Staff College, Bengaluru

Disclaimer: This is purely a voluntary effort for dissemination of knowledge and enabling people to
prepare for promotion test. Best efforts have been put to provide the accurate and updated
information. However, the users are requested to refer relevant circulars and policies of our Bank
for further clarity –

Information Technology Security

Objectives-
 Knowledge about Information Technology Security
 Good IT Security habits
 Tips on how to create a strong password?
 Various IT Security terms and their meaning
 Updating the antivirus software on your desktops at branch/ office
 Networking Topology of our Bank
 Various types of networks
 Components of networks at branches/ offices
 Basic trouble shooting of network related issues

Information Technology Security (IT Security)

Computer security is security applied to computing devices such

as computers and smart phones, as well as computer networks such as private and
public networks, including the whole Internet. The field includes all the processes
and mechanisms by which digital equipment, information and services are protected
from unintended or unauthorized access, change or destruction and is of growing
importance due to the increasing reliance of computer systems in most societies. It
includes physical security to prevent theft of equipment and information security to
protect the data on that equipment. It is sometimes referred to as "cyber security"
or "IT security". Those terms generally do not refer to physical security, but a
common belief among computer security experts is that a physical security breach
is one of the worst kinds of security breaches as it generally allows full access to
both data and equipment.

Cyber security is the process of applying security measures to ensure

confidentiality, integrity, and availability of data. Cyber security attempts to assure
the protection of assets, which includes data, desktops, servers, buildings, and most
importantly, humans. The goal of cyber security is to protect data both in transit
and at rest. Countermeasures can be put in place in order to increase the security
of data. Some of these measures include, but are not limited to, access control,
awareness training, audit and accountability, risk assessment, penetration testing,
vulnerability management, and security assessment and authorization.

Good Internet Habits

Internet is becoming a part and parcel of everyone’s life and the usage is increasing
day by day. May it be for searching certain links and information, or for sending
simple mails or for any critical applications such as fund transfer. What most of the
internet users are not aware of is the threat attached to usage of internet in such
kind of information transfer. Some good internet habits that you must internalize
are:

 Exercise restraint in the amount of personal information you upload on the

web to minimise misuse.

 Always check whether a web address begins with ‘http’ or ‘https’ before
executing any transaction. ‘Https’ means a site is secure and the data you key
in travels to the final destination in an encrypted form. Also ensure there is a
lock symbol at the bottom of the browser only then key in your user name.
 Ideally, delete all emails from an unknown source. If opening one out of
curiosity, never give personal data. Banks, for one, never ask for such
information as they already have it.
  Do not shop at an unknown shopping site even if it offers a dream deal. If still
tempted, Google the site’s security performance and whether there were any
hacking attempts on it.
 Never leave receipts at ATMs, in trash cans, or at unattended petrol pumps.
Destroy all such paperwork you no longer need.
Forming a Strong Password
There are different rules and yardsticks to check the strength of passwords. Each
website has its own algorithm for checking the strength. However, it is generally
accepted that a strong password should contain both alphanumeric and special
characters with one capital and one small letter. The favored method of today is to
create a sentence stating something that is known only to you or a universal fact not
necessarily related to you and then turns into a password using simple algorithm. A
condition that it should contain a year or a month or both will help.

A simple algorithm like the sample one below can be formulated after selecting the
statement:
Start with the first word and pick-up one letter from each word in the order-first,
last, first, last and so on. Further, let all first letters be in lower case and last ones
in upper case.
Month, if used in the sentence, should be converted to its numerical equivalent in
two digits prefixing zero if required.
Year, if used in the sentence, should be taken without the century part so it has only
two digits.
The two numbers should be used in the place where they appear. However for the
second digit we shall take its upper case.

Based on the algorithm, password formed from some phrases can be chosen by a
person will be as follows:
Sentence Derived Password

July too sultry for liking 0&tYfG

Father gifted watch June 63 fDw0^6#

1950 year of Indian Republic 5)yFiC

Festival season begins in October fNbN1)

This method resolves the dilemma of having a password that is easy to remember
and yet difficult to be guessed. For changing your password from time to time you
may not only change the base sentence but also modify the algorithm. Please do not
to use the given example as passwords since it is already known to public.

It is highly recommended never enable the system to remember your

password/passwords.

Information Security Terms & Their Meanings

S. Term Meaning
No.
1 CAPTCHA The acronym stands for “Completely Automated Public
Turing Test to tell Computers and Humans Apart”. The
website asks you to type a text displayed on the screen.
The text is usually a combination of alphanumeric
characters, in varying shapes and sizes.

2 Authentication Authentication is the process of determining whether

someone or something is, in fact, who or what it is
declared to be. In private and public computer networks
(including the Internet), authentication is commonly done
through the use of logon passwords. Knowledge of the
password is assumed to guarantee that the user is
authentic. Each user registers initially (or is registered by
someone else), using an assigned or self-declared
 password. On each subsequent use, the user must know
and use the previously declared password.

Internet business and many other transactions require a

more stringent authentication process. The use of digital
certificates issued and verified by a Certificate Authority
(CA) as part of a public key infrastructure or introducing
a second factor (hardware/software token) for
authentication is considered likely to become the standard
way to perform authentication on the Internet.

3 Exploit In computing, an exploit is an attack on a computer

system, especially one that takes advantage of a
particular vulnerability that the system offers to
intruders. Used as a verb, the term refers to the act of
successfully making such an attack.

4 Backdoor A back door is a means of access to a computer program

that by passes security mechanisms. A programmer may
sometimes install a back door so that the program can be
accessed for troubleshooting or other purposes. However,
attackers often use back doors that they detect or install
themselves, as part of an exploit. Whether installed as an
administrative tool or a means of attack, a back door is a
security risk, because there are always crackers out there
looking for any vulnerability to exploit.

5 Browser A browser hijacker (sometimes called hijack ware) is a

Hijacker type of malware program that alters your computer's
browser settings so that you are redirected to Web sites
that you had no intention of visiting. Poorly coded browser
 hijackers which, unsurprisingly, are common may also slow
your computer down and cause browser crashes.

