The ecosystem of NBFC account aggregators (AA) is vulnerable to cybercriminals who manipulate its systems to obtain client information and bank account details. Certain functions on their consumer-facing applications, such as balance inquiries and customer profile details, have been discontinued by a few of the major account aggregators.
Cybercriminals are focusing on nearly every aspect of the fintech sector, from payment processors to startups in digital lending, in an attempt to obtain vital client information. The newest victims of fraud are non-banking finance companies, or account aggregators (NBFC-AAs), which are only now beginning to gain popularity. The Indian Cyber Crime Coordination Centre (I4C) recently met with top executives of some of the leading NBFC-AAs to discuss cyber fraud assaults and strategies for countering them, according to two people with knowledge of the matter.
In an effort to safeguard client data, the AA participants therefore made the decision to disable access to some functionalities that they had previously provided on their consumer-facing applications, such as customer profiles and balance inquiries. The Reserve Bank of India has direct control over the recently regulated NBFC-AAs industry. Managing a consent-based infrastructure for the unrestricted exchange of financial data between various financial services organizations is their responsibility.
Customers who are applying for loans at one bank may consent to having their financial statements obtained from another, which may improve underwriting. Customers can utilize any financial services provider and are not limited to using their banks to obtain the finest services, thanks to the AA ecosystem. 16 businesses have been granted licenses by the RBI to provide account aggregation services. Among the principal holders of AA licenses are NeSL Asset Data Ltd., Finvu, Perfios Account Aggregation Services, and Cams Finserv. AA licenses were recently granted to several notable financial companies, including PhonePe, DigiO, and Setu.
According to one of the people, fraudsters who are able to obtain a customer’s mobile number might quickly produce an OTP and obtain this information. According to the source, in certain instances, they also create a replica debit card using the hacked mobile number of a consumer. From now on, consents granted by a client and those accessing this data will be the only information displayed on AA applications. The people said that all other features had been disabled. “The account aggregators have consistently strengthened their security protocols by implementing new methods. You acknowledge that enhancing any environment is a dynamic, ongoing process and that all those involved in the ecosystem are taking it very seriously,” stated BG Mahesh, CEO of the non-profit account aggregator alliance Digisahamati Foundation (Sahamati). According to Mahesh, Sahamati also established an anti-AA fraud prevention group made up of financial institutions and NBFC-AAs to monitor and suggest further measures for thwarting cyber scams. Another industry leader present at the meeting stated, “We are stepping up our vigil to ensure fraudsters cannot enter into formal financial services through our systems.” The AA ecosystem’s evolution The Reserve Bank of India informed the AA industry about fraudsters’ exploitation during private industry meetings, which prompted the steps.
Approximately 77.2 million accounts are connected to the AA ecosystem, according to data from Sahamati. As of June’s end, loans of about Rs 42,000 crore had been given to 4.2 million individuals and businesses. Approximately Rs 4,000 crore worth of loans are processed each month via the NBFC-AA ecosystem. Speaking about the network’s technical prowess, Mahesh stated that data obtained through NBFC-AAs has greatly reduced lending and other financial services fraud. “ReBIT (RBI’s information technology subsidiary) has put in a strong technical framework for Account Aggregator for it to be able to offer a secure and consented manner,” he stated. On June 26, ET reported that the Center is holding regular training and sessions with the RBI and 14C to arrest cases.
According to RBI data, the number of fraud incidences increased by about 300% in just two years, until 2024. In FY24, reports of fraud attacks totaled over 36,000.
Also read: Achieving Rapid Outcomes with AI-Driven Cloud Analytics
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
