Securing India's Financial Future: Why cryptography must be the core of BFSI cybersecurity

Smooth online financial transactions are the bedrock of ‘Digital India’, the flagship initiative of the Indian government to transform the country into a successful knowledge economy and a digitally empowered society. From the now ubiquitous Unified Payment Interface (UPI) or mobile banking to digital lending and AI-driven insurance, India’s Banking, Financial Services & Insurance (BFSI) industry is integrating technology at every aspect of its operations.  

Cracks in Today’s Digital Defences 

However, the increasing adoption of technology also comes with potential risks, as it is evident from the frequent and sophisticated cyberattacks on Indian banks and Financial Institutions. As Shri S. Krishnan, Secretary of MeitY, noted during the launch of India's first Digital Threat Report 2024: "The interconnected nature of the BFSI ecosystem means that a single cyberattack can have systemic repercussions, impacting multiple entities beyond the initial target." Cybercriminals exploit the digital vulnerabilities of the system as well as the weak security habits of the customers for successfully executing their crimes. New scams, ransomware, account hacking, and other forms of frauds exploit the vulnerabilities in the digital payment systems, which handle sensitive financial and personal data of millions of customers. Any breach not only erodes trust but also impacts the stability of the entire system.  

The scale is staggering: Indians have lost several thousands of crores in the past few years through various cybercrimes. A significant amount of that money is siphoned out of the country, making recovery extremely challenging. To understand the vulnerabilities in the system, consider these facts: Around 80% of Indian banks rely on SMS OTPs for multi-factor authentication, a method increasingly targeted by phishing and SIM-swap attacks; since 2022, approximately 57% of organizations have reported data breaches involving APIs, highlighting the growing risk of API vulnerabilities; and while mobile apps continue to be a critical attack surface with over 85% found vulnerable – data-breaches directly linked to mobile app vulnerabilities accounted for a significant portion of incidents in 2023. RBI acknowledges the vulnerabilities   

The Reserve Bank of India’s latest directive (October 2025) is no surprise. The apex bank has urged financial institutions, banks, NBFCs and e-wallets to move beyond OTP-only authentication and adopt stronger, cryptography-based alternatives by March 2026. With the new directive, the RBI has also formally acknowledged what cybersecurity experts have long been highlighting, traditional authentication is vulnerable and no longer sufficient against current days sophisticated threats. It

further aligns perfectly with the growing need for quantum-safe, cryptographic authentication frameworks that protect digital trust at every layer of India’s BFSI ecosystem. 

Cryptography to cripple Cybercrimes  

Cryptography, the science of securing communication and information against unauthorized access, has the potential to be the defensive tool of the future and the quintessential backbone of trust in digital transactions. For the uninitiated, cryptography is the process of turning normal, readable information into a secret, unreadable format using secret algorithms. It ensures that only the intended recipient, with the correct key or mathematical value, can understand it. In other words, it is like sending a letter in a secret language that only you and your friend know, preventing anyone else from reading your message.

In the Indian BFSI sector too, cryptography can be that quintessential backbone for securing transactions and safeguarding crucial customer data. Considering the increasing scale and sophistication of cybercrimes, cryptography should ideally be at the core of digital banking and insurance systems. This will ensure that the Indian BFSI sector is less vulnerable and more trustworthy.

However, cryptography faces several challenges before it is wholly embraced by the Indian BFSI sector. Some of the challenges include adjusting it with the legacy systems, regulatory aspects, training and awareness of the staff, and the looming threat of quantum computing, to name a few. The quantum threat is closer than it appears adversaries are already harvesting encrypted data today to decrypt later (‘Harvest Now, Decrypt Later’ attacks).

How can Cryptography save the day for the BFSI sector?

By implementing it as a unified defense mechanism, advanced cryptographic frameworks can address the above stated challenges by serving as the backbone of trust in digital transactions. Rather than relying on piecemeal security solutions that often come with cryptographic vulnerabilities due to complex implementation, a unified cryptographic approach ensures consistent protection across all touchpoints - from customer authentication to backend transaction processing.

The quantum threat adds urgency to this transition. Dr. Sanjay Bahl, Director General of CERT-In, observed: "In today's hyper-connected world, threats evolve faster than ever, making collaborative intelligence-sharing essential... financial institutions need to stay ahead of adversaries and adapt to emerging risks."

Post-quantum cryptography becomes essential not just for future-proofing, but for maintaining regulatory compliance as authorities are increasingly advising on migrating the critical digital assets to quantum-resistant protocols. Addressing the Implementation Gap: Fortytwo Labs’ Unified Solution Approach

Recognizing these systemic challenges, the need for comprehensive cryptographic platforms becomes clear. This is where specialized solutions that can integrate seamlessly with existing banking infrastructure while providing quantum-safe protection become valuable.

At Fortytwo Labs, we have been delivering quantum-safe solutions for Indian Defence, banks and enterprises since 2016. Our technology and solutions protect more than 2.6 crore identities and over 10 crore transactions every month across India, Hong Kong, Singapore, United Kingdom and Canada through our post-quantum cryptography solutions. Unlike the fragmented or siloed approach currently prevalent in the Indian BFSI sector with respect to digital security, we offer a holistic and quantum-safe platform to secure identity, transactions, data and APIs across the banking ecosystem that reduce security tool sprawl and regulatory complexity.