6 Phishing Phishing is the attempt to acquire sensitive

information such as usernames, passwords, and credit
card details (and sometimes indirectly money) by
masquerading as a trustworthy entity in an electronic
communication. Communications purporting to be from
popular social web sites, auction sites, banks, online
payment processors or IT administrators are commonly
used to lure unsuspecting public.

7 Vishing "Vishing" or "Voice Phishing” is the act of leveraging a new

technology called Voice over Internet Protocol (VoIP) in
using the telephone system to falsely claim to be a
legitimate enterprise in an attempt to scam users into
disclosing personal information. Government, financial
institutions, as well as online auctions and their payment
services, can be targets of Voice Phishing.

Using Antivirus Software in Office

Our Bank is using the Symantec antivirus software on the desktops and laptops
provided for official purposes.

What is CBS?

Core Banking Solution (CBS) is networking of branches, which enables Customers to

operate their accounts, and avail banking services from any branch of the Bank on
CBS network, regardless of where he maintains his account. The customer is no more
the customer of a Branch. He becomes the Bank’s Customer. Thus CBS is a step
towards enhancing customer convenience through anywhere and anytime banking.
CORE expands to "Centralized Online Real time Environment". This means that all
bank's branches access data from centralized datacenter in real time. Normal Core
banking functions will include deposit accounts, loans and advances, payments and
settlements. These services are available through multiple channels like ATMs,
Internet Banking and Branches.

Why CBS?
 Core Banking enables the Bank to improve operations, reduce costs, increase
efficiency and permits integration with various other technologies existing or
new for better service and business besides providing accurate MIS at any
given point of time.
 CBS helps the bank to enable alternate delivery channels for the customers
such as e banking, ATM, mobile banking, etc.
 In addition to the above the benefits to the customer include cash withdrawal
and deposits from any branch, 24x7 transactions, RTGS /NEFT etc.
 The transactions made by a customer are reflected immediately on the banks
servers and the customer can do transactions like withdrawal of deposited
money from any of the bank's branches and other channels like ATMs
throughout the world.

Some facts about our Bank’s CBS

 Bank has implemented Finacle as our CBS solution.

 Finacle stands for “Financial Oracle". Finacle is purchased from Infosys and
first implemented in the year 2003. Oracle database is used for storage of
data.
 We were the first Public Sector bank to Complete 100% CBS on 16 th March
2008.
 Bank has implemented two factor authentications for Finacle wherein login is
provided on the basis of Biometric authentication followed by User id and
 password. This prevents sharing of password one of the major causes of
frauds.
 The place where the Data is stored is called the Data Center. The bank’s
primary Data centre is located at Powai, Mumbai and is being managed by a
team of IBM and our Bank People. The disaster recovery site is in Bangalore.
 All the branches including our foreign branches, Representative Offices, all
the Regional offices, Central office are under CBS.

OVERVIEW OF FINACLE 10

NEW FEATURES IN FIN 10 :-

 CRM
 SVS
 Core Server
 Change credential
 GBM

CRM (CUSTOMER RELATIONSHIP MANAGEMENT)

Customer Information File where all the information about the customer is stored.
It is maintained at a common CIF database in Customer Relationship Management
module and linkage is provided to all the required back end systems.

CUSTOMERS are now classified in two types –

1. CIF Retail

2. CIF Corporate

Signature Verification System

SVS module introduces you to operations related to the signature capture and
management in Finacle.
Core Server

This is where all operations related to transactions, reports and inquiries are done.

Change Credentials

All the login related validations happen in SSO.

Single Sign on (SSO) framework enables application users of Finacle suite of

products (Finacle Core and CRM) to log in once and get authenticated to each
application for which the user has the valid user id and access permissions.

GBM (Government Business Module)

GBM module deals with various government businesses like Public Provident Fund,
Sukanya Samriddhi Yojana, Central Board of Direct Taxes, Atal Pension Yojana,
Senior Citizen Saving Scheme, Kisan Vikas Patra, RBI Bond and CPPC Pension.

Enhancements in Fin 10

• Self termination of user session (SAC)

• Interchangeability between different module without Log off

• Partial Charge recovery facility is also available

• Control Referral facility will be available

• Effective MIS

• Channel level charge facilities will be available

• Interest Proofing – Interest charged details account wise is stored in Finacle

• Effective control on Finacle menus as per user delegation by dividing existing

menus into many

• Denomination facility when withdrawing and depositing cash

• Auto lien marking in operative account

• Multi source repayment or multi loan account repayment

 a) Customer Identification Number
b) Account Type Identification
c) None of these

Online Savings Account Opening Process:-

Using this facility a prospective customer can apply for SB Account opening
Online.

 The prospect willing to open an SB account will visit our Bank's website and click
the link "Apply On-line" and choose "Savings Account".
 Customer will his personal information like Name, DOB, Mobile number etc
and select the branch where he/she wishes to open his/her account.
 An authentication code is sent to the given mobile number of the customer.
After authentication, the screen containing address and other details will pop
up.
 The customer needs to feed his/her communication/permanent address details,
income details, Nominee details, KYC document details.
 After submission, a screen will pop up showing a unique reference number, the
selected branch address and with a request to visit the selected branch with
KYC documents and photo.
 The reference number is also sent to the mobile number of the customer and an
acknowledgement is also sent by e-mail.
 Customer need to visit his/her selected branch and show the reference number
to the branch official.
 Branch has to collect completely filled account opening form along with KYC
documents.
 Now the branch will log in to Finacle and use menu "OLACOPN" to open the account.
 In case the menu "OLACOPN" is run by clerical id, then it will ask for
verification by an officer id. If run by an officer id, it gets verified
automatically.
U Control

U Control is an application for credit card holders which help card holders to manage
the credit card usage. Credit card holder can simply download the U-Control
application from the App store and register using credit card number.

