flip side of running a digital business is also data. Or rather its management, more precisely.
How companies manage and obtain customer consent, store their data, and build systems to ensure they are able to fend off cyberattacks largely determines their success as a digital business.
This becomes particularly important when we process PII (Personally Identifiable Information) data. Think about all the documents related to KYC. Fail-safe security must be ingrained in the system design. No third party should be able to access your data. Even direct access must go through a layer of authentication to secure data from the inside out.
Encryption and location are two other important dimensions of security. Data should always be encrypted using the best algorithms available, whether it is data at rest or in transit. Localization concerns the storage of data. For example, the RBI requires all its regulated entities to store their data in India itself. This facilitates access to data and prevents it from being exposed to cross-border transfer threats.
Although regulations can provide the safeguards to create a safe ecosystem for consumers and businesses, they are rarely self-sufficient. Make regulations strict and you risk strangling economic growth. Make them liberal and you risk letting the subjectivity of interpretation creep in.
Regulators in all sectors are essentially trying to close this gap. However, this is a tricky business. A business that invites fraudsters, and in some cases even lets them thrive. For example, consider the series of phantom loan cases that have surfaced recently. These are loans taken out by fraudsters using stolen identities with no intention of repaying. They have been in the system for a long time, but have come into the public eye due to some high profile victims.
Such frauds occur despite compliance with prescribed regulations. But they can be avoided by introducing appropriate fraud checks in addition to the mandatory ones.
In this case, these checks may include the use of a modern document forgery solution powered by AI-ML, a facial comparison of the applicant with the photo present on the identity documents or perhaps the use of other compliant and secure sources like Digilocker for obtaining documents.
The gambling world is also no stranger to fraud. Take into account spillage of chips fraud for example – here one player purposely loses to another so that they can launder money through the portal. or the classic multiple accounts per person fraud. Most of them can be avoided by using advanced fraud detection solutions such as phone number verification and AML screening.
The kind of impact these frauds can have on your business often depends on what you’re optimizing for: delivering a seamless user journey or managing the added friction that comes from having additional fraud controls in place.
The article was written by Ashish Sahni, Chief Technology Officer, IDfy