Transcript Document

Mobile Payment Forum of India:
Regulatory Sub-Committee
Sachin Khandelwal
June 07, 2008
Mobile Infrastructure and
Banking system in India
• Mobile subscribers – 261 million as on 31st March 2008 and
growing 8 million per month
• Population of 1.2 billion
• Bank accounts – 360 million December 2007
• 67 percent of adult population have bank accounts
• Nearly 45,000 out of 72,000 bank branches are under the core
banking solution (CBS) of banks
• Electronic payment predominantly happens through the CBS
branches
• Internet banking penetration is very low though picking up fast in
last two years
• Money transfer to/from remote places is still a big challenge
• Electronic benefit transfer (EBT) is a big task ahead
Mobile banking infrastructure at
present
• A good number of banks have started using mobile as a
delivery channel
• SMS alert for transaction updation, reminder for
payments, balance enquiry, last five transactions etc.
being provided by many banks
• Utility bill payments, intra-bank funds transfer offered by
a few banks
• Many pilot runs, many solutions and little
interconnectivity – banks are not sure whether they are
too early or too late
1. Introduction
• Mobile phone has become an alternate channel
for delivery of banking & financial services
• Mobile banking is defined as information
exchange between a bank and its customers for
financial and/or non-financial transactions
• Three players – banks, mobile payment service
providers & mobile operators
• Guidelines are restricted to banked customers
using the mobile platform
• Extending the service to non-banked customers
will be examined later
2. Regulatory & Supervisory Issues
• Products restricted to
bank account holders
• Services to be in INR
• Guidelines on Risks &
Controls in Computers &
Telecommunication to be
applicable
• Banks should develop &
enforce outsourcing
guidelines to manage 3rd
party service providers
• Current KYC & AML
guidelines will be
applicable
• Whether NRIs can carry
out Rupee denominated
transactions
3. Registration of Customers
• Banks should offer
service to own customers
only
• Two levels of service –
informational &
transactional
• In case of customer
having multiple accounts
within/across banks,
service provider should
enable designation of
primary account or card
• One-time registration
through a signed
document
4. Technology & Security Standards
• Ensure authentication &
non-repudiation
• Online transactions
– mPIN
– End-to-end encryption
– 2nd factor (optional)
• Offline transactions
– Offline PIN
– End-to-end encryption
• Payment service provider
to comply with PCI DSS
or bank’s security
guidelines
• Use of mobile number as 2nd
factor?
• Suggest –
– For what all txns?
– (Mobile # + PIN) 1st factor
– (Password / DOB / Txn PIN)
2nd factor
• Card number / OTP as 2nd
factor is impractical
• On WAP & Web, getting
mobile numbers as a
mandatory field from Telcos
• Mpin to be encrypted
• If SMS is encrypted, then it
does not pose any additional
risk as compared to other
channels
5. Interoperability
• Service should be
available across all telcos
• Use standard messaging
formats (prescribed by
MPFI and/or ISO 8583) to
ensure interbank
transactions
• How do we ensure that
service is available
across both GSM and
CDMA operators, given
that CDMA operators
adopt a different
approach
• Use of SFMS and NEFT
for interbank non-card
txns
6. Clearing & Settlements
• Option of bilateral /
multilateral
arrangements for
Interbank settlements
• Banks to not
participate in any emoney / stored-value
prepaid product
• Discuss the stance on
other prepaid systems
recently allowed
• Understand the
concept of Interbank
Payment Gateways
7. Legal Issues
• Customer to be made
aware of any additional
channel risk prior to sign
up
• Banks could be exposed
to enhanced risk of
liability on account of
mobile technology – bank
to take adequate risk
control measures
• All precautions taken in
the case of Internet
Banking become directly
applicable in the Mobile
scenario
Questions / Suggestions?
Thank You