Balancing Security With Convenience: Asit Oberoi, Yes Bank


Table Of Contents

Global Finance: What are the biggest security challenges for online banking, and how does YES Bank protect its customers?

Asit Oberoi: The fundamental challenge is establishing user identity. Corporate bankers are duty-bound to ensure and adhere to the payment requests, provided the initiation has been done by bona fide personnel from the client end. The physical signature which is used to uniquely identify the users in the physical (check issuance) world needs to find a scalable and convenient-to-use digital variant. Identity spoofing and other related cyberthreats are concerns that solutions designed to provide customer convenience need to fortify against. The challenge for the bank in its digital journey is to try to achieve the right blend between robust security measures and customer convenience in using them.

YES Bank has tried to plug each area of customer interaction with a layer of conveniently usable second-factor authentication—customers who transact with us through our Internet banking platform are urged to choose either biometric fingerprint, soft-token-based, challenge-response authentication or public key infrastructure (PKI) user authentication.

For customers sending transaction instructions via email we have deployed an anti-spoofing PKI-based solution to ensure emails are not spoofed. We’ve also deployed a secure messaging app for the desktops and mobile devices of corporate users. Instructions and transaction files can be transmitted through a secure tunnel established between the device and the server at the bank’s end.

GF: Why has YES Bank chosen to take the lead in mobile payments and e-commerce in India?

Oberoi: E-commerce is the focus segment for the bank in general and the transaction banking unit specifically. We see a lot of potential in this segment as more and more consumers get hooked on the online shopping experience. Mobile payments represent the next paradigm shift in transaction banking. From a corporate perspective mobile devices record transaction authorizations from corporate signatories. We also intend to deploy mobile applications for obtaining positive confirmation for permissible exceptions and to send notifications and alerts to corporate users. From a mobile payments perspective, YES Bank believes in being where the customer of tomorrow is. Consequently it has deployed a number of products, including the slim SIM wafer, enabling even feature phones (which lack the advanced functionality of a smartphone) to initiate banking transactions.