The basic facilities provided to the credit card holders through the App are as
under:

 Temporary Activation/ Deactivation the card

 Set Bill Cycle limit
 Set Per Transaction Limit
 Enable / Disable Payment Channels (POS, ATM and e-Commerce)
 Enable / Disable International transactions for All countries or Specific
Countries)
 Card Hot listing
 Merchant Blacklisting
 Check the transaction history (Up to last 10 transactions)
 Spend Analyzer and History
 Credit Card Account Summary
The above U-Control features allow cardholder to make these changes instantly
using his/her phone on a 24/7 basis. Apart from controlling usage, the cardholder
can also receive transaction alerts for payments made through the cards registered
on the App. The U-Control application can also be used as a USP for our credit card
as no additional charges to the card holder is associated with this application.

Mobile Banking
Mobile banking is a service offered by bank to its customers that allows to access
to account information and do financial transactions using mobile phone.

Our bank offers following channels to customers for Mobile Banking

• Mobile Banking Application

• SMS (Short Messaging Service)
• NUUP Platform
Mobile Banking Application (UMobile):Bank’s mobile banking application is known as
“UMobile” which is a milestone in the banking field. UMobile provides the customers
a secure and convenient means of banking from anywhere anytime.

Registration

Customer can register for Umobile though any of the following channel

1) Any Union Bank ATM

2) Through Branch. (Branch can use MOBREG menu in Finacle)
3) Directly through the application
Our Application is available in Play store, iTune Store

Activation:

When the app is launched, it will prompt the user to send a SMS. After verification
of mobile number, if the customer is already registered then it will prompt for
creation of login pin. If the customer is not registered for mobile banking then it will
ask for fresh registration details using debit card details / Internet Banking Details.

If the mobile number is not registered with Union Bank then the application prompts
for using BHIM Union Bank UPI or Open an account through

De- Registration:

• Customer can de-register UMobile Service at bank’s ATM.

• Customer can also deregister through the UMobile App
Types of Mobile Banking offered by the Bank:

 SMS Based - To cater to needs of customers with basic phones or featured

phones
 Application Based U Mobile

Transaction Limits (for both fund transfer and purchase of goods):

 Application Based SMS Based

  Rs.2,00,000/ day Rs.5000/day
UMobile is a secure application which takes care of end-to-end encryption of data in
transit to offer banking information and transactions.

Customer is forced to change the mPin sent to him at the time of registration.

Union e-Cash:

Union e-cash is remittance services which help customers to send money to

recipients who are not our bank’s customer. Anyone having a debit card or credit

card can receive money and draw it from Union Bank ATMs. The Solution enables

remittance of money based on mobile number.

The facility of remittance is available in all Union bank ATMs, Mobile banking,

Internet Banking. Cash can be withdrawn from Union Bank’s ATM only.

 Daily limit : Rs 5000

 Monthly is Rs: 25000

 Minimum Union e-cash remittance : Rs.100

 No partial withdrawal permitted.

 The money not withdrawn is refunded automatically after 7 days.

SMS/Missed call - Value Added Services:

Block ATM card though SMS: 09223008486

 UBLOCK<space>Last four digit of Debit card Number

Balance Enquiry through SMS: 09223008486

  UBAL<space>Account Number

Mini Statement through SMS: 09223008486

 UMNS<space>Account Number

Nearest Branch Locator: 09223008486

UBRANCH<space>Pin code<space>Location

Nearest ATM Locator: 09223008486

 UATM<space>Pin code<space>Location

Aadhaar Number seeding: 09223008486

 UID<space>Account Number<space>Aadhaar Number

Missed call for Balance Inquiry: 09223008586

ATM

 ATM facilitates own Bank and other Bank cardholders to a great extent and
provides any time banking including non-cash transactions such as balance enquiry,
mini-statement etc., beyond business hours
 Offsite ATM is considered as an extended arm of the branch and attracts not
only customers but also non-customers. Off-site ATMs at vantage points enhance
visibility for the bank. It also provides convenience to our customers residing far
off from the branch
 ATM screens can be utilized for publicity by displaying retail products which will
help cross selling and customer education/awareness
Types of ATM
 On Site ATM is the one installed in the branch premises or within a distance of
500 meters of the branch
 Off-site ATM is the one installed / located at a place other than its
branches/offices and extension counters beyond 500 meters with a separate
network.
 Mobile ATM machine is meant to be moved from location to location. These are
self-contained units that do not need building or enclosure
 ATM set up, owned & operated by non-banks are called White Label ATMs (WLA).
Bank’s role in WLA setup is restricted to being sponsor bank, or being cash
sourcing bank
Facilities provided by ATM

Following facilities are provided through ATMs:

1. Cash Deposit/Withdrawals.
2. Green PIN generation and Personal Identification Number (PIN) change.
3. Requisition for cheque book.
4. Mini Statement of accounts
5. Balance enquiry of accounts
6. Interbank fund transfer – Transfer of funds through IMPS and MMID
7. Utility payments like Mobile recharge, Telephone bill etc.
8. Product Information of retail products and display of educative creative’s
9. Aadhaar seeding in accounts
10. Fund transfer to mobile numbers using E-Cash option
11. Card to Card transfer
12. PMJDY - Overdraft application through ATM
13. Lead generation of retail loans and SB account
Economics

 Bank earns revenue if Card Holder of other bank uses our ATM
 To make the ATM economically viable endeavor should be to generate 100 plus
hits per day within 6 months of installation
ATM and Site Maintenance:

 Capex Model (Bank owned) ATMs will be maintained by the Managed Services
Vendors (MS vendors) and Opex model (owned by vendor) ATMs will be maintained
by the respective vendors
 ATM site has to be maintained neat, tidy and properly illuminated. Monitoring of
ATMs, upkeep of sites is the primarily responsibility of the link branch and
Regional Office
 ATMs should be adequately insured for comprehensive risk by Regional Office
Cash Replenishment

 ATMs at Onsite locations, Cash replenishment will be done by the respective

branch custodians and FLM will be done by MS vendor & branch custodian
 Cash at off-site ATM will be replenished by outsourcing agencies as per type of
ATM
 Currency chest / Branch should ensure only ATM fit notes are replenished in ATM
Role & Responsibility for Cash Reconciliation

