(1) Penetration of banking services in rural areas has been a major area of concern to the Government. The Government has been considering leveraging the growth of mobile service in rural areas to provide basic financial services to unbanked citizens of the country by riding on mobile infrastructure. An Inter Ministerial Group (IMG) was constituted on 19.11.2009 by the Cabinet Secretariat to workout relevant norms and modalities for introduction of a mobile based delivery model for delivery of basic financial services and to enable finalization of a framework to allow financial transactions using mobile phones. The report and recommendations of the IMG were examined by a Committee of Secretaries and accepted by the Government. The proposed system envisages sharing of the following elements:
(a) A simplified common template for the KYC requirements for the Mobile linked No-Frills Accounts which is acceptable to all service providers.
(b) Cash-in / cash-out operations at the front end involving deposits and withdrawals into Mobile linked No-Frills Accounts.
(c) An Account Mapper that provides linkages between Unique Identification Number, mobile number and the mobile linked nofrills account details. Real-Time Micro Transactions (REMIT) connects to the Account Mapper to obtain details pertaining to a specific customer after he has been authenticated.
(d) An interoperable central payments switch, called REMIT Switch, that will facilitate real time transaction routing across Banking Correspondents (BCs), Banks (or associated Financial Institutions and outsourcing partners of Banks), Unique Identification Authority of India, Account Mapper and mobile service providers. INFAST (Interoperable Infrastructure for Accounting Small Transactions) can be created as an additional infrastructure for creating and managing mobile linked no-frills accounts.
(e) The IMG framework based on mobile phones and biometric-based authentication will form the core micro-payment platform for transfer of benefits under various government schemes, micropayment services and financial inclusion for the target groups of social sector programmes.
(2) The IMG has, inter-alia recommended that TRAI may also draw up guidelines to ensure high availability of associated communication services. Mobile banking consists of banking transactions and the use of mobile networks for communicating through mobile phones by the customer for such transactions. The entire transaction depends on the capability of the mobile network to deliver a fast, reliable and cost effective method of communication with inbuilt audit trails and desired levels of security for transmission. These aspects were addressed through a consultation process by TRAI by issuing a Consultation Paper on 28th October 2010 seeking the views of stakeholders by 15th December 2010 to identify QoS parameters to meet such requirements. An Open House Discussion was held at Mumbai on 23rd March, 2011 and based on the stakeholders comments and study of the system, the Quality of Service for various parameters forming part of the mobile communication has been prescribed in these regulations.
(3) The modes for delivery of messages for mobile banking: During consultation process, most of the stakeholders opined that SMS (Short Messaging Service), IVR (Interactive Voice Response), WAP (Wireless Access Protocol) platform can be used across both CDMA and GSM and methods like JAVA/ BREW applications and STK may also be preferred. It is seen that various modes of communication that can be used for mobile financial transactions offer different functionality and has its own merits. Some of the methods of communication may not be suitable for low-end handsets. The Authority felt that, considering the ease of use and availability across all the mobile handsets, SMS, USSD and IVR need to be mandated. The Authority also felt that WAP and STK could be optionally allowed for such communications. Accordingly, provisions have been made in the regulations. The Authority may also prescribe, from time to time, any other methods of communications.
(4) Being a financial transaction the consumer would like to receive confirmation of the outcome of the transaction at the earliest. In the case of SMS, there could be a possibility that the SMS is not delivered due to customer related issues or network related issues. To address this issue it has also been mandated that in such cases an USSD communication is also sent to the customer confirming the completion of transaction. Wherever the network permits, the service provider, through mutual agreement with the bank, should implement such a system where the confirmation message shall be sent with a request for delivery report confirmation to Access Provider’s SMSC. Access Provider’s SMSC will try to deliver such messages immediately within the time limit prescribed in these regulations and inform back the delivery status with proper error code towards application hosted at the backend. In case the SMS delivery fails, the error code received from the SMSC can be used by the system in the backend to trigger an USSD towards the customer. Considering the fact that USSD messages cannot be stored, it has also been provided in the regulations that the expiry time for SMS will be a minimum of seventy two hours.
(5) The time frame for delivery of messages for mobile banking: Most of the stakeholders had suggested different time frames for different methods of communication. After considering various suggestions in this regard, the Authority decided the time frame for delivery of the messages for mobile banking transaction. Measurement methodology for the time frame for delivery of the messages generated by the customer or the bank relating to banking services provided to the customers are prescribed in Schedule-I. These time frames are for the first delivery attempt.
(6) QOS parameters: During consultation process most of the stakeholders agreed with the present quality of service parameter for the network which are already prescribed by the TRAI in accordance with Standards Of Quality Of Service Of Basic Service( Wireline) and Cellular Mobile Telephone Services, Regulation, 2009. The Authority considered the matter and felt that the quality of service standards already laid down by the Authority would be sufficient to address network related quality of service parameters. However, for protecting the interest of consumers the Authority has prescribed the following three Customer Centric parameters:
(a) Time taken to deliver error and success confirmation message: This parameter signifies the efficiency in the delivery of error and success confirmation messages. As per this parameter the error messages and successful confirmation messages sent by the banking system based on customer action shall be delivered to the customer within 2 minutes. The regulations further provide that in case a message generated by the customer or the bank cannot be delivered due to any reason the access provider shall immediately send an error message intimating the non-completion of the process to the customer or the bank, as the case may be.
(b) Transaction update on the system: Any message triggered through a consumer action for mobile banking services shall be updated in the system for any transaction on a real time basis.
(c) Success of delivery of financial transaction messages: This parameter signifies the efficiency in the successful delivery of financial transaction message.
(7) Periodical reporting system: The regulations provide for periodical reporting of performance of service providers against the quality of service benchmarks prescribed in these regulations in such format and at such interval as may be prescribed by the Authority.
(8) Security requirements: During consultation process, all the stakeholders opined that security is a critical issue. The most important security components are stated to be Authenticity and authorization, Integrity, Non-repudiation, and Confidentiality. The GSM/CDMA system architecture takes care of End to End Encryption, Authentication, Authorization, Integrity and Non-repudiation, which are governed by international standard bodies.
(9) Accordingly, the Authority has prescribed in these regulations that the confidentiality of end to end encryption, integrity, authentication and non-repudiation of communication shall be in accordance with the standards certified by ITU/ETSI/TEC/ International standardization bodies such as 3GPP/3GPP2/IETF/ANSI/TIA/IS or any other international standard as may be approved by the Central Government.