Mobile Banking in India - Guidelines

India has about 207 MM (September 2007 TRAI Data) mobile phone subscribers, a
number that is larer than the number o! ban" accounts or Internet users# $i%en the
mobile tele&densit' o! about 20( and de%elopment o! secure mobile technolo'
solutions, ban"s are )ell&positioned bride the diital di%ide and introduce the unban"ed
sector to the !inancial mainstream
*ou ma' be a)are that Reser%e +an" o! India had set up the Mobile ,a'ments -orum .!
India (M,-I), a /0or"in $roup on Mobile +an"in to e1amine di!!erent aspects o!
Mobile +an"in (M&ban"in)# The $roup had !ocused on three ma2or areas o! M&
ban"in, i#e#, (i) technolo' and securit' issues, (ii) business issues and (iii) reulator'
and super%isor' issues# A cop' o! the $roups report is enclosed# R+I has accepted the
recommendations o! the $roup to be implemented in a phased manner# Accordinl', the
!ollo)in uidelines are issued !or implementation b' ban"s# +an"s are also ad%ised that
the' ma' be uided b' the oriinal report, !or a detailed uidance on di!!erent issues#
3o)e%er to start )ith , )e must understand )ho the %arious sta"eholders are and )hat
there e1pectation are4
Sta"eholders are as !ollo)s
a) 5onsumers
b) Merchants
c) Mobile 6et)or" operators
d) Mobile de%ice manu!acturers
e) -inancial institutions and ban"s
f) So!t)are and technolo' pro%iders
g) $o%ernment
7ach sta"eholder roup has the !ollo)in e1pectations4
a) To meet the !ollo)in Consumer e1pectations4
,ersonali8ed ser%ice
Minimal learnin cur%e
Trust, pri%ac' and securit'
9bi:uitous ; an')here, an'time and an' currenc'
<o) or 8ero cost o! usae
Interoperabilit' bet)een di!!erent net)or" operators, ban"s and de%ices
Anon'mit' o! pa'ments li"e cash
,erson to person trans!ers
b) To meet the !ollo)in Merchant e1pectations4
-aster transaction time
<o) or 8ero cost in usin the s'stem
Interation )ith e1istin pa'ment s'stems
3ih securit'
+ein able to customi8e the ser%ice
Real time status o! the mobile pa'ment ser%ice
Minimum settlement and ,a'ment time
c) To meet the !ollo)in Telecom Network Providers e1pectations4
$eneratin ne) income b' increase in tra!!ic
Increased A%erae Re%enue ,er 9ser (AR,9) and reduced churn (increased
lo'alt')
+ecome an attracti%e partner to content pro%iders
d) To meet the !ollo)in Mobile Device Manufacturers e1pectations4
<are mar"et adoption )ith embedded mobile pa'ment application
<o) time to mar"et
Increase in A%erae Re%enue ,er 9ser (AR,9)
e) To meet the !ollo)in Banks e1pectations4
6et)or" operator independent solutions
,a'ment applications desined b' the ban"
71ceptional brandin opportunities !or ban"s
+etter %olumes in ban"in ; more card pa'ments and less cash transactions
5ustomer lo'alt'
!) To meet the !ollo)in oftware and Technolog! Providers e1pectations4
<are mar"ets
) To meet the !ollo)in Government e1pectations
Re%enue throuh ta1ation o! m&pa'ments
Standards
I" Technolog! and ecurit! tandards
<<Major inputs to be provided by the Technology Sub Committee>>
<<Recommendation on Technology Standards by Regulatory Sub Committee>>
The technolo' used must be secure and at the same time con%enient to deplo' and cost
e!!ecti%e# The !ollo)in technolo' basis pro%ides a summar' o! the a%ailable
models# +an"s must deplo' onl' secure channels that pro%ide a non&repudiable
plat!orm to transact#
Telecom
tandar
d
Data
Bearer
#ser
Interface
Method of
Invoking $
Initiating
Transactions
ecurit! %ardware $ etu&
'e(uirements
$SM ,lain Te1t
SMS
Structured
Te1t
SMS = >2M7 0ea"
7ncr'pti
on
0or"s on an' phone#
0or"arounds li"e I?R call
bac"s !or sensiti%e
in!ormation are possible
$SM 9SSD =
Application
SMS
$9I
($raphic
9ser
Inter!ace) =
Structured
Te1t
SMS = >2M7 Secure
5hannel
>2M7 client re:uires >a%a
enabled phone#
$SM $,RS =
0A,
$9I >2M7 = +ro)ser Secure