 ATM’s where cash is being replenished by Bank officials, custodians of the branch
will be responsible for reconciliation
 In case of ATMs outsourced for cash replenishment services, service provider
will be responsible for reconciliation of physical cash and balance in Cash at ATM
account
 Branch custodian has to verify the physical cash with the balance in Cash at ATM
account in Finacle at least once a month in ATMs outsourced for cash
replenishment services.
 ATMs deployed under DFS model, Digital banking department will be responsible
for reconciliation of physical cash and balance in Cash at ATM account
Security at ATMs

 Code of combination lock will be kept secret with two custodians each custodian will
have only one half and will enter it secretly. Also the code should be changed once
in 6 months
 Taking into consideration the practical utilization of an ATM (hits during night
hours) and costs for providing security guards, banks may restrict the number of
hours for which any ATM would be made available to the public.
 All Security devices like CCTV / DVSS, Alarm etc should be wo

Bharat Bill Payment System

The Bharat Bill Payment System (BBPS) is a RBI mandated system which offers
integrated and interoperable bill payment services to customers across geographies
with certainty, reliability and safety of transactions.

It offers bill payment services to customers through network of agents or online,

allowing
multiple payment modes and provides instant confirmation. It will facilitate a less
cash
society through migration of bill payments from cash to electronic channel

It will provide interoperability so that consumers can pay the bills of any biller at a
single point and facilitate payments via multiple modes i.e. Cash, Debit Cards, Credit
Cards, Prepaid payment instruments including wallets and other electronic payment
options such as Net banking, IMPS, NEFT, etc.

The BBPS outlets could include bank branches, business correspondents, Customer
Service Points, retail agents of aggregators, ATMs, Kiosks, etc.

Any customer will be able to pay bills of the billers enrolled in the BBPS system at
any BBPS outlet.

Services under BBPS

 New

New
Benefits to Customer
Features
1. Convenience, Time saving, Uniform experience and flexibility of payment channels

2. Reliable service with high degree of trust and security

3. Transparent pricing with instant payment confirmation

4. Unified Grievance Handling

Benefits to Biller

1. Improved liquidity position due to faster settlements

2. Low entry barriers for small billers or ones confined to small geographies

3. Billers will have plug and play connection options with flexibility (only 2 standard
APIs)

4. Lower Capital Expenditure and Operational expenditure due to reduced and

efficient connections

Architecture of BBPS
BBPCU - Bharat Bill Payment Central Unit (BBPCU) will be the single authorized
entity operating the BBPS.

BBPOU - Bharat Bill Payment Operating Units will be the authorized operational
units. This can be Bank or Non Bank Entities

BBPS Transaction Flow

Union Bank of India customers can access BBPS either through their Internet
banking Logins or through Mobile Banking app.

BHARAT QR
Features of Bharat QR

 Simple method of receiving payments from consumer against sale of goods/

services
 Person to Merchant (P2M) mobile payment solution.
 Consumers can just scan QR code& pay through
 Debit card (Bank’s Mobile App)
 UPI/ BHIM
 Consumers need not present debit card at the time of payment

Procedure on Bharat QR 4.0 Merchant On-boarding (IC 01250 dated 02.07.2018)

In order to avail Bharat QR 4.0 facility, a merchant has to submit an application to

the branch as per Bank's format. The application format is enclosed as Annexure
"A" in IC 1250 dt 02.07.2018

Bharat QR 4.0 facility can be availed by Individual/Proprietor/Corporate customers.

Merchants having Overdraft or Cash Credit accounts are also eligible. Under Bharat
QR 4.0, multiple Terminal IDs (TIDs) can be assigned to a single merchant under
single Merchant ID (MID) with facility of receiving separate statements by the
merchant for each individual TID. An agreement must be executed by the merchant
acknowledging the terms and conditions of the product usage. Both the application
and the agreement must be kept safely by the branch for future reference.

Branches shall forward the Bharat QR 4.0 lead as per the enclosed excel format as
Annexure "B" in IC 1250 dt. 02.07.2018 to pgpos@unionbankofindia.com for further
processing along with KYC documents of the merchant. Initially, a copy of KYC
documents may be shared over the e-mail till the time alternate process is set up
for forwarding the KYC documents. The leads once received at Central Office, are
subjected to risk assessment by the vendor. Based on the assessment results the
application may either be approved/ rejected. Once the merchant is approved, the
merchant will be on boarded for Bharat QR 4.0.Once the leads are approved, the
merchant shall receive an SMS with a link to download Bharat QR 4.0 mobile
application on his/her mobile.

Simultaneously, a printed poster containing a unique QR code for the merchant shall
also be dispatched to the merchant's given address. The on boarded merchant will
be allotted Merchant ID (MID), Terminal ID (TID) and UPI-VPA (Virtual Payment
Address). These details will be available on printed poster along with Merchant
Helpdesk contact number for resolving issues faced by the merchant. Procedure of
usage by the merchant. Once the app is downloaded, the merchant clicks on the
mobile app and a screen appears in which the merchant can then login using his/her
credentials. After successful Login, the merchant visits the screen displaying the
virtual payment address of the merchant. The home page of the merchant’s Bharat
QR app is having multiple options.

Payments

Consumer has to simply scan the merchant QR through

 UPI
 Debit card (Bank’s Mobile App)

Static QR: Consumer scans the QR code and enters the amount manually (same QR
code for a merchant)

Dynamic QR: QR code gets generated with service amount. Consumer just scans and
submit for payment. (Different QR code generated by Bharat QR App for each
transaction)

Settlement of transaction to merchant account

The settlement of transactions to merchant account will be done on T+1 working day
or as per agreement with the merchant, where “T” denotes the date of transaction
Charges for Merchant:

One time cost of Rs 150/- per TID

Recurring charge of Rs 30/- per TID per month

Small Merchants Other Merchants

(Annual Turnover up to Rs 20 (Annual Turnover more than Rs

lakhs in last FY) 20 lakhs in last FY)

MDR Not exceeding 0.30% (Max. Not exceeding 0.80% (Max. cap
Charges cap Rs200/-) + GST Rs1000/-) + GST

BHIM Aadhaar
Government of India has launched the BHIM-Aadhaar Payment mobile application
that merchants can use to receive payments from their customers who have Aadhaar
linked bank accounts.

