How KUBRA balances information security protocols with providing positive customer experience

Amber Donovan-Stevens
|Nov 26|magazine14 min read

KUBRA was originally founded in 1992 as a bill printing service provider. Clients looking to outsource printing, from statements to invoices, turned to KUBRA. As the company expanded, so did its interests. From printing, KUBRA moved into billing and payments, which itself moved from the analogue to the digital. Today, KUBRA provides digital and software services to over 365 clients and their customers.  

Tushar Chandgothia has been Vice President of Information Security and Risk Management at KUBRA for over three years. His background is primarily with other service providers. “I make sure, from an executive standpoint, that there is someone to be held accountable for data security,” he says. KUBRA processes 1.5bn transactions every year, ranging from printed invoices to bank statement, text messages. “We collect a lot of personally-identifiable information,” says Chandgothia. “We need to make sure that the systems that actually host that data on behalf of our clients are secure. At the end of the day what we want to do is maintain customer trust and reliability in our services.” 

A shift in mentality between generations has forced KUBRA to re-evaluate how it provides services. Gen X, Y, and Z are looking for easy frictionless interactions. “They ask a question and expect a reply within minutes.” In response, KUBRA developed artificial intelligence-based solutions to efficiently respond to client messages. With new technology comes both convenience and complication. KUBRA’s applications are made up of over 600 different components, flavours or sub-applications. To avoid vulnerabilities in new code, KUBRA engages in a shift-left mentality. KUBRA’s development and implementation team, made up of over 150 people, centres around creating and testing new code. Every piece of billing and payments code at KUBRA is passed through a security tool that highlights potential security vulnerabilities. “When the developer is tinkering with new functionalities, they find out about the vulnerability early and it’s fixed before it is released into the market,” he says. For additional security testing in its billing and payments applications, one of KUBRA’s partners, Cobalt Labs work as hired hackers, trying to break into applications and find vulnerabilities that KUBRA can then adjust for. 

When it comes to ensuring a balance between functionality and security, Chandgothia says it is important to always be on the lookout for the next great thing. “We want to be at the forefront of payments,” he says. “That’s the strategy that has driven us in the last few years.” Services such as Forrester and Gartner help him compare vendors, ensuring any technologies KUBRA replaces will only be made better. “We are continuously evaluating what makes the most sense from a business perspective, where we have the most flexibility, where we can allow the client to provide for themselves rather than having us be in the middle. How can we help them help themselves to meet their expectations?” 

To focus on process building, KUBRA co-sources its security technology from some of the best security vendors. “We focus on making solutions that are great when it comes to billing and payments,” he says. “When it comes to security, we’re looking for a relationship where the partner’s core business is to provide that. Rather than managing it all in house, we find someone for whom security tech is their bread and butter.” Finding the correct technology is about economising. “We try to solve five problems with one piece of technology,” he says. This mentality has led KUBRA into a partnership with FireMon. It had the most seamless integration when it came to its firewalls and the additional service of real-time review of security rules and the capability to automate certain processes. Another way KUBRA has opted for security in technology is through the tokenization of data, which allows the company to reduce the footprint of actual credit card numbers in its environment by registering these as different values. This reduces risk since if the card numbers are tokenized it means that no client card numbers would be exposed if the system were compromised.  When searching for partners to do this, stacked functionality was once again key. The provider KUBRA chose to work with offers stateless tokenization, which removes the usual database of tokens, making the data even more secure. It is also speedy, able to tokenize over a million credit card numbers an hour.

Internal methodology is as important to information security as having the right technology in place at KUBRA. Chandgothia has seen major changes in the security team since he joined in 2016. “We have proper pillars now. We centralized a lot of the preventative controls. We don’t want to be just in the detection game, we want to control the first line of defence, hands-on.” The change, from a client standpoint, has been seamless. “I think for the most part we use common sense. It’s what we call a Defence-in-Depth approach.” It allows adaptability. Clients who are switching to KUBRA from a less-secure position can ask to reduce security restrictions temporarily for an initial adjustment period. KUBRA’s security infrastructure is multi-layered, so the company has the flexibility to do this without compromising safety. Legal security restrictions, such as the California Consumer Privacy Act (CCPA) or General Data Regulation Protection (GDPR) have been helpful to KUBRA in maintaining its high standards. “This legislation has allowed us to promote a security culture. If someone wants to push back, we have a regulation behind us. We’ve never seen it as something that has stopped our business,” says Chandgothia. 

Read Our Digital Report

Click Here to Read

Quotables

This legislation has allowed us to promote a security culture. If someone wants to push back, we have a regulation behind us” - Tushar Chandgothia, Vice President of Information Security and Risk Management, KUBRA

|

Looking forward, KUBRA is interested in becoming an omni-channel provider. “We want to be involved in every facet where client communication is involved.” Chandgothia says. Security-wise, KUBRA is looking to develop a zero-trust environment, in which neither external nor internal users have unlimited access to information. A ten-year exercise, it has been implemented in parts. So far, KUBRA has segmented its production environment, where all personally identifiable data is kept, from its user environment and also segmented its credit card data environment in production from other non-card services. Technologically, KUBRA is looking into adopting machine learning, artificial intelligence, and cloud computing, allowing clients to further self-serve. “While secure delivery of new products is something we will always do, there is no compromise on security.”

Images

Other Companies

BrokerLink

BrokerLink: Embracing digital to clarify insurance

Read Report
Prudential BSN Takaful

PruBSN: Creating a digital roadmap for insurance 4.0

Read Report
Kensington Mortgages

Kensington Mortgages: undergoing a digital transformation

Read Report
PwC

PwC: reducing complexity in identity and access management

Read Report
Wesleyan Assurance Society

Wesleyan: Brighter financial futures through digital tech

Read Report
Covéa Group

Covéa: Reaffirming the role of procurement

Read Report
Saphyre

Saphyre: Sophisticated yet simple pre-trade onboarding

Read Report
Protective Insurance

Protective Insurance: Embracing the art of the possible

Read Report
Visions Federal Credit Union

Visions Federal Credit Union: Member-Driven Digital Solutions

Read Report
Quontic Bank

Quontic: Defining the culture of a truly digital bank

Read Report
Vitality

Vitality: delivering a valuable experience for customers

Read Report
Afore XXI-Banorte

Afore XXI-Banorte: Digital transformation and cultural shift

Read Report
CIG Capital

CIG Capital: Making investment about more than just money

Read Report
ELMO Software Limited

ELMO Cloud HR & Payroll’s resilient and convergent solution

Read Report
Vitality

Vitality: Delivering a valuable experience for customers

Read Report
Truevo Payments

Truevo Payments: Driving digitalisation and innovation

Read Report
FBN Bank (UK) Limited

FBN Bank: Embracing the opportunity of digital disruption

Read Report
Commercial Bank of Dubai

Commercial Bank of Dubai: Leading digital customer service

Read Report
Centili

Centili: monetising digital experiences

Read Report
Rapid7

Rapid7 NICER - starting a conversation on internet security

Read Report

Read the latest issue

Click Here to Read