120 likes | 274 Views
Mobile Payment Forum of India: Regulatory Sub-Committee. Sachin Khandelwal June 07, 2008. Mobile Infrastructure and Banking system in India. Mobile subscribers – 261 million as on 31 st March 2008 and growing 8 million per month Population of 1.2 billion
E N D
Mobile Payment Forum of India:Regulatory Sub-Committee Sachin Khandelwal June 07, 2008
Mobile Infrastructure and Banking system in India Mobile subscribers – 261 million as on 31st March 2008 and growing 8 million per month Population of 1.2 billion Bank accounts – 360 million December 2007 67 percent of adult population have bank accounts Nearly 45,000 out of 72,000 bank branches are under the core banking solution (CBS) of banks Electronic payment predominantly happens through the CBS branches Internet banking penetration is very low though picking up fast in last two years Money transfer to/from remote places is still a big challenge Electronic benefit transfer (EBT) is a big task ahead
Mobile banking infrastructure at present A good number of banks have started using mobile as a delivery channel SMS alert for transaction updation, reminder for payments, balance enquiry, last five transactions etc. being provided by many banks Utility bill payments, intra-bank funds transfer offered by a few banks Many pilot runs, many solutions and little interconnectivity – banks are not sure whether they are too early or too late
1. Introduction • Mobile phone has become an alternate channel for delivery of banking & financial services • Mobile banking is defined as information exchange between a bank and its customers for financial and/or non-financial transactions • Three players – banks, mobile payment service providers & mobile operators • Guidelines are restricted to banked customers using the mobile platform • Extending the service to non-banked customers will be examined later
Products restricted to bank account holders Services to be in INR Guidelines on Risks & Controls in Computers & Telecommunication to be applicable Banks should develop & enforce outsourcing guidelines to manage 3rd party service providers Current KYC & AML guidelines will be applicable Whether NRIs can carry out Rupee denominated transactions 2. Regulatory & Supervisory Issues
Banks should offer service to own customers only Two levels of service – informational & transactional In case of customer having multiple accounts within/across banks, service provider should enable designation of primary account or card One-time registration through a signed document 3. Registration of Customers
Ensure authentication & non-repudiation Online transactions mPIN End-to-end encryption 2nd factor (optional) Offline transactions Offline PIN End-to-end encryption Payment service provider to comply with PCI DSS or bank’s security guidelines Use of mobile number as 2nd factor? Suggest – For what all txns? (Mobile # + PIN) 1st factor (Password / DOB / Txn PIN) 2nd factor Card number / OTP as 2nd factor is impractical On WAP & Web, getting mobile numbers as a mandatory field from Telcos Mpin to be encrypted If SMS is encrypted, then it does not pose any additional risk as compared to other channels 4. Technology & Security Standards
Service should be available across all telcos Use standard messaging formats (prescribed by MPFI and/or ISO 8583) to ensure interbank transactions How do we ensure that service is available across both GSM and CDMA operators, given that CDMA operators adopt a different approach Use of SFMS and NEFT for interbank non-card txns 5. Interoperability
Option of bilateral / multilateral arrangements for Interbank settlements Banks to not participate in any e-money / stored-value prepaid product Discuss the stance on other prepaid systems recently allowed Understand the concept of Interbank Payment Gateways 6. Clearing & Settlements
Customer to be made aware of any additional channel risk prior to sign up Banks could be exposed to enhanced risk of liability on account of mobile technology – bank to take adequate risk control measures All precautions taken in the case of Internet Banking become directly applicable in the Mobile scenario 7. Legal Issues