The New Onboarding, The New Risks
The rapid shift to remote and hybrid work models in India has revolutionized hiring, allowing companies to access talent from anywhere. However, this flexibility has also opened a Pandora's box of security vulnerabilities. When you can't meet a candidate
in person, traditional trust signals are absent. This gap is being exploited by sophisticated fraudsters. They create fake profiles, use stolen credentials, and convincingly navigate multiple interview rounds with the sole aim of gaining access to your company's internal systems, sensitive data, or financial assets. The threat isn't just theoretical; reports of 'impersonation-for-hire' scams are on the rise, where one person aces the interview, and another, less qualified individual, shows up for the job.
Why 'Good Faith' Is a Bad Strategy
Relying on a candidate's polished resume and smooth interview performance is no longer sufficient. The consequences of failing to verify an identity can be catastrophic. Imagine sending a company-issued laptop and access credentials to a phantom employee at a fake address. That device, now a rogue endpoint, can be used to infiltrate your network. Consider the implications of sending an offer letter, which contains salary details and company information, to a competitor or a scammer. Even worse, onboarding documents often require the submission of personal data from the company's side, which could be used for social engineering attacks against your HR or finance departments. This isn't just a data security issue; it's a direct threat to your financial stability, operational integrity, and reputation.
A Practical Verification Protocol
Building a robust identity verification process doesn't have to be complicated. It should be a mandatory step between making a verbal offer and sending any official documentation. A multi-layered approach is most effective: 1. **Mandatory Video Verification:** Before sending any documents, schedule a mandatory, live video call. Ask the candidate to hold their government-issued ID (like an Aadhaar or PAN card) next to their face. Check that the name and photo match the person on the call and the details on their application. This simple step filters out a vast majority of low-effort scams. 2. **Digital Document Submission:** Use a secure portal for document submission rather than email. Email is easily intercepted. Request digital copies of identity and address proofs. For Aadhaar, use methods that don't require the individual to share their number directly if possible, such as QR code scanning or masked Aadhaar, to comply with privacy best practices. 3. **Cross-Reference Information:** Check for consistency across all documents and platforms. Does the name on the PAN card match the bank account details provided for salary? Does the address on their proof of residence match what they've told you? Small inconsistencies are often a red flag.
Leveraging Technology Securely
For companies hiring at scale, manual verification can be time-consuming and prone to error. This is where technology can help. There are numerous digital identity verification (IDV) services available in India that can automate this process. These platforms use AI to check the authenticity of ID documents, perform liveness checks via video to prevent spoofing, and cross-reference information against various databases. When choosing a tool, prioritize those that are compliant with Indian regulations, particularly the Digital Personal Data Protection (DPDP) Act. The goal is not just to verify an identity but to do so in a way that respects the candidate's privacy and protects their data from misuse. Ensure any third-party service you use has robust data encryption and clear privacy policies.
Compliance and Data Privacy
In India, handling personal data is governed by increasingly strict rules. Under the DPDP Act, you must have a legitimate reason to collect personal data (like for employment), and you must obtain clear consent. It's crucial to practice 'data minimization'—only collect the information you absolutely need for the verification process. Be transparent with candidates about why you are collecting this information, how it will be stored, and for how long. Create a clear internal policy for handling and deleting candidate data after the verification process is complete, especially for those who are not hired. Failure to comply can result in significant financial penalties and reputational damage.
