Presentation Material
Abstract
AI Generated Summary
The talk addresses the widespread commercial availability of personal financial data in India, framing it as a systemic issue rather than a series of isolated security breaches. It establishes that personal data—including bank details, policy numbers, and investment information—is actively traded in underground markets, with records selling for as little as a few rupees. A cited RSA study contextualizes this globally, while local examples, such as data from Indian travel sites and job portals, demonstrate the scale.
A detailed case study examines a major financial institution whose customer database was compromised. The presentation outlines the typical structure of this secondary market: fresh records sell for approximately 75 rupees, while “converted” records (where a customer switches to a competitor) command around 150 rupees. The data’s accuracy and utility make it highly valuable for aggressive marketing and customer poaching.
The root cause is identified not primarily in technological failures but in business processes and the agent network model. Frontline agents and third-party distributors, who handle customer onboarding and data entry, are highlighted as critical points of leakage. While technical controls like database encryption, Data Loss Prevention (DLP), and Information Rights Management (IRM) are mentioned, the talk emphasizes that robust policies, strict access controls, and process redesign are necessary to secure data at its source. The practical implication is that organizations must treat data as a tangible asset with intrinsic monetary value and implement governance that addresses human and procedural vulnerabilities, not just technical ones. The normalization of unsolicited sales calls following account openings is presented as a visible symptom of this underlying data economy.