Page 50 - Banking Finance August 2025
P. 50
A R T IC L E
ARTICLE
3169008085 using debit card in an ATM. Chances are that own Device). Current generation of IAM tools often use AI
you will immediately receive a SMS in your registered mobile tools to secure access.
number stating, "Your A/C XXXXXX8085 debited Rs 5000 on
24/04/2025". Only the last 4 digits of the Account Number Encryption - It is a basic and popular PET for handling data
are reflected in the message. But why? We all know that in a confidential manner. In this process the original data
this is done for security purposes. Showing the full account (referred to as plaintext) is converted into a string of
number in a message (which could be seen by anyone with characters (popularly known as ciphertext) so that others
access to your phone or SMS logs) would be a risk. cannot know the contents of the data. The intended user
of the data can decipher contents by returning the
The last 4 digits are enough for you to know which account ciphertext into plaintext through the process known as
the transaction came from - especially if you have multiple decryption. Cryptographic keys are used to carry out the
accounts. Thus, it balances security with usability. But have process of encryption and decryption.
you wondered what makes it possible for banks to send such
safe messages? Well, it is the use of something called "Data Anonymization - A popular Data Obfuscation tool,
Masking" - a technology used to protect sensitive data by "Anonymization" refers to a "process of removing identifying
replacing it with dummy, yet structurally similar data. elements from data to prevent re-identification of the data
subject". (2 OECD). Two types of identifying elements
"Data masking" is one of the many technological solutions present in data are a) Identifiers and b) Quasi Identifiers.
which entities (including banks) are increasingly using for "Identifiers "refer to information that directly identifies
ensuring secure and responsible use of "personal data" at specific person for e.g. Name & ID Card No etc. "Quasi
various stages of the data use lifecycle. Privacy-Enhancing Identifiers", in isolation may not be sufficient to identify a
Technology (PET) is a nomenclature given to refer to a bunch person but when supported by other information may
of such new age tools. Data Security Council of India (DSCI), identify the person. (e.g. post code, age, sex). The steps
in one of their studies, have formally defined PETs as "A involved in Anonymization are as follows:
grouping of "systems, processes, and techniques" that First remove or replace "identifiers".
allows organizations to process data while adopting a Thereafter remove or replace "quasi-identifiers".
privacy-first approach" (1).
Differential Privacy - These PETs "make small changes (add
Majority of entities use PETs alongside other organizational
noise) to the raw data to mask the details of individual
and legal tools for implementing the data governance inputs, while maintaining the explanatory power of the
objectives of the organization. These technologies often data" (5). Adding noise will make the output randomized,
complement one another and often rely on each other to making it difficult to identify individuals from the output
function. Like ingredients in a recipe, different PETs can be values.
combined to fulfill specific privacy and data protection
objectives of an organization.
Popular PET Tools
Access Control & Access Monitoring - Identity and Access
Management (IAM) tools are quite popular in modern day
organizations where access to data is often guided by the
principle of "Access on a Need-to-Know Basis". Popular tools
in this category are Single Sign On, zero trust along with
Multi Factor Authentication. Password-based
Authentication, Biometric Authentication, Push
Authentication, Device Binding etc., which are based on real
time risk assessment has also gained popularity as most
companies need to provide access to its facilities from
outside the corporate network or through BYOD (Bring your
BANKING FINANCE | AUGUST | 2025 | 45
