In an exclusive conversation with CXO News and APAC News Network, Daksh Pandya, CISO at Ring, sheds light on how robust data security measures and compliance frameworks are driving trust and innovation in the digital lending ecosystem.
From Ring’s perspective, what are the main tenets on which your cybersecurity measures are based?
Data security is at the heart of everything we do. From the moment a customer begins their loan journey—right from application to disbursal and repayment—we ensure their data flows securely through every step. We use advanced encryption and secure APIs to protect sensitive information, with strict role-based access to ensure only the right people have access to the data they need.
When it comes to working with third-party service providers, we are very selective. We only partner with those who meet the same high standards of data protection and service quality that we uphold.
Customer trust is incredibly important to us, and that starts with transparency. We make it a point to have clear, easy-to-understand privacy policies that explain how we use, store, and protect data. Plus, we always ask for customers’ consent at critical stages, giving them full control and confidence in how their data is being handled.
On top of all this, our ISO 27001 and SOC 2 certifications give our customers and partners added reassurance that our security and privacy practices meet global standards. For us, it’s all about combining strong data protection with a seamless customer experience to build trust and drive growth.
From Ring’s perspective, how are you looking at the different compliance measures?
As a Digital Lending Application (DLA), Ring plays a crucial role in customer acquisition and loan processing within the framework of an NBFC.
-
End-to-End Data Security and Privacy:
Compliance starts with protecting customer data at every stage of their loan journey. By leveraging ISO 27001 and SOC 2-certified frameworks, we ensure secure data flow, robust access controls, and regular audits to maintain the integrity and confidentiality of all information.
-
Regulatory Adherence:
Ring operates in strict alignment with regulatory compliance.This includes clear privacy notices, obtaining explicit customer consent, and enabling users to exercise their rights to data correction, deletion, and access.
-
Checks and Balances for Data Integrity:
Regular checks and balances, such as real-time monitoring, automated alerts, and periodic assessments, ensure that all data processed within the platform remains accurate and tamper-proof, minimizing risks to both customers and operations.
-
Customer-Centric Compliance:
Our focus is on making compliance a seamless experience for customers. Clear policies, multilingual notices, and transparent terms ensure that users are always informed and in control of their data.
At Ring, we see compliance as a continuous journey—one that combines regulatory rigor with innovation and customer-first principles.
What are the security measures undertaken at Ring that you would like to highlight?
At Ring, keeping our users’ information safe is our top priority, and we’ve put in place several strong security measures to ensure that.
First, we use advanced data encryption techniques to protect all user information, whether it’s being stored or transferred. This ensures that sensitive details are always kept confidential and secure. We also use several pseudonymization techniques while handling the data for day to day operations.
Access to customer accounts is protected through OTPs sent to your registered mobile number.
When we work with third-party service providers, we’re very careful about who we choose. All our partners must meet strict data protection standards so that your information is handled securely at every stage.
Finally, we believe in being completely transparent with our users. Our privacy policies are clear and easy to understand, and we always ask for your explicit consent before collecting or using customer data. This way, customers stay in control of their personal information
How is your experience working with third party MSPs?
Working with third-party Managed Service Providers (MSPs) has been a collaborative and insightful experience for us at Ring & Kissht.
Our experience has taught us the importance of due diligence during the selection process. We thoroughly evaluate MSPs to ensure they align with our data protection standards, regulatory compliance requirements, and operational needs. This includes assessing their certifications, such as ISO 27001, SOC 2, or equivalent frameworks, and ensuring they can uphold our commitment to security and privacy.
We ensure that accountability and expectations are clear from the start with MSPs.
Regular audits, security reviews, and performance assessments help us stay aligned and address any gaps proactively. This collaborative approach not only enhances operational reliability but also strengthens trust between our teams and the MSPs.
Overall, while working with MSPs comes with challenges like ensuring consistent service levels and data security, our approach of strategic selection, robust oversight, and continuous engagement has allowed us to maximize the benefits of these partnerships while maintaining the high standards our customers expect.
How would you recommend working with a lesser number of OEMs vis-à-vis working with best-of-breed solution providers?
The choice between working with a lesser number of OEMs or adopting a best-of-breed approach depends on the organization’s goals, operational complexity, and resource bandwidth. In my experience, a balanced strategy works best.
By working with a lesser number of OEMs, you can streamline vendor management, achieve better cost efficiency through consolidated contracts, and ensure easier integration of solutions within your infrastructure. OEMs often provide comprehensive platforms that can cover multiple needs under a single ecosystem, which simplifies operational complexity and ensures consistency. This approach is particularly beneficial when managing large-scale infrastructure or when resources for vendor oversight are limited.
However, for areas requiring specialized expertise or cutting-edge capabilities, I recommend adopting best-of-breed solutions. These providers offer highly focused tools tailored to specific business needs, ensuring excellence and innovation in critical areas like cybersecurity, advanced analytics, or niche compliance requirements.
To get the best of both worlds, I suggest a hybrid model:
- Use fewer OEMs for foundational needs, such as infrastructure, cloud platforms, or enterprise-wide applications, ensuring reliability and simplicity.
- Introduce best-of-breed providers for specialized areas where innovation and depth are critical, like advanced threat detection or specific compliance solutions.
What are the key security challenges today from an NBFC perspective especially given the notorious reputation of the Chinese apps?
From an NBFC perspective, one of the biggest security challenges today is safeguarding customer data and ensuring compliance in an environment where digital threats are constantly evolving. One of the primary concerns is protecting sensitive customer data. Many of these apps have been found engaging in unauthorized data harvesting, which creates a significant threat to user privacy. Chinese apps and similar platforms often operate in ways that lack transparency, especially in terms of data handling and hosting locations.
Malware and Cyber Threats:
The widespread use of mobile lending apps has also introduced a rise in malware and phishing attacks. Fraudsters often mimic legitimate platforms, tricking users into sharing sensitive information.
Reputational Risks:
The negative perception around certain apps, especially those flagged for security or compliance issues, also puts a spotlight on NBFCs using or integrating with external platforms.
To counter these challenges, NBFCs need to take a proactive stance. This includes building strong internal capabilities, being selective about third-party providers, staying updated on the threat landscape, and continuously improving security frameworks. It’s not just about staying compliant; it’s about building trust in an ecosystem that increasingly relies on digital interactions.
Bhavya Bagga, APAC News Network
Discussion about this post