5hannel
>a%a enabled phone )ith
$,RS# 0ithout $,RS this
can )or" )ithin the
Telecom pro%iders )alled
arden#
5DMA Application
SMS =
$,RS =
0A,
$9I +re) = +ro)ser Secure
5hannel
.perator centric usae
The o%erall securit' !rame)or" should ensure#
7ncr'pted messain = session bet)een consumers phone and third part' ser%ice
pro%ider = telecom compan'# Minimum encr'ption standards to be speci!ied to
ma"e the transaction ban"in rade (7## Min @2A bit SS<)
All subse:uent routin o! messaes to the ban"s ser%ers must be )ith the hihest
le%el o! securit' )ith dedicated connecti%it' li"e leased lines = ?,6s#
I! an' sensiti%e in!ormation is stored in third part' s'stems, ban"s must ensure
that access to this in!ormation is restricted )ith appropriate encr'ption and
hard)are securit' standards#
All transactions that a!!ect an account (those that result in to an account bein
debited or credited, includin schedulin o! such acti%it') should be allo)ed onl'
a!ter authentication o! the mobile number and the m,I6 associated )ith it#
Transactions onl' !or in!ormation such as balance en:uir', mini statements,
reistered pa'ee details, etc ma' be allo)ed )ith either mobile number or ,I6#
9nless !ool proo! securit' is used in compilin and deplo'in the mobile ban"in
applications, the ,I6 number should not be allo)ed to be stored in the mobile
ban"in application on the phone# As, enerall' the application installed on the
phone )ould be de%eloped in >a%a, it ma' be possible to decompile it e1tract the
m,I6# Alternati%el', the application should be so compiled that it should not be
!easible to e1tract the ,I6 on decompilation#
All accounts, credit or debit cards allo)ed to be transacted throuh the mobile
phones should ha%e the mobile phone number lin"ed to the account, credit or
debit card# This mobile number should be used as the second !actor authentication
!or mobile transactions#
Durin the transaction, the ,I6 should not tra%el in plain te1t# Doin this, there is
ris" o! the ,I6 bein snooped out o! the phone !rom sent items and also it bein
e1posed at the SMS5 le%el# Also, it ma' be able to snoop out the ,I6 durin
transmission, althouh, this is %er' di!!icult in cellular communications#
,roper le%el o! encr'ption should be implemented !or communicatin !rom the
mobile handset to the mobile pa'ments ser%ice pro%iders ser%er# It has been
assumed that proper securit' chec"s )ould be made b' the ban"s to ascertain the
securit' le%els o! the ser%ice pro%iders# This ma' include ,5I DSS certi!ication in
addition to ban"s o)n audits#
,roper s'stem o! %eri!ication o! the phone number should be implemented,
)here%er possible# This is so as to uard aainst spoo!in o! the phone numbers
as mobile phones )ould be used as the second !actor authentication#
It is also recommended that Internet +an"in loin ids and pass)ords ma' not be
allo)ed to be used throuh the mobile phones# As !raudsters et more
sophisticated, the chances o! phishin attac"s on mobile phones )ould become
more probable# Allo)in Internet ban"in loin id and pass)ord usae on the
mobile phone ma' compromise their usae on the Internet ban"in channel# This
restriction ma' be communicated to the customers throuh an industr' )ide e!!ort
so as to ensure that Internet ban"in pass)ords are not compromised throuh
mobile phones#
The pa'ment authorisation messae !rom the users mobile phone should be
securel' encr'pted and chec"ed !or tamperin b' the ser%ice pro%ider or the ban"#
It should not be possible !or an' interceptor to chane the contents o! the
messae#
,ro%ided the abo%e securit' recommendations are re%ie)ed, the mobile pa'ment
ser%ice could use an' o! the pre!erred mode o! communication %i8#, SMS, I?RS,
0A,=$,RS, 9SSD and 6-5# There are couple o! securit' issues in some o!
