Smooth online financial transactions are the bedrock of ‘Digital India’, the flagship initiative of the Indian government to transform the country into a successful knowledge economy and a digitally empowered society. From the now ubiquitous Unified Payment Interface (UPI) or mobile banking to digital lending and AI-driven insurance, India’s Banking, Financial Services & Insurance (BFSI) industry is integrating technology at every aspect of its operations.   Cracks in Today’

Reserve Bank of India (RBI) Governor Shaktikanta Das, during the Monetary Policy Committee (MPC) meeting on February 8, 2023, suggested the adoption of a principle-based framework  for Additional Factor of Authentication (AFA) in digital transactions. The aim is to enhance security and replace the widely used SMS-based OTP mechanism. This proposed framework will provide a mPlease provide the content you would like me to review, and I'll be happy to suggest any corrections or

In 2023, the great reset or the new normal of 2020 is now well established, and we are looking at the next normal, where the work-from-anywhere mindset stayed even after the Coronavirus pandemic. When all of a sudden, millions of employees started working remotely, enterprises the world over had no choice but to accelerate the pace of digitalisation. The urgency to “go remote” compelled them to lean into VPNs. But are VPNs security tools? And are VPNs meant for providing secu

In an era where the digital world continues to expand, so do the threats that loom in cyberspace. Traditional multi-factor authentication methods, while once reliable, now find themselves outmatched by the ever-evolving sophistication of cyberattacks. But a security strategy that presents MFA as a stack of step-up authentication options only after a 2-way mutual authentication is done for digital identities and assets makes a mark to be infallible. This approach doesn't just

Password based authenticators are a widely used means of authentication for digital services. Examples of password based authenticators include a password, a pin, a secret question and answer, a one time password (OTP), offline OTP, transaction password, CVV, VBV. The password based authenticators have inherent vulnerabilities leading to cyber threats and attacks. An effective alternative to password based authenticators is Cryptographic authenticators to eliminate the vulner

Introduction In the realm of technology, we humans are constantly pushing the boundaries of what is possible. One such frontier that has been gaining momentum is quantum computing. Unlike classical computers that rely on bits to represent data as either 0 or 1, quantum computers use quantum bits or qubits, which can exist in multiple states simultaneously. This revolutionary technology promises tremendous computational power, tackling complex problems that were once deemed un

Renowned mathematician and cryptographer Daniel Bernstein has raised concerns about the collaboration between NIST and the NSA in defining post-quantum cryptography (PQC) standards. Bernstein has taken legal action, filing a lawsuit that highlights the lack of transparency in the selection process, which could potentially compromise global security systems. The lawsuit mirrors a past incident where NIST unknowingly standardized a flawed algorithm championed by the NSA. T he i

Cryptography is pivotal in virtually every digital operation, ensuring security, privacy, and trust. Irrespective of the end points enterprise needs to implement the core tenets of security (Authentication, Confidentiality, Integrity, Provability and privacy). Let’s explore it through the lens of a simple example: Say your mobile app needs to send data out to a server, a good developer will take care of the following aspects - Authentication When an application communicates w

It’s a wakeup call. The digital threats are looming larger than ever. Our common login systems that were once considered safe are now the Achilles’ heel of our digital defenses. The vulnerabilities of these traditional approaches are so in the face that they are sending shockwaves throughout the cybersecurity landscape. So much so that the US government published a comprehensive Cyber Safety Review Board (CSRB) report on July 24 to sound an urgent alarm for organizations to a

Digital identity should never have an absolute shape, form, value, appearance, structure, format, display. Humans are capable of recognizing and validating an identity in distributed form. In fact, fundamental nature of any identity is that it is always distributed. A few computer technologists thought the absolute form of the identity should be an unrecognizable secret (the password) only known to the user. Well, they soon realized what gets typed on a machine is not a secre

In 1961, when MIT was leading the computing activity and innovation in the world, their computer scientists, under the direction of the mastermind, Professor Fernando Corbató, built a giant Compatible Time-Sharing System (CTSS). The system allowed multiple users to access a shared mainframe. It was around the same time, passwords were born. When several users wanted their own private access to the terminals, Corbató created the first digital password as a problem-solver. The

Blockchain as a technology has a potential to eliminate 99% of the time and risk  involved in banking transactions. Because distributed ledger, the underlying framework of blockchain, approach takes away multiple steps involved in enabling a digital banking service due to reduced clutter of centralized identity management, banks are going to be benefitted with agility, high responsiveness to market demands and amazing digital experience. In essence this is a technology disrup

From OTP to CryptoID: A Shift in the Trust Paradigm Until recently, banks across the world relied heavily on One-Time Passwords (OTPs)  and challenge–response (Ch-Re)  methods for user authentication. While these mechanisms helped accelerate digital adoption, they’ve proven increasingly vulnerable to SIM-swap frauds, phishing, and deepfake impersonations . Post-2019, the paradigm has changed — from reactive authentication  to cryptographically provable trust .Regulators and c