BHIM Aadhaar pay is a combination of software and hardware devices, which allows
Merchants to accept payment of goods and services from their customers through
Aadhaar based Biometric authentication.

Requirements for BHIM Aadhaar Enrollment Process

 Merchant should have smart mobile phone having OS android 5.0 or above

 KYC compliance of current account with branch.

 The individual’s / proprietor’s bank account should have the individual’s /

proprietor’s Aadhaar number.

 Customer should have bank account seeded with his/her Aadhaar number.
  Need to invoke the app for registration under “sign-up”

BHIM Aadhaar Merchant Registration

Merchant first needs to download our bank’s app “BHIM Aadhaar-Union Bank” from
Play Store. The merchant need to register using SIGN UP option. All required details
need to be filled e.g. Aadhaar No., Account No., Mobile No, Address, GSTIN, PAN,
Address, branch, User ID and Password. After filling the information, the
application can be submitted using REGISTER.

After registration, Merchant will receive "Sign up Success” and return to "Merchant
Sign In" page.

Verification of application at Branch

The branch will then obtain filled Application form, Aadhaar Pay Agreement duly
signed by the merchant & other documents and will keep them safely for future
reference.(Formats available in Instruction Circular 1068-2018 Dated 03-Jan-
18).After getting the required documents branch will open iPAY portal

Branch has to login to the URL http://10.0.224.149:9894/ipay/do/login

Login ID- sol id
Password - given by concerned CMC

The merchant details can be fetched using any of the available criteria.

Merchant approval

Click on the "Change" button at the bottom of the page, then enter Device Type
(change device type to “FPMAN” for Mantra biometric devices), Device serial
Number and Select the Merchant Status as "Assign Device and Approve". Click on
the "Submit" button.

Application will display the Confirmation message. After verification, merchant will
login to the app.
BHIM Aadhaar - Union Bank application BIOMETRIC SIGN IN for Merchant

Merchant can login with User ID or Email or Mobile in BHIM Aadhaar – Union Bank
App.

Application will display the PoP Up error message as “Fetch Merchant Details failed”

Click on "YES" button in the Pop Up error message to enable the device for Auth
2.0, then Device Update for Auth 2.0 page will appear

Now it will redirect to Play Store. For Mantra Services install – Mantra Management
Client and Mantra RD Service.

Transactions and Report

After installation and registration is complete for the merchant , he can login using
either Biometric Sign in or User ID and password.

Once the Merchant is successfully logged in, the following options will be displayed:

 Aadhaar Pay

 Transaction Report

 Log Out

Enter the valid credentials on Aadhaar Pay Screen

Transaction using Aadhaar Pay

Merchant has to go to Aadhaar Pay option. He has to either scan the QR or enter
the Aadhaar number of the customer.

Transaction can be initiated by a customer using valid Aadhaar number. The

merchant has to select the customer's bank, customer's mobile number and amount
of payment due from the customer. Then Click on 'Submit' button.
Click on “I Agree” against the consent message, "I hereby voluntarily give consent
to use my Aadhaar to Authenticate me from UIDAI" and then click on 'Proceed'
button. After pressing proceed, light of biometric will glow.

Capture the customer's finger print on the biometric device attached to the mobile
device. Upon successful authentication of biometrics from UIDAI, "Transaction
Summary" receipt will be displayed on the screen with status as “Success” else error
will be shown.

After a successful transaction, customer's transaction details are displayed

Click on "OK" button to proceed for another transaction.

Click on "Back" button to exit from the "Aadhaar Pay" screen.

Transaction Report

This option will provide the complete transaction details carried out for this
particular Merchant.

Click on "YES" button to logout from BHIM Aadhaar – Union Bank application

Report Issue

Click on Help icon to view the "Report issue" icon

'Report Issue' icon is meant to send log reports if any issue is faced while using the
application.

Transaction Limit & Settlement

 Limit on value of transaction: The maximum amount per transaction per day is
Rs. 10,000/-

 Limit on number of transaction: The maximum number of transaction per

consumer is 3 per day.
  A customer can avail either the limit of maximum amount of Rs. 10,000/-
or maximum three transactions whichever is earlier in a day.

Settlement is done on Real time basis and merchant account gets credited
immediately.

Call Centre

A centralized office used for handling large volume of requests by telephone. Call
center is operated by an institute to administer incoming product support or
information enquiries from consumers.

Call Center is basically constituted to enable the bank to keep the lines of
communication open throughout the year for retaining existing and on boarding new
& prospective customers. Our Bank has, through the Call Centre facility, introduced
another channel for availing uninterrupted 24x7x365 banking service. Now the Bank
is just a call away for both customers and general public for availing various services
and knowing about our products and services.

The Call Centre also handles queries, service requests and complaints. Call Centre
facility is available in two modes viz. Interactive Voice Response (IVR) and human
interface, by getting connected to the Call Centre Executive. The IVR will provide
certain banking services e.g. Account Information, Current Balance, last five
transactions etc to those customers who have registered with a PIN, without
requiring them to speak to an agent. The IVR also facilitates the customer in hot
listing their debit cards, seeding their AADHAAR number, Stop payment of cheque
etc. without speaking to the customer care executive. Caller has the choice to switch
to an agent for any information on Banks products and services, for placing any
service requests or to lodge any complaint, at any point of time, even while using IVR
services. Call centre services are available in 11 languages i.e. 9 regional languages
apart from Hindi & English.
 The services offered at the Call Centre are broadly classified into the
following categories
 Banking Services – Account related information, retail products and process
related information, generation of phone banking PIN etc.
 Debit Card Services – Reporting and hot-listing of Debit card, blocking the card
using IVR, lodge complaints on various failed transactions like ATM, POS etc. and
generations of green PIN
 Internet Banking Services- Registration, Self User Creation, Forgot-Reset of
Passwords, Basic trouble shooting in Internet banking application, Enable and
Disable Login and 2FA authentication issues.
 Mobile and SMS Banking Services- Mobile Banking registration, installation of
Mobile application, Mobile Banking Deregistration requests, SMS Banking
registration and deregistration requests etc.
 Out-bound Calling – Tabulous Banking lead generation, undertake surveys and
obtain feedback on products and services and run promotional campaigns.