these modes o! communications, )hich are listed belo)4
a# SMS is the simplest !orm o! communication, but is %ulnerable to tamperin#
As lon as there is a second le%el o! chec" on the details o! the transaction so
as to uard aainst data tamperin and the m,I6 does not tra%el in plain te1t,
this mode o! communication can be used#
b# I?RS is also a simple mode o! communication and there!ore does not ha%e
an' inbuilt securit' measures# The s'stem should be capable o! encr'ptin the
DTM- tone entries, i! re:uired to be stored or transmitted#
c# 9SSD communication uses its inbuilt encr'ption technolo' to tal" bet)een
the cell phone and the operators ser%er# 3o)e%er, the decr'ption o! the
in!ormation happens at the cell phone operators ser%er# ?ulnerabilit' o! data
ma' e1ists at this point# This in!ormation should be re&encr'pted and
transmitted to the ser%ice pro%ider#
An' o! the !ollo)in modes o! user inter!ace ma' be used, pro%ided the abo%e
listed securit' measures are ta"en into consideration4
a# SMS
b# Menu dri%en application
c# Menu dri%en 9SSD application
d# 0A,=$,RS )ebsite
-ormats need to be speci!ied !or e1chane o! in!ormation bet)een ban"s# .n the
debit=credit card !ront, the e1itin IS. ABAC messae !ormat ma' be used !or
communication bet)een ban" s)itches# 3o)e%er, !or account number based
mobile trans!ers, a messae !ormat ma' need to be !ro8en#
+an"s should desinate a net)or" and database administrator )ith clearl' de!ined
roles as indicated in the technolo' $roups report
+an"s should ha%e a securit' polic' dul' appro%ed b' the +oard o! Directors#
There should be a sereation o! dut' o! Securit' .!!icer = $roup dealin
e1clusi%el' )ith in!ormation s'stems securit' and In!ormation Technolo'
Di%ision )hich actuall' implements the computer s'stems# -urther, In!ormation
S'stems Auditor )ill audit the in!ormation s'stems#
+an"s should introduce loical access controls to data, s'stems, application
so!t)are, utilities, telecommunication lines, libraries, s'stem so!t)are, etc#
<oical access control techni:ues ma' include user&ids, pass)ords, smart cards or
other biometric technoloies
At the minimum, ban"s should use the pro1' ser%er t'pe o! !ire)all so that there
is no direct connection bet)een the Internet and the ban"s s'stem# It !acilitates a
hih le%el o! control and in&depth monitorin usin loin and auditin tools#
-or sensiti%e s'stems, a state!ul inspection !ire)all is recommended )hich
thorouhl' inspects all pac"ets o! in!ormation, and past and present transactions
are compared# These enerall' include a real time securit' alert#
All the s'stems supportin dial up ser%ices throuh modem on the same <A6 as
the application ser%er should be isolated to pre%ent intrusions into the net)or" as
this ma' b'pass the pro1' ser%er#
The in!ormation securit' o!!icer and the in!ormation s'stem auditor should
underta"e periodic penetration tests o! the s'stem, )hich should include4
o Attemptin to uess pass)ords usin pass)ord&crac"in tools#
o Search !or bac" door traps in the prorams#
o Attempt to o%erload the s'stem usin DDoS (Distributed Denial o!
Ser%ice) D DoS (Denial o! Ser%ice) attac"s#
o 5hec" i! commonl' "no)n holes in the so!t)are, especiall' the bro)ser
and the e&mail so!t)are e1ist#
o The penetration testin ma' also be carried out b' enain outside
e1perts (o!ten called /7thical 3ac"ers)
,h'sical access controls should be strictl' en!orced# ,h'sical securit' should
co%er all the in!ormation s'stems and sites )here the' are housed, both aainst
internal and e1ternal threats#
+an"s should ha%e proper in!rastructure and schedules !or bac"in up data# The
bac"ed&up data should be periodicall' tested to ensure reco%er' )ithout loss o!
