Discuss, debate and exchange ideas on latest trends and opportunities in the Business Process Outsourcing (BPO) landscape. Deliberate on adding “business value” to clients, vendors, employees and various other stakeholders to enhance customer satisfaction and sustain long term partnerships.

« Evolving Automation in Meetings & Events | Main | The cost of switching suppliers »

Risk Management in a Cashless World

The banking industry has witnessed quite a few milestones after India's independence.The changing landscape of the banking industry requires us to question - what are the regulations and guidelines that govern the industry.  


The paradigm shift that the announcement on 9th November (demonetization) brought to the Indians, is probably one of the biggest milestones that would define how the country conducted future monetary transactions. While it is an exciting journey for the industry and for customers alike, it is also a journey that many Indians are unaware of, for the loopholes and risks it brings - the risks that are not very keenly observed across the spectrum of banking transactions.  

Banking Landscape 

The banking industry has witnessed quite a few milestones after India's independence. The landscape has always been with few basic elements and assumptions:

  • Bank is where people would go for depositing and withdrawing cash. 
  • Transactions for purchase of goods and services can be done with only cash / cheque and DD. 
  • Having a bank account is required only for businessmen and people earning a salary credited in the account, 
  • Bank accounts are not for housewives, elderly or children. 
However, over a period of time, dependence on bank or customers having to go to bank reduced with advent of ATMs, credit cards and internet banking. 

Just for the datapoint, as per media report, within a month of the announcement, digital transactions went up by 400-1000%. Referred from the resource available at RBI website, this clearly shows the dependence on cashless transactions (or digital transactions as bankers would prefer to call it) and faith in new age working that Indians are showing. 

Table  1 - Digital transactions as per RBI resource
Advait 1.5.png

The changing landscape of the banking industry requires us to question - what are the regulations and guidelines that govern the industry.  

Regulatory and Legal Framework 

While banking industry is governed by Banking Regulations Act (1949) and RBI guidelines, changing business model also brings in the IT Act of India (2000) to the fore.  
Any digital transaction these days, have multiple parties involved and multiple layers of infrastructure passing the information back and forth, making entire transaction that much complex and that needs a few key questions to be answered :  
  • How do we maintain integrity of transactions in digital payment system and make the transaction environment safe, thereby ensuring trust of both regulators and customers?  
  • How do we manage multi-factor authentication and secure the data at the point of origination till the end? 
  • How do we alert the payer, payee, bank and other stakeholders in case of any breach? Can this happen real-time? 
  • What is the risk of failed transaction, unauthorized transactions, exposure to the bank or payment platform owner or anyone linked in providing the services? 
  • How do we ensure privacy and no unauthorized usage of information? 

Digital Payment Channels and Risks 

With digital transactions through mobile wallets, online transfer thru IMPS etc. and traditional POS channels, key risks to be analyzed in light of above questions are 

Physical Security Risks 

Risk of the physical devices - POS terminal, card itself and network components is extremely vital. If the customer has setup a mobile app on the phone, security of the phone and awareness around it is pivotal for customer insuring the money. 

Operational Risks

The transaction processing, how the transactions are handled at backend systems, how transactions integrity is maintained by the systems and processes, how the maker-checker and segregation of duties is maintained are some absolutely crucial validation points. 
IT Risks
This spans across the spectrum - at the bank, at the merchant, at the customer and data in transit. 
  • Key Stakeholders
  • Key questions that arise are
  • Who owns the infrastructure?
  • Who possesses customer information, including Personally Identifiable Information?
  • What is the authentication mechanism? - Important consideration in any payment authorization is - who you are and what you have. In layman terms - identifying yourself and then keying the secret identifier - PIN, biometric etc.
Following are the key stakeholders in the digital payment ecosystem and what information do they collect, process, store and what are the implications of misuse. 

Advait 2.png

Advait 3.png

Advait 4.png
Advait 5.png
Concluding Remarks 

It is amply clear that the risk, liability and exposure of data collection, storage and retrieval is huge.  And while technology has brought ease to doing business, it also has brought inherent risks. These have to be known and then mitigated. And while the focus of the bank may remain ARPU (Average Revenue Per User), the industry and regulators have to look at the entire ecosystem rather than looking only within their own span of control in protecting customers' interests. 


Comments

Excellent blog Advait. As the industry grows and matures, Data security woukd be critical. With the increase in volume of financial service providers, securing the end user private/confidential information would be a big challenge.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Follow us on

Blogger Profiles

Tweets by @Infosys_BPO