 The Call Centre has an Interactive Voice Response system through which many
of the services are available .The IVR services can be availed by dialling any of
the Toll-free and Chargeable numbers.
 In order to give more leverage to existing and prospective customers, The Bank
has introduced a host of new services through IVR. The list of such services is
as under -

 Request for PMSBY

 Request for PMJJBY
 Request for APY
 Request Senior Citizen Scheme
 Request for Sukanya Samriddhi Scheme
 Request for NPS
 Request for PPF
 Request for apply insurance.
 Request for apply MF.
 Request for Locker facility.
 Request for Deposit a/c opening.
 Request for TDS /Form 16 certificate.
  Request for SMS alert.
 Request for Linking of LPG ID.
 Request for Account Statement

Call center facility for branch officials:

 This facility is available to Branches/offices across the country that can be
availed by dialing chargeable number 080-22543920.
 Any branch officials calling on above mentioned chargeable number will land
on Interactive Voice Response (IVR) system of the Bank. IVR will request to
input the branch sol id (5 digits).On authentication, the call will be directly
attended by the dedicated call centre agents.
 The branch officials will have to be provide personal information for call
centre for record (Name, PF Number & Branch Name)
The services /Complaints either will be addressed by the call centre executive or
forwarded to Digital Banking Department for resolution .Call back arrangement will
be made from call centre to appraise the status of the complaint

Contact Numbers for Bank’s Call Center

All India Toll-free Numbers 1800 22 22 44

1800 208 2244

Chargeable Numbers 080 61817110

Dedicated Number for NRIs +91 8061817110

Credit Card Call Center 1800 223 222

022-40426008

Cash Recycler Machine (CRM)

Bank has deployed Bunch Note Acceptors (BNA's) and Single Note Acceptors
(SNA's) to deposit the cash by banks own customers. NPCI (National Payment
Corporation of India) has offered "Interoperable Cash deposit"(ICD) service in
NFS (National Financial Switch). This service is available at BNAs. Bank has
implemented ICD services at existing and new BNAs. The Bunch Note Acceptor
(BNA)/Cash Recycler machines facilitate deposit of cash in the customer's account
(both card and card less transactions supported). The machines are capable to count
and detect fake notes before processing the transaction. These machines are also
capable of recycling the cash deposited which reduce the frequency of loading cash.

Cash Recycler Machine is capable of accepting and dispensing multiple notes

simultaneously. CRMs accepts maximum 200 currency notes of Rs. 50,100, 500 and
2000 denominations per transaction and maximum value of Rs. 49999/-. On PAN card
validation amount up to Rs.100000/- can be deposited per transaction. CRM impounds
any counterfeit currency and such notes are not returned to the depositor. Cash
deposit and withdrawal is allowed to NFS member bank cardholders by CRM. Cash
withdrawal feature is similar to ATM in CRMs.

Main Features of the ICD services at BNA/Recyclers

Our bank customers can deposit and withdraw cash in our BNA/Recyclers.

Customers of participating NFS member bank can deposit the cash in

BNA/Recyclers.

Cash withdrawal feature is similar to ATM in CRMs for all other bank cardholders.

For all ICD transactions, depositor have to user his Debit/ATM card and PIN at our
BNA.

Card holder can deposits the cash in his own primary account or Third Party Account
by providing beneficiary Debit/ATM Card number linked with the account.

Security Features
Serial Number capturing - Most of the BNA have the capability of capturing the
serial number of currency notes. This is useful to identifying the depositor in case
of Fake Note and in case of any dispute.

Fake Note Impounding- BNA/Recyclers have the capability to identify and capture
fake Note.

Secure- Cash deposited into CDM is deposited into designated cassette and locked.
Only authorize official have an access to the cash inside the machine.

Camera- Cameras installed in the machine are capable to capture depositor’s facial
image and hand movement at the cash tray.

Machine Capacity-BNAs have 4 Cassettes and cash deposit capacity of each cassette
is around 2000 notes. BNA is capable to accept maximum 200 note in a single
transaction.

Counting Speed- Average note counting speed of BNA is 8 notes per second.

Escrow Mode-After verifying the notes BNA display the summary of number notes
and value of the notes deposited. After confirmation by customer it is deposited to
the respective account.

Operation Flow

Select cash deposit option on Home Screen.

Select Option in Next Screen as whether you want to deposit cash using Debit Card
Facility or Using Account Number.

Select cash deposit in Own account or Third Party Account. Enter The Account
Number to Which the Cash is to be deposited.
On selection of Third Party Account , cardholder is required to enter Beneficiary
Account Number

If there is some error during this process such as “Time Out” or Network Failure or
any other issue, the Transaction will be dropped and the Card Holder Needs to
repeat the transaction.

Reconciliation & Dispute Management

Reconciliation of ICD enabled BNA's will be carried out at ATM Division. Branches
are required to keep all records like EOD summary, transaction details, images & EJ
capture in hard disk etc.

Branches are not required to pass any reversal entry of any disputed transaction
without permission of ATM Division.

Customer Complaints regarding Deposit can be captured through ATMCLAIM menu

in Finacle.

Benefits for Bank:

 Reduced Costs
 Less Footfall in the Branch for Cash related transactions.
 Improved Security from Fake Currencies.
 Enhanced Control of Cash Balances.

Benefits for Customer:

 Real time Credit to Account

 Anytime Anywhere Deposit
 Reduced Time to visit a branch to deposit Amount
 Lead Generation for Various Banking Products
  Other Services like PIN Generate/Change, Mini Statement, Cash Withdrawal
etc.

