When cases of data breaches hit the news almost daily, protecting customer data becomes more important than ever.
As more aspects of our lives become digitized, many companies and especially financial institutions providing online services start to struggle with ensuring their customer data is safe. With banks providing digital onboarding options these days, institutions need to guarantee the highest levels of security to prevent fraud and identity theft.
To talk about the ins and outs of KYC data sharing, we caught up with Astyanax Kanakakis, Co-Founder & CEO of norbloc – a company making sure customer data is shared and handled in a secure way.
Tell us about your journey. How did norbloc go from an idea to what it is today?
The norbloc story began in 2016, right at the time when new technologies such as Blockchain and DLTs were emerging with a promise to make complex processes across a range of industries faster, safer, more transparent, and more user-friendly.
I crossed paths with Viltalii Deminanets, our second Co-Founder, while I was working as COO and Vitalii as Lead Architect for a Bitcoin mining company. Given my background in financial services, and Vitalii’s deep understanding of Blockchain and DLTs, we decided to tackle one of the most pressing, complex, and frustrating challenges the financial services industry was facing – KYC data sharing.
Setting up norbloc in Stockholm, the team quickly grew, establishing a development hub in Athens, Greece, and setting up a commercial office in Dubai, UAE. Working with global financial institutions such as HSBC, Standard Chartered, Citibank, DNB, ING, Belfius Bank, and Emirates NBD, our product offering evolved to include platforms that deal with the entire spectrum of customer data – from collection to management and validation, and finally sharing.
Having continued our expansion across geographies, today, norbloc is a global leader in data-sharing platforms. We aspire to be the backbone of data-sharing networks across markets for citizens and companies, and already are the first and only technology provider globally that has built a live ecosystem for customer KYC data, shared across thirteen banks and government institutions.
Can you introduce us to your KYC solutions? What are their key features?
norbloc has created three different KYC solutions, each suitable for different scenarios present in the life-cycle of financial services.
Our flagship solution, Fides, facilitates the sharing of validated KYC data between financial institutions within an ecosystem. A live example of an eKYC data sharing ecosystem is the UAE consortium which has been live for two years with thirteen financial institutions and governmental bodies participating, and more institutions joining.
Our second data-sharing platform is Atlas, which has been created to accommodate the sharing of validated KYC data within one institution across multiple jurisdictions. Atlas is beneficial for guaranteeing a “Single Version of Truth” for institutions that have multiple branches abroad and would like to avoid duplication of efforts and data silos.
Finally, Sancus is our digital customer onboarding platform which is made up of the Customer Portal and the Officer Portal. The Customer Portal is the customer’s single touch point for uploading their ID documents, proof of address documentation, etc and managing all their data needed for onboarding with a financial institution. The Officer Portal is the central point for all KYC matters within a financial institution, from KYC file management to assessing and tweaking their customer onboarding flow.
What are the most serious issues that can arise if a company doesn't have secure data sharing systems in place?
Having secure systems in place is vital for any company to avoid opening pandora’s box of data breaches and litigation. Insecure systems can lead to cyber security threats to customer data, data leaks, and misuse of personal data, and are also more vulnerable to fraudulent acts by criminals like money heists, impersonation of identity, and online scams.
The severity of these issues may also depend on the actors involved, whether the violation of cyber security and data protection has been caused due to negligence of public actors, such as the government, or private persons.
How do you think the recent global events affected your field of work?
The pandemic has exacerbated digitization in all fields of work, even more so in financial services. Banks realized that providing their clients with options for digital onboarding would be crucial going forward, especially given the rise of digital and challenger banks which has completely changed the banking landscape.
Another issue that arose during this time was the increase in financial crimes and fraud. When making the switch towards digitization, banks need to keep in mind that not all their clients are tech-savvy and especially older individuals can find themselves vulnerable to fraud. As such, on the journey to digitization, proper security measures need to be implemented to avoid these situations that can have negative consequences for the banks’ reputation and their clients’ wallets.
Furthermore, the financial sector is being faced with more and more stringent compliance requirements, and the sector is beginning to understand that there are smarter ways to do due diligence. Digital solutions, like those offered by norbloc, tidy up KYC for financial institutions by eliminating data silos and creating a Single Version of Truth, eradicating the duplication of efforts and saving time and money for the institutions, while also creating a better, more respectful customer experience.
As work from home becomes the new normal, what would you consider to be the worst cybersecurity habits that can put not only an organization’s but also its customer data at risk?
Some basic recommendations would be to avoid using shared or open Wi-Fi/Internet and other insecure connections, such as proxy servers. Not connecting through VPNs or company-secure networks can be problematic when working from home.
In addition, using the same device for work and non-work activities can lead to issues when employees are not sufficiently tech-savvy. For example, by accidentally installing malicious software, browsing malicious sites, or plugging in insecure external drives the system may become jeopardized.
Besides KYC data sharing solutions, what other tools do you think would greatly enhance business operations?
Remaining within the realm of KYC and financial services, a digital onboarding platform would greatly enhance business operations as it would reduce paperwork clutter and thus data silos. When a bank or financial institution has all its files digitally in one place, organizing becomes a simple affair – duplication of efforts is reduced, meaning that Bank Officers free up time to work on other business matters instead of manually dealing with KYC and looking through emails to piece together information. When KYC processes become less tedious, on top of saving time, this also cuts costs for the organizations involved.
Talking about the average user, what security measures do you think everyone should implement to protect their identity online?
Individuals should be stringent with what they share online, noting that prevention is the best protection.
Some basic good habits online users should adopt include making sure they’re visiting secure websites, which users can easily identify by the “lock” to the left of the URL in the search bar.
Individuals should not publish or upload ID documents or other personal information on insecure websites, or social media or share such data with unauthorized institutions or persons online. Similarly, individuals should refrain from signing up to websites that unnecessarily ask for identification details and be aware of entities that have established their business models around user data.
Beyond the online domain, individuals must remember the vitality of having secure tangible copies of all identification documents.
How do you think the blockchain landscape is going to evolve in the near future?
Since norbloc was founded, we have seen some interesting shifts in the attitudes toward blockchain technology. Initially, there was a fair bit of hype, and blockchain was heralded as the technology that would solve everyone’s problems and change the world. Startups capitalized on this by coming up with use cases that claimed to use the technology for purposes where it was not really needed.
Then came the realization that blockchain was not a miracle worker and would not revolutionize the technology landscape in the way it was promised. This led to a huge disenchantment with blockchain and a lot of (warranted) skepticism towards companies that claimed to use it.
Now, I think we’re at the point where the real use cases in which blockchain technology can be really helpful are the ones that remain. In financial services, I am referring to use cases related to KYC data sharing and trade finance. Going forward, these examples will continue to cement themselves.
Share with us, what’s next for norbloc?
The KYC network we have implemented in the UAE with more than 13 institutions is appealing to regulators and banks around the world. We aim to announce our second country of implementation within 2022 as we are already in progressed discussions. Additionally, as our Fides and Atlas platforms are essentially data sharing platforms, we are expanding, at the request of our customers, to other data verticals. We cannot reveal which ones now, but we will go public on that development also by the end of year!