transactions in a time !rame as i%en out in the ban"s securit' polic'# +usiness
continuit' should be ensured b' settin up disaster reco%er' sites# These !acilities
should also be tested periodicall'
II" Business ) *egal Issues
<<Major inputs to be provided by the Business Sub Committee>>
The !ollo)in "inds o! business applications are en%isaed under the pur%ie) o! this
circular# +an"s ma' permit the !ollo)in transactions to its e1istin customers# The' )ill
encompass three "e' areas4
Mobile ban"in (basic sa%in account ; balance en:uir', bill pa'ment, credit card
pa'ment, Dra!t issuance, Deposit boo"in, Stop pa'ment re:uest, !unds trans!er
to another ban" account includin C
rd
part' trans!ers, chane ! personal ,I6
M 5ommerce (usin mobile as a pa'ment instrument either lin"ed to a ban"
account or throuh stored %alue)
Remittance4 Allo)in !unds trans!er bet)een ban" accounts, ban" to cash()here
the bene!iciar' does not ha%e a ban" account) and cash to cash
+an"s ma' additionall' !acilitate transactions !or their customers customers (7##
+ill ,a'ments !or their corporate clients and other transactions that !acilitate
transactional con%enience and also the inclusion o! the !inanciall' e1cluded into
the ban"in mainstream# Thus ban"s ma' also permit !ollo)in transactions !or
non&customers=non&account holders#
i# Small %alue person&to&person remittances (not e1ceedin Rs @B,000)
includin the use o! ban" branches, ATMs and other C
rd
part' outlets
appro%ed b' +an"s or Telcos !or !acilitatin cash in = cash out# In such
cases, ban"s ma' rel' on E*5 processes per!ormed b' other
intermediaries (such as Telcos) as detailed in section III A o! this circular#
ii# International remittances & i#e# 6on resident Indians sendin mone' bac"
home to their !amilies (To be read in con2unction )ith the MTSS
uidelines)
5onsiderin the leal position pre%alent, there is an obliation on the part o!
ban"s not onl' to establish the identit' but also to ma"e en:uiries about interit'
and reputation o! the prospecti%e customer# There!ore, e%en thouh re:uest !or
openin a sa%ins = current account can be accepted o%er Mobile
Telecommunication, these should be opened onl' a!ter proper introduction and
ph'sical %eri!ication o! the identit' o! the customer#
-rom a leal perspecti%e, securit' procedure adopted b' ban"s !or authenticatin
users needs to be reconi8ed b' la) as a substitute !or sinature# In India, the
In!ormation Technolo' Act, 2000, in Section C(2) pro%ides !or a particular
technolo' (%i8#, the as'mmetric cr'pto s'stem and hash !unction) as a means o!
authenticatin electronic record# An' other method used b' ban"s !or
authentication should be reconi8ed as a source o! leal ris"# 5ustomers must be
made a)are o! the channel ris" prior to sin up#
9nder the present reime there is an obliation on ban"s to maintain secrec' and
con!identialit' o! customers/ accounts# In the Mobile&ban"in scenario, the ris" o!
ban"s not meetin the abo%e obliation is hih on account o! se%eral !actors#
Despite all reasonable precautions, ban"s ma' be e1posed to enhanced ris" o!
liabilit' to customers on account o! breach o! secrec', denial o! ser%ice etc#,
because o! hac"in= other technoloical !ailures# The ban"s should, there!ore,
institute ade:uate ris" control measures to manae such ris"s#
In Mobile ban"in scenario there is %er' little scope !or the ban"s to act on stop&
pa'ment instructions !rom the customers# 3ence, ban"s should clearl' noti!' to
the customers the time!rame and the circumstances in )hich an' stop&pa'ment
instructions could be accepted#
The 5onsumer ,rotection Act, @FAG de!ines the rihts o! consumers in India and
is applicable to ban"in ser%ices as )ell# 5urrentl', the rihts and liabilities o!
