cybersecurity-hackathon

PSB’s FinTech Cybersecurity Hackathon 2025 In Collaboration with IIT Hyderabad

Bank of India (BOI )is proud to host PSB’s FinTech & Cybersecurity Hackathon 2025, in collaboration with IIT Hyderabad & IDRBT . This initiative is powered by the Department of Financial Services (DFS ) Ministry of Finance / Indian Bank Association (IBA) aims to foster collaboration between public sector banks, educational institutes and students and to promote innovation, prototype development, and entrepreneurship in the banking sector.

About the Hackathon :

PSB`s FinTech & Cybersecurity Hackathon is a national-level initiative powered by the Department of Financial Services (DFS) Ministry of Finance/Indian Bank Association (IBA) . This hackathon provides a platform for students, banks, and educational institutes to collaborate and create innovative solutions for the financial sector that can solve real-world FinTech & cybersecurity challenges.
Selected teams will work on problem statements, and the event will culminate in September 2025 with the presentation of winning prototypes showcasing their potential for real-world implementation.

Why You Should Participate :

The one of its kind Hackathon , which is an initiative of Ministry of Finance, Department of Financial Services & coordinated by Indian Banks Association (IBA)
Exciting Prizes: Win rewards worth up to Rs 20 Lakhs.
There are two topics for better participation , Prize Pool of Rs. 20 Lakh (Rs. 10 Lakh for each topic) -

1st Prize - 5 Lakh
2nd Prize - 3 Lakh
3rd Prize - 2 Lakh

Eligibility :

This hackathon is open for all students from any institutes/universities.
Registration of Participants & Teams (Each team will consist of 3-4 students & as part of Women Empowerment, preferably 1 or more female participants should participate from each team).

Problem Statement:

Develop Credit Risk Management Model using alternative data to arrive at probability of default search and tracking of defaulter
Impersonated Registration/Frauds in Mobile & Internet Banking along with behavior based user authentication with password less login

For more information , Kindly refer below table.

Problem Statement	Description	Desired Outcome
Develop Credit Risk Management Model using alternative data to arrive at probability of default search and tracking of defaulter	This leads to a large part of the population in most emerging markets failing to access banking channels and consequently remain unbanked or underbanked, effectively denying lenders a gauge of their creditworthiness. Traditional thinking basis for traditional credit scoring models depends on historical financial data like credit reports and bank statements to exclude persons and small-sized businesses with limited financial track records. Fintech companies are starting to use alternative sources of information, such as social media activity, mobile phone usage, and utility payments, to determine the credit risk far more accurately than traditional methods. Traditional credit scoring models are inadequate for assessing the creditworthiness of individuals and businesses without extensive credit histories.	The desired output is a new credit risk model that uses alternative data sources to improve the accuracy and representation of credit assessments. It needs to be transparent, scalable, and comply with data privacy regulations for it to allow lenders to extend credit to under-credited populations with minimal risks involved.
Impersonated Registration/Frauds in Mobile & Internet Banking along with behaviour-based user authentication with password less login	Registrations by fraudsters, impersonated as customer, in mobile & internet banking applications is a major security concern. Fraudsters impersonate as bank, courier, customs or police officials and send dubious link to customer to install apps. Then initiate mobile banking registration on fraudster’s device and obtain OTP, debit card details or other authentication details from customers. After successful registration they transfer funds to fraudster’s account. Common techniques used are SIM swap fraud, vishing (voice phishing), and email scams. Fraudsters send fake emails, SMS (smishing), or phone calls (vishing) impersonating the bank to trick users into sharing sensitive information like login credentials, OTPs (One-Time Passwords), or account numbers. Once fraudsters obtain the information, they can gain access to the user’s mobile banking account and conduct unauthorized transactions. - As per current sim binding process, mobile number, IP, device id etc. is captured. Behavior-Based Authentication involves monitoring and analyzing the unique behavioural traits of users. By continually verifying the user throughout their session, behavior-based authentication prevents many forms of fraud, including account takeovers. Behavior-based user authentication provides a dynamic, secure, and user-friendly way to protect mobile banking applications from fraud. However, optimum balance of security, user convenience, and privacy is not achieved yet. Behaviour based adaptive authentication technologies are in nascent stage and rule-based authentication technologies lack behaviour based flexibility. Hence it is required that risk score basis behaviour of the customer including behavioural biometrics and anomaly detection is implemented efficiently	Participants are expected to provide solution to banks to differentiate between actual customer Vs fraudster initiated mobile/internet banking registration. Advanced fraud detection algorithms to detect suspicious activity that may indicate a cloned SIM card/ dual sim card etc. Algorithm to identify distance/difference between current location of customer basis location of mobile number/SIM and current location of person initiating the registration. Set up alerts for suspicious activities, such as login attempts from new locations or devices, multiple failed login attempts, or changes to account details. Implement strong authentication methods that cannot be bypassed even if phishing is successful. Notify users immediately if a SIM swap is detected or if suspicious activity (such as logins from a new device) occurs. Solution must provide option to traditional authentication factors which are now getting exploited by fraudsters to enable password less login.

