HDFC Bank is in early stages of discussions with leading cyber-security companies to introduce cyber-security scores for its third-party vendors in a bid to minimise the incidence of fraud, Sameer Ratolikar, Chief Information Security Officer, said, reported Business Standard.
The bank is in discussion with some of the companies which include Bitsight, Upguard and RiskRecon, all of which are in the cyber-security rating space.
“We are in the process of hiring leading cyber-security rating companies whereby you give the third-party service providers’ URL/website address and then the third-party rating services basically calculate their cyber-security score, something like a Trans Union CIBIL score or Equifax score,” Ratolikar said, BS reported.
HDFC Bank will take a final decision by December and then correspondingly decide on how to create corresponding structures and their categorisation, Ratolikar said.
The bank, which will inform its third-party vendors about the exercise and bring them on board, is looking at the process as one that would provide independent validation regarding potential cyber-security risks from third-party entities.
Given that there are issues concerning data privacy, the bank will take permission from its third-party service providers, he said.
Typically, third-party vendors provide a host of services to banks, including those related to mobile payment services in conjunction with card issuers.
“There is a whole laundry list of due diligence before the vendor gets on-boarded. Within the life cycle, we manage the cyber-security aspects or the potential cyber-security risk emanating out of the relationship with these vendors,” Ratolikar said.
At present, HDFC Bank has contractual agreements with its third-party service providers and periodical audits are carried out, he said.
Latest Reserve Bank of India data showed that in 2021-22, frauds to the tune of ₹60,414 crore were reported, down 56.28 per cent from ₹1.38 trillion in 2020-21.