customers a%ailin o! Internet ban"in ser%ices are bein determined b' bilateral
areements bet)een the ban"s and customers# 5onsiderin the ban"in practice
and rihts en2o'ed b' customers in traditional ban"in, ban"s liabilit' to the
customers on account o! unauthori8ed trans!er throuh hac"in, denial o! ser%ice
on account o! technoloical !ailure etc# needs to be assessed and ban"s pro%idin
Mobile ban"in should consider insurin themsel%es aainst such ris"s, as is the
case )ith Internet +an"in#
+an"s ma' determine their o)n pricin !or the use o! these ser%ices#
+an"s should et the scheme !or !acilitatin Mobile ban"in appro%ed b' their
respecti%e boards = <.M5 be!ore o!!erin it to their customers# The <.M5
appro%al must document the e1tent o! .perational and -raud ris" assumed b' the
ban" and the ban"s processes D policies desined to mitiate such ris"#
E*5 ,rocess
+an"s are permitted to rel' on -inancial Intermediaries as recommended b' the rela1ed
E*5 uidelines issued %ide R+I circular D+.D#6.#AM<#+5#2A =@H#0@#00@=200B&0G
dated Auust 2C, 200B A +an" can sponsor the small %alue remittance ser%ice b' enterin
into arranements )ith intermediaries in order to manae distribution, technolo' and
scale#
In the same spirit, +an"s ma' partner )ith Telecom companies, Technolo' companies
etc to !acilitate such small %alue trans!ers# +an"s ma' rel' on introductions !rom an'
person on )hom E*5 has been done and certi!icates o! identi!ication issued b' the
intermediar'# Thus the intermediar' can be a Telecom compan', another ban" or !inancial
institution or a stand alone Trust 5ompan' dedicated to the purpose o! !acilitatin such
transactions#
It is proposed that in cases )here the remitter is the o)ner o! the mobile phone, the +an"
relies on the telecom compan's E*5 and obtains a cop' o! the reistration documents
!rom the telecom compan'# In cases )here the remitter is not the o)ner o! the mobile
phone, a letter o! introduction is ta"en !rom the o)ner and the remitter reisters )ith a
limited E*5 comprisin o! photoraph and address proo!# 0here%er address proo! is not
a%ailable, the introducer can certi!' the enuineness o! the remitters address#
III" 'egulator! ) u&ervisor! Issues
As recommended b' the $roup, the e1istin reulator' !rame)or" o%er ban"s )ill be
e1tended to Mobile ban"in also# In this reard, it is ad%ised that4
@# .nl' such ban"s )hich are licensed and super%ised in India and ha%e a ph'sical
presence in India )ill be permitted to o!!er Mobile ban"in products to residents o!
India# Thus, both ban"s and %irtual ban"s incorporated outside the countr' and ha%in
no ph'sical presence in India )ill not, !or the present, be permitted to o!!er mobile
ban"in ser%ices to Indian residents#
2# The products should be restricted to account holders onl' and should not be o!!ered in
other 2urisdictions#
C# The ser%ices should onl' include local currenc' products#
H# The /in&out scenario )here customers in cross border 2urisdictions are o!!ered
ban"in ser%ices b' Indian ban"s (or branches o! !orein ban"s in India) and the /out&
in scenario )here Indian residents are o!!ered ban"in ser%ices b' ban"s operatin in
cross&border 2urisdictions are enerall' not permitted and this approach )ill appl' to
Internet ban"in also# The e1istin e1ceptions !or limited purposes under -7MA i#e#
)here resident Indians ha%e been permitted to continue to maintain their accounts
)ith o%erseas ban"s etc#, )ill, ho)e%er, be permitted#
B# .%erseas branches o! Indian ban"s )ill be permitted to o!!er Internet ban"in
ser%ices to their o%erseas customers sub2ect to their satis!'in, in addition to the host
super%isor, the home super%isor#
$i%en the reulator' approach as abo%e, ban"s are ad%ised to !ollo) the !ollo)in
instructions4
a# All ban"s, )ho propose to o!!er transactional ser%ices on the Mobile
ser%ices should obtain prior appro%al !rom R+I# +an"s application !or such
permission should indicate its business plan, anal'sis o! cost and bene!it, operational
arranements li"e technolo' adopted, business partners, third part' ser%ice pro%iders
and s'stems and control procedures the ban" proposes to adopt !or manain ris"s#
The ban" should also submit securit' polic' co%erin recommendations made in this
circular and a certi!icate !rom an independent auditor that the minimum re:uirements
prescribed ha%e been met# A!ter the initial appro%al the ban"s )ill be oblied to
in!orm R+I an' material chanes in the ser%ices = products o!!ered b' them#