On Boarding of merchants under P2PM category are given:

Merchant’s underP2PM category will be necessarily assigned MCC code as 7407 by
the bank

Settlement of the transactions under P2PM category will be as P2P(i.e. real time
credit to merchant account)

No Merchant Discount Rate (MDR) will be applicable for P2PM transactions

No One Time cost or recurring cost will be charged to the merchant for providing
UPI QR code

Initially small merchants/Street vendors eligible under “PM SVANidhi” scheme will
be on boarded under P2PM category

Leads for generation of UPI QR codes can be shared as per “Annexure A” in

Instruction Circular No2195 dtd 03-09-2020

UPI QR codes will be sent to branch email id for further printing and providing to
the small merchant/street vendor

Small merchants with an expected inward UPI credit less than or equal to
Rs50,000/-per month will be categorized as P2PM

A cooling period of 3 months is given

Merchants with amount exceeding Rs50,000/- per month consecutively for 3 months
in any period after cooling period has to be formally acquired by bank under P2M
category with applicable charges
 DIGI GAON

 Post demonetization scenario, all banks spread digital banking and cashless
transactions awareness among rural people. Looking to the urgent need of digital
banking awareness among public at large in rural areas, it was decided to adopt
villages by all regional offices.
 RO s are required to identify minimum one village in their region for making the
selected village as Digital Village which will be known as “Union Digi-Gaon” by
providing bank’s digital channels for payment and merchants acquiring
transactions, spreading awareness, educating customers, merchants and
conducting camps at each village and region already having Digi Gaon and Metro
Area Regions may identify as under:
 Regions having lead districts may identify more villages in addition to existing
Digi-Gaon.
 Regions not having any village area may implement the project in a unit of
municipality ward or full ward depending upon the size of the ward, for
digitization or digital inclusion

Criteria for selection of Digi-Gaon is as follows:

 Preferably our bank should have a branch in proposed village of Union Digi-
Gaon.
 Village must have a market of minimum 10 shops .
 Village market being visited by adjoining cluster of villages for shopping should
be preferred to spread awareness/ publicity from single point to mass people .
 Existing Union Adarsh Grams may also be selected in lead district
 Priority may be given to village of population of 1000 and above
Basic infrastructure for digitalization like availability of landline , mobile network,
Signals, a connecting pucca road, electricity or solar power etc should be available in
the proposed village as digitisation will be executed with POS machines and mobile
Apps
 NETC Issuer (FASTag)
Objective

 To reduce waiting time at Toll Plaza

 To eliminate the acceleration and idling, harmful vehicular emissions and air
pollution.
 To accommodate increasing traffic without additional lanes and to reduce
congestions around Toll Plaza.
 To save fuel and reduce operating cost of vehicle.
 Reduce cash handling.

Product Overview

National Payments Corporation of India (NPCI) has developed the National

Electronic Toll Collection (NETC) program to meet the electronic tolling
requirements of the Indian market. It offers an interoperable nationwide toll
payment solution including clearing house services for settlement and dispute
management. Interoperability, as it applies to NETC system, enables a customer to
use their FASTag as payment mode on any of the toll plazas irrespective of who has
acquired the toll plaza.

FASTag is a device that employs Radio Frequency Identification (RFID) technology

for making toll payments directly while the vehicle is in motion. FASTag (RFID Tag)
is affixed on the windscreen of the vehicle and enables a customer to make the toll
payments directly from the account which is linked to FASTag.

Amount Limit for FASTag

The customer can obtain the FASTag with minimum of Rs. 500/- and maximum of Rs.
1,00,000/-(being KYC complaint account)
NETC System Participants and their role

• Vehicle owner: To obtain FASTag from issuer and fixing it on vehicle windshield.
• Issuer: To contact vehicle owner for FASTag issuance and processing of online
transaction.
• Toll plaza operator: To install various Toll Plaza systems, Toll Plaza server and
contracting with Acquirer
• Acquirer: To contract Toll Plaza operators and to deploy acquiring host and
process payment transaction.
• NPCI: To specify rules and ensure compliance. Operation of online communication
between acquirer and issuers. To perform clearing and settlement for
transactions.

INTERNET BANKING
Objective

 To Enable Customer to use internet banking for various Financial and Non-
Financial Transaction.

Features

 View Balance, Account Statement

 ASBA (Online Trading)
 Online Fund Transfer(Own Bank, Other Bank)
 Online Account Opening (FD,PPF)
 Link for generation of FORM 26AS/ITR
 Maker Checker for Corporate Net Banking
 Mobile Banking Registration
 Debit Card Blockage
 Overdraft Facility
 APY, Pradhan Mantri Bima Yojna
 AADHAAR Link
  Online Ticket Booking

NRE Customer:

Internet Banking is available to non-resident customers subject to FEMA guidelines

being complied with. The request of transaction would be on their INR account and
for domestic purpose only.

Charges:

 Free for customers

 Service charges for Regeneration of password
a) Retail User- Rs 180+ GST
b) Corporate User –Rs 250+ GST
c) Onetime Fee for Union PKI- Rs 150+GST
d) Onetime Fee for Mobile OTP Services – Rs 150 + GST

Branch Internet Banking Registration

Apart from the above the branch may also help the users to register internet
banking by lodging details of the users in menu INTREG in Finacle.

Reset Password

 Through Forget Password Link using Debit Card

 Can get Printed Password by applying through link given in website.

Transaction Limit

 Retail User- 5 LACS per day with 5 transaction for same / other bank
 Corporate User – 10 LACS per day with 5 transaction for same / other bank
 Tax Payment-Unlimited

Things to Remember
  For Payment Failure- ebanking@unionbankofindia.com
 For Tax related issues- etax@unionbankofindia.com
 For OTP – mbteam@unionbankofindia.com
 For ASBA queries –asba@unionbankofindia.com
 PAN number is mandatory

New Features-

 Beneficiary Registration- User has to confirm beneficiary details

immediately at time of registration, using tracker id delivered on
registered mobile number. However fund can be transferred after 24
hours.
 User enrolled for 2FA in old internet banking for login are provided with
inbuilt OTP facility in FEBA mandatorily at time of login.
 All the other users, who are not enrolled 2FA, will be given an option to
select any of the security features (OTP or Security question) or no
2FA option.

Prevent Session Timeout-

 Session timeout after inactivity on page for 3 minutes.

 “Prevent session timeout” is provided under “My profile” to enable user
to prevent session timeout manually.

