Digital lenders spend more to shore up tech defences

Digital lenders’ expenses on technology have multiplied as cybercrime and the threat to data privacy emerged as the foremost risks, according to people in the industry.

In its 2022 guidelines on digital lending, the Reserve Bank of India (RBI) too has asked banks and non-banking lenders to ensure that they comply with various technology standards on cybersecurity.

“Data will be the new gold for next generation. So, it is super important to ensure that it is protected because now people are more conscious about data sharing,” said Credit Wise Capital founder Aalesh Avlani.

Also read: How this startup is making people sleep better

“As a fintech, we are responsible for providing loans to people across the country as we are in a consumer-facing business. So, we have to ensure that we are right up there when it comes to ensuring data protection,” he said, adding the spending on technology has multiplied on year-on-year basis.

“There are a couple of reasons for this. Firstly, you are in a lending business regulated by the RBI. So, you are under strict watch. You do not want to give the RBI any reason to sniff you out. If a customer takes a loan from us for the first time and there is a breach in data, I have scarred this customer from ever taking a loan from us again,” he said.

“Ultimately, customer experience and security is of utmost importance,” he added.

A recent survey conducted by the Fintech Association for Consumer Empowerment pegged the threat to data privacy and cybercrime as among the biggest risks for the digital lending ecosystem. Both lenders and non-lenders took part in the survey.

The prevalence of unscrupulous lenders is also mentioned as a key risk. Earlier this week, the Ministry of Electronics and Information Technology banned 94 loan applications for reportedly engaging in predatory lending.

“Our cybersecurity framework is different from that of a bank or an NBFC. We adhere to the broad guidelines that are laid out in terms of the best practices that an IT system should have,” said said Viswanath Kommalapati, chief technology officer of Niro.

“There is always an authentication and authorisation that happens,” he added.

Some lenders have also partnered with external entities and ethical hackers to ensure that their information technology systems is fool-proof.

“Nothing is implicitly trusted. We do continuous monitoring of our infrastructure like employee laptops so that we are able to catch any viruses or ransomware that can come through those means. If there is any port or access open on any machine that is hosted on cloud, we get to know about this on the day-to-day basis,” Kommalapati said.

Indifi Technologies chief technology officer Animesh Sharma said, “We have started spending significantly on data security, information security and different compliances that we need to adhere to.”

Also read: Clix Capital targets to double profits to Rs 100 crore in FY24

He said they are “planning to spend Rs 7.5 million next year on information technology”.

“So far, we have seen a 50% increase in hosting charges, 30% increase in information security compared with last year. We are expecting 50-60% further increase next year in light of compliance with the Reserve Bank of India (guidelines),” he added.

“From a data security or information security point of view, it is a journey. You keep looking for things where you see that there is a leakage or there are possible vulnerabilities in the system either for external hackers or from an internal perspective,” he said, adding that user data is very critical to him. “I have millions of customer data sitting with me,” he added.