b# The uidelines issued b' R+I on /Ris"s and 5ontrols in 5omputers and
Telecommunications %ide circular D+S#5.#IT5#+5# @0= C@#0F#00@= F7&FA dated Hth
-ebruar' @FFA )ill e:uall' appl' to Mobile ban"in# The R+I as super%isor )ill
co%er the entire ris"s associated )ith electronic ban"in as a part o! its reular
inspections o! ban"s#
c# +an"s should de%elop outsourcin uidelines to manae ris"s arisin out
o! third part' ser%ice pro%iders, such as, disruption in ser%ice, de!ecti%e ser%ices and
personnel o! ser%ice pro%iders ainin intimate "no)lede o! ban"s s'stems and
misutili8in the same, etc#, e!!ecti%el'#
d# It )ill become important to set up /Inter&ban" ,a'ment $ate)a's !or
settlement o! such transactions# The protocol !or transactions bet)een the customer,
the ban" and the portal and the !rame)or" !or settin up o! pa'ment ate)a's as
recommended b' the $roup should be adopted !ro Mobile +an"in
e# .nl' institutions )ho are members o! the che:ue clearin s'stem in the
countr' )ill be permitted to participate in Inter&ban" pa'ment ate)a's !or Internet
pa'ment# 7ach ate)a' must nominate a ban" as the clearin ban" to settle all
transactions# ,a'ments e!!ected usin credit cards, pa'ments arisin out o! cross
border e&commerce transactions and all intra&ban" pa'ments (i#e#, transactions
in%ol%in onl' one ban") should be e1cluded !or settlement throuh an inter&ban"
pa'ment ate)a'#
!# Inter&ban" pa'ment ate)a's must ha%e capabilities !or both net and
ross settlement# All settlement should be intra&da' and as !ar as possible, in real
time#
# +ilateral contracts bet)een the pa'ee and pa'ees ban", the participatin
ban"s and ser%ice pro%ider and the ban"s themsel%es )ill !orm the leal basis !or
such transactions# The rihts and obliations o! each part' must be clearl' de!ined
and should be %alid in a court o! la)#
h# +an"s must ma"e mandator' disclosures o! ris"s, responsibilities and
liabilities o! the customers in doin business throuh Mobile, throuh a disclosure
template#The ban"s should also pro%ide their latest published !inancial results o%er
the net#
'egulator! 'oles and 'es&onsibilities of takeholders
'ole of Banks
An' mone' e1chane i#e# ,a'ments, ,2,, remittance, etc ; should be e1ecuted
throuh +an"in instruments D In!rastructure#
This is to ensure compliance )ith all !inancial controls and reulation# ,a'ments
can be made b' the !ollo)in
a# Sa%ins +an" Account=Debit 5ard
b# 5redit 5ard Account
c# ,re&paid 5ards
d# ?irtual 5ards (5redit D Debit 5ards)
+an"s role should be o! pro%idin normal transactional ser%ices to customers
usin the !ull rane o! ser%ices includin 5ash, Sa%ins account, 5redit 5ard,
Debit 5ard and ,repaid 5ards ser%ices#
Transactions should be maintained )ithin the ban"in net)or" and all the
sta"eholders in transaction processin and should be sub2ect to e:ual le%el o!
scrutin' and reulation as are other ban" accounts#
Transaction settlement should ride on the e1istin in!rastructure !or e!!icient
settlement and pa'ment s'stems#
a# Intra +an" & Transactions in%ol%in +an" A=c to +an" A=c !unds Trans!er
should be real time or near real time transactions
b# Inter +an" & Transactions in%ol%in +an" A=c to +an" A=c !unds Trans!er
should ride on the 6-S or other e1istin s)itches a%ailable !or inter&+an"
transactions#
c# Intra +an" ; Transactions in%ol%in 5ard A=c ( includin 5redit D Debit
5ards) to Merchant= recipient account should ride on the e1istin
settlement D pa'ment s'stems a%ailable )ith +an"s#
d# Inter +an" ; Transactions in%ol%in 5ard A=c ( includin 5redit D Debit
5ards) to Merchant= recipient account should ride on either on India
S)itch , ?ISA, Master5ard or an' other a%ailable s)itchin
in!rastructure#
The ban" should ta"e responsibilit' !or audit, !raud manaement, account securit'
etc# under its normal ban"in license# +an"s should ensure that the ser%ice
operates entirel' )ithin the R+I !rame)or"#
+an"s should be responsible !or ensurin the identit' o! the sender and the
recei%er o! !unds# +an"s can desin the process o! %eri!ication o! sender and
recei%er as per the e1istin uidelines# In case )here the e1istin process o! E*5
compliance cannot be met, ne) methods o! %eri!ication such as mobile based ,I6
%eri!ication and transaction limit !i1ation can be considered
In case o! m&)allet propositions the pooled !unds should be held )ith a ban" so
that s'stemic ris" o! de!aults is minimi8ed#
