Given how the intensity of cyberattacks has been escalating for the duration of the pandemic, it is not surprising that Indian firms have borne the brunt of it. In the absence of any widespread minimum requirements, every organization in India follows its parameters. While most attacks entail stealing account data and logins, the most significant one for 2021 occurred at a cryptocurrency exchange, BuyUCoin, exactly where KYC information of 325,000 Indian customers had been leaked.
Two years ago, a different cryptocurrency exchange, Binance, was aspect of a different KYC leak and final year, but a different crypto platform, Digitex, had began an investigation, on the leak of KYC information of 8,000 customers.
While the usual response on information leaks is firms strengthening their servers and making certain more information security protocols, Digitex announced that they would cease KYC verification. KYC verification has been produced mandatory for cryptocurrency platforms to make tracking cash less difficult and prevent it becoming utilized for illegal suggests.
Although none of the Indian banks have reported a leak, it is surprising most firms are not employing the answer supplied by the government and the government is not pushing for it either.
Why do firms require to retailer information in the initial location, when the entire concept of a DigiLocker was that customers could share verified and government-issued documents and firms could confirm it on the net removing the hassle of printouts and attestations. More essential, at the time, the government had envisaged that customers could set a time limit for sharing information immediately after which the organization would not be capable to confirm the information.
More services have been added to the DigiLocker because-the new Covid vaccination certificates are also to be dispensed employing the service-but the government is not totally leveraging this answer. Rather, the project has languished in terms of sharing of information. Leave alone private institutions, even government banks hardly ever use the service.
So, on the one hand, whilst there is a require to expand the ambit of DigiLocker and get more players to use this service, on the other, the government desires to invite private players to begin their locker services. Earth.ID has been leveraging blockchain to build identity management wallets. The method creates an added layer of protection by assigning a trust score. Each time a vendor confirms user data, the trust score increases, plus customers can rescind access at any point in time.
The new information protection law envisages firms building a dashboard to show exactly where all user information is shared. This would assistance customers fully grasp how firms deal with information, but would not stem information leaks. Thus, a improved concept would be to permit verification and access to take place by means of DigiLocker and other services.