We have to share a lot of personal information with many digital entities. But, where do we draw a line on what we should share and what we should not? We ask the experts.
Lizzie Chapman, CEO & co-founder, ZestMoney
Today Indians are eager to access modern banking and financial services as these options make it easy for them to get what they want. These services (especially the online platforms that provide these services) are evolving at breakneck speed to satisfy this need for all types of consumers in the country.
New data points like Aadhaar, electronic Kow Your Customer (eKYC) norms and the social score are all critical parts of this evolution. It helps digital equated monthly instalment (EMI) services better analyse people with or without a credit score on (credit bureaus like) CIBIL. All these make the decision to approve the credit almost instantaneous.
People need to be in complete control while sharing their details, whether it is on an online platform or an offline platform. Knowing how these details will be used should be their top priority.
They should watch out for services that share the data with them, with third parties without giving a proper reason to do so in their privacy policy.
It is also extremely important to understand how securely that data will be shared and stored. Does the service use encryption? Is its data exposed to employees?
But above all, the service should let you access all of your private data it has stored. This can be done by sending a Data Subject Access Request (DSAR) to the service provider.
Arun Ramamurthy, director, Credit Sudhaar
Personal and financial details are critical for any financial institution. All such details including date of birth, PAN and income have always been asked for by conventional financial institutions. These details help the financial institution to underwrite various instruments that the individual may need. The fintechs are no different and also need these details to be able to evaluate and assess the efficacy and worthiness of the customers. As far as security goes, it is the responsibility of the platforms to secure the data and put checks in place to avoid any breach. Any good fintech would definitely keep updating the systems for better data security. One thing that all have to be clear about is that data security is not only of paramount importance for fintechs but for any online platform where the individuals share data.
One thing that definitely needs to be taken care of by all individuals is that such information should not be shared with a platform that does not have requisite security certificates. Check the terms and conditions to see how data and access to the social media are managed by the platform. Today, with the penetration of the smart phones, users must ensure that the apps are downloaded only from secured sources like Play Store or Apple Store. Any application downloaded from unsecured sources can expose one to the peril of identity theft.
Amit Jaju, ED, forensic technology & discovery services, Ernst & Young LLP
Users often do not see the ‘terms and conditions’ before they provide personal information to use free services and applications, not realising that they’re being subjected to huge risks. Although, users may trust institutions like banks that require the user to give confidential information like date of birth or PAN. While this information may not by misused by the institution itself, but there’s always a possibility its security may be compromised in the future, which could result in leakage of the information. In addition, social media platforms request users for access across other social media platforms used by the users, which enables them to collate significant personal information. This makes a user’s data even more easily available for an attacker to misuse and impersonate the user. The data collected by organizations for provision of free services and applications use this to create databases for direct or indirect marketing. This data is also sold to other companies. It is used for online targeted advertising as it is inexpensive compared to traditional sales. It is for individuals to realise that if an application or service is free, and asks for personal information, it is bound to make use of such information to generate revenue.
Users need to be aware to decide the extent of information they share, based on the purpose for which it is requested and the security level of the app.
Amit Nath, head of Asia Pacific (corporate business), F-Secure
Given the massive proliferation of fintech platforms, one would have to pause and question if our money and personal information are really safe online.
The number of novice internet users expected to come online in the near future is unnerving, making them more vulnerable to various security threats such as phishing, ransomware, malware and identity counterfeiting.
Users are required to remain more cautious than ever, now that (more) hackers are on the prowl. The fundamentals like downloading applications only from authentic and reliable platforms, not sharing passwords no-matter-what, and ensuring every online transaction is secured with one-time passwords (OTPs) remain sacrosanct.
To take the security of personal information a notch higher, users should maintain different email ids for different tasks. Otherwise, just by cracking a single email ID, a hacker would be able to get access to the entire personal data saved online, including bank account details, password, passport details and date of birth.
Fintech companies are also required to make security an integral part of their design. By organizing security hackathons, meant for removing the vulnerabilities of the applications and coming up with profound threat models against use cases, fintechs can ensure optimum security of the data shared online.