+an"s ma' end up pla'in a limited role in ,2, and cash to cash pa'ments other
than settler o! !unds %ia the pooled account# This should be permissible sub2ect to
transaction limits etc#
'ole of Telco
Telcos should pro%ide the E*5 and customer histor' !or +an"s to o!!er the
ser%ices to the customer and !ull responsibilit' !or !raud manaement at their
outlet as per TRAI uidelines#
In order to ensure Mobile ,a'ments reaches the critical customer mass, E*5
documents re:uired to o!!er !inancial products should be made similar to Telcos
E*5 uidelines#
Distribution net)or" o! Telcos should be used to pro%ide the ser%ices o! Mobile
,a'ments to ma1imum possible locations across the countr'#
71ternal lo)&cost hostin at Telco should be e1plored ; +an"s )ill not ha%e to
rein%ent the technolo' plat!orm D billin s'stems !or such an o!!erin#
,olicies enablin audit and o%ernance o! such a model to be !ramed#
Settin up o! in!rastructure !or underta"in Domestic Mone' Remittances alon
)ith +an"s# Domestic Mone' Remittances usin both Telcos dealer net)or"
and +an"s -inancial in!rastructure should piloted alon )ith controls on
transaction limit and !re:uenc'# ,ilot should test the !easibilit' runnin such a
model !or domestic mone' remittances#
'ole of Third &art! &a!ment &rocessors
71ternal lo)&cost hostin at Third part' pa'ment processors should be
encouraed to ha%e a trul' cross&ban" , cross&carrier pa'ment s'stem #
,olicies enablin audit and o%ernance o! such a model to be !ramed includin a
centrali8ed settlement mechanism
Third part' processors should ha%e the responsibilit' o! -raud manaement and
should ha%e s'stems and process in place to chec" and control !rauds#
'egulator! +ramework suggested for Mobile Pa!ments
,a'ment Account to be used !or Mobile ,a'ments e## 5redit card account, Sa%ins +an"
Account, %irtual account, ,re&paid account should be similar e1istin 5redit card , Debit
5ard = ban" account issuance !rame)or"#
0hile )e can use inno%ati%e mechanisms to enable pa'ments throuh mobile phones,
!ollo)in should be ta"en into considerations
R+Is $uidelines and policies on E*5
R+Is $uidelines and policies on AM<
-inancial settlement bet)een the %arious entities should be underta"en as per the
e1istin $uidelines and processes#
The messain s'stem bet)een Application and +an" needs to be reulated and
standardi8ed to ensure standard transaction processes and settlement s'stems#
$uidelines need to be e%ol%ed to ensure complete interoperabilit' o! bet)een all
the sta"eholders o! mobile pa'ments# This )ill lead to the ro)th o! ecos'stem
and )ill bene!it all the sta"eholders#
$uidelines need to be e%ol%ed !or allo)in domestic mone' remittances b' 5ash
In and 5ash .ut at Telco .utlets includin usae o! Telcos E*5 and adherence
o! AM< uidelines#
Telcos role should include pro%idin plat!orm to initiate transactions and carr' the
messaes to the ban"s s'stems
'egulator! &olicies and standards
Ser%ice pro%iders, Telcos should ha%e the independence to de%elop and launch
customi8ed applications tareted to)ards their customer base ho)e%er messain s'stem
bet)een application and +an"s needs to be reulated# This )ill lead to standardi8ation o!
the transaction processes and settlement s'stems# These should include
Instruction !ormats !or all mobile initiated pa'ments, remittances and ban"in
Instruction !ormats !or all mobile initiated pa'ments, remittances and ban"in
Securit' standards !or instructions, inter!aces, data storae and transactions
Technolo' standards and uidelines !or %arious modes o! data trans!er li"e SMS,
$,RS etc#
Anti Mone' <aunderin control !or Telcos especiall' !or proposed ser%ices li"e deposits
bein accepted and held b' Telcos !or -unds Trans!er and remittances# 0hile Telcos
pro%ide an opportunit' to reach out to the unban"ed and underban"ed population o! the
countr', proper reulator' control should be established to ensure con!ormation to E*5
and AM< uidelines# The Telcos o!!erin these ser%ices should !ollo) ban"&appro%ed
processes that !ul!ill the reulator' re:uirements )hile per!ormin such transactions# The
+an" ma' appoint pa'out aents such as the ,ost .!!ice, other -Is, selecti%e merchants
etc
Sin up !or ser%ice4 71istin or ne) customer4 +an" controlled throuh reulated
E*5
Transaction4 ,I6 based transactions in terms o! domestic trans!ers#
Anti Mone' <aunderin4 monitorin carried out b' the +an"
Transactions monitorin controlled at the ban"in end
Aent appointment responsibilit' )ith the ban"