Problem Statement

Description

Desired Outcome

Develop Credit Risk Management Model using alternative data to arrive at probability of default search and tracking of defaulter

This leads to a large part of the population in most emerging markets failing to access banking channels and consequently remain unbanked or underbanked, effectively denying lenders a gauge of their creditworthiness. Traditional thinking basis for traditional credit scoring models depends on historical financial data like credit reports and bank statements to exclude persons and small-sized businesses with limited financial track records. Fintech companies are starting to use alternative sources of information, such as social media activity, mobile phone usage, and utility payments, to determine the credit risk far more accurately than traditional methods.

Traditional credit scoring models are inadequate for assessing the creditworthiness of individuals and businesses without extensive credit histories.

The desired output is a new credit risk model that uses alternative data sources to improve the accuracy and representation of credit assessments. It needs to be transparent, scalable, and comply with data privacy regulations for it to allow lenders to extend credit to under-credited populations with minimal risks involved.

Impersonated Registration/Frauds in Mobile & Internet Banking along with behaviour-based user authentication with password less login

Registrations by fraudsters, impersonated as customer, in mobile & internet banking applications is a major security concern. Fraudsters impersonate as bank, courier, customs or police officials and send dubious link to customer to install apps. Then initiate mobile banking registration on fraudster’s device and obtain OTP, debit card details or other authentication details from customers. After successful registration they transfer funds to fraudster’s account.

Common techniques used are SIM swap fraud, vishing (voice phishing), and email scams. Fraudsters send fake emails, SMS (smishing), or phone calls (vishing) impersonating the bank to trick users into sharing sensitive information like login credentials, OTPs (One-Time Passwords), or account numbers. Once fraudsters obtain the information, they can gain access to the user’s mobile banking account and conduct unauthorized transactions. - As per current sim binding process, mobile number, IP, device id etc. is captured.
Behavior-Based Authentication involves monitoring and analyzing the unique behavioural traits of users. By continually verifying the user throughout their session, behavior-based authentication prevents many forms of fraud, including account takeovers. Behavior-based user authentication provides a dynamic, secure, and user-friendly way to protect mobile banking applications from fraud. However, optimum balance of security, user convenience, and privacy is not achieved yet.
Behaviour based adaptive authentication technologies are in nascent stage and rule-based authentication technologies lack behaviour based flexibility. Hence it is required that risk score basis behaviour of the customer including behavioural biometrics and anomaly detection is implemented efficiently

Participants are expected to provide solution to banks to differentiate between actual customer Vs fraudster initiated mobile/internet banking registration.

Advanced fraud detection algorithms to detect suspicious activity that may indicate a cloned SIM card/ dual sim card etc.
Algorithm to identify distance/difference between current location of customer basis location of mobile number/SIM and current location of person initiating the registration.
Set up alerts for suspicious activities, such as login attempts from new locations or devices, multiple failed login attempts, or changes to account details.
Implement strong authentication methods that cannot be bypassed even if phishing is successful.
Notify users immediately if a SIM swap is detected or if suspicious activity (such as logins from a new device) occurs.

Solution must provide option to traditional authentication factors which are now getting exploited by fraudsters to enable password less login.

How to Register:

Interested students can register through the following link: https://finshield.iith.ac.in/hackathon

Don’t miss this unique chance to collaborate . Let’s gear up for this exciting journey and make it a remarkable experience!

For more reference:

X (Twitter): https://x.com/BankofIndia_IN/status
Facebook:https://www.facebook.com/share
Instagram:https://www.instagram.com
LinkedIn:https://www.linkedin.com/posts/bankofindiaofficial_finshieldhackathon-hacktolead-fintechinnovation-activity

Event Timeline: June 2025 – September 2025

Task Details	Timeline
Registration of Participants & Teams	01st June 2025 to 24th June 2025
Idea submission by the registered teams	01st June 2025 to 24th June 2025
Shortlisting of Teams based on Submitted Idea	25th June to 30th June
Final Shortlisted Teams announcement	30th June 2025
Start of Phase 2 (Prototype Development)	01 July 2025
Periodic Report Submission	15 August 2025
Final presentation of prototype	2nd & 3rd September 2025
Prize Announcement and Closure	3rd September