Credit Card

Call Center: 1800 22 3222

Eligibility:
• Bank’s Customers & on selective basis it can be issued to non account holders
also considering credit worthiness and repayment capacity
• Minimum annual income Rs. 2.50 lacs
• Minimum CIBIL score – 700
• Applicant should not be defaulter of our bank or other banks
• Minimum Age 18 years
• Maximum age :
• Salaried - 60 years
• Professional - 65 years
• U Secure Min Age 18 Yr Max Age 70Yr
• All the KYC norms to be fulfilled

How to assess Card limit?

• 20% of Net Annual Income
• Subject to Minimum limit as per variant of card

Eligibility / VISA/Rupay VISASignature/ Usecure

Variant Platinum RUPAY Select
Rs. 0.10 Lac >Rs. 1.00 lac Rs. 0.10 lac
Minimum
to less than
Limit
Rs. 1.00 lac
Rs.2.50 lacs Rs.5.00 lacs Based on Term
Minimum
Deposit/Security
Annual
Deposit(80% of FD
Income
Value)

Other matters
• Cards are issued with validity of 3 years
Personal Accident Insurance Cover

Accidental Death
Card Type Accidental Death
(AIR)
 Platinum/
Rs. 5.00 lacs Rs. 8.00 lacs
U Secure
Signature / Select
Rs.8.00 Lacs Rs 10.00 Lacs
Card

Credit Card - Bill Payment

• Monthly bill prepared on 20th of every month
• Due date of payment is 10th of next month of the bill date.
• Customer can pay any amount subject to Minimum Payment Due (MPD) i.e., 10%
of the total bill amount Entire card dues or
• SMS Alerts being sent to customers
• Payment options:
• Cash Payment / Deposit Cheque at Branches
• Issue standing instruction for Auto Debit mandatory for Union Bank
A/c Holders
• Online payment using Internet Banking
• Option “Z” in Finacle CCARD menu

EMI Scheme:
• Minimum Transaction Amount for EMI Rs. 5000
• Eligibility : Customers who have paid regularly i.e. not missed two consecutive
payments
• Tenor of EMI : 3/6/9/12/18/24 months as per customer choice
• Can be availed post authorization
• Post Authorization : Customer need to contact call Centre and place an
EMI request

POS

What is POS?

POS terminals are a combination of hardware and software device, which allows
MERCHANTS to accept payments through card with card holder's authentication,
(Debit Card or Credit Card) directly without updating the cash registers. A POS
terminal is an electronic device and performs the following functions:

> Reads the information of a customer's credit/debit card without storing the card
information.

> Checks the availability of funds in a customer's card account through the Switch
network.

> Transfers the funds from customer's account to the Merchant's account through
Switch.

> Transfers the transaction details captured at the POS terminal to the Switch for
settlement in the merchant's Bank account.

> Prints the charge slip of the transaction both for the Merchant and the Cardholder.

> Generates e-Chargeslip for sending through SMS to cardholder.

> Promotes Digitalization through cashless transactions.

Bank has introduced transaction based service charges on Point of Sale terminals:
Model 1 and Model 2

 New Rental pricing Model (Based on Transaction volume)

 Bank will now offer two models 1 and Model 2 to the merchants for availing
POS services
 Model 1- Transaction volume based model and
 Model 2- Flat charges based model
 MODEL 1(Availing to Retail merchants only with up to 50 Terminals)

Salient features of Model 1:

Model 1 offers the following salient features to the merchants

1. Model 1 available to only retail merchants up to 50 terminals
2. Model 1 not available to corporate merchants
3. Service charges under Model 1 not applicable in month of installation and the
month of de-installation
4. Service charges to be charged as per Model 2 only in the month of installation and
de-installation
5. Higher the transaction volume lower will be the monthly rental
6. Zero rental for the month where transaction volume more than Rs 8.00 lakh
7. Model 1 available to only those existing and new rental merchants where no
concession have been granted.

8. Model 1 applicable for PSTN and GPRS wireless terminals only. PCPOS and m POS
are not covered under Model 1

How to apply under the new Model: The selection of the service charge model is
done by merchant at the time of submission of POS application. In case of corporate
merchant, the service model 2 is assigned by default. A separate Annexure “A” is
devised to capture the option of the merchant at the time of executing the
agreement and submitting the application. This annexure “A” along with the POS
agreement and application form must be held in record by the branch and has to be
applied in finacle using POS menu.

Annexure “A” is available in Instruction Circular: 1499-2019

Merchant Discount Rate (MDR)

The MDR is the rate that is charged to the merchant on all card based transactions
that are entered on a POS terminal. As an acquiring Bank, our Bank accepts the card
payment, verifies the card genuineness and validates the balance using our own
switch network (For our Bank's Card) and other bank switch. (For other Bank's card).

The MDR is shared with the card network like VISA, MASTER CARD, RUPAY and
also with Card Issuing Bank. The Merchant receives the final credit of a transaction
after the deduction of MDR. Thus, the acquiring Bank at the end, receives only a
proportion of the net MDR deducted.

The rationalization of MDR for debit card transactions has been made by RBI based
on the following criteria:

Categorisation of merchants on the basis of turnover.

Adoption of a differentiated MDR for QR-code based transactions.

Specifying a ceiling on the maximum permissible MDR for both 'card present' and
'card

Not present' transactions.

Settlement Mechanism:

The settlement* mechanism involves the batch execution at the POS terminal usually
carried out at the end of the day by the merchant. After the settlement process is
over, the transactions entered at the POS terminal are transferred to the switch
and the total credit of transactions received at the POS terminal till the batch
settlement process, is credited to the merchant's designated bank account on T+1
working day.

However unless and until the settlement process or batch end process is executed
by the merchant at the POS terminal, the transactions do not get reflected in the
merchant's bank account.

*The settlement of transactions in the merchant's bank account is done on T+1 or

T+2 business days, depending on the arrangement agreed with the merchant. "T"
refers to the date of transaction.

Rule

A transaction entered through debit card or credit card at a POS terminal is

considered as successful if and only if a charge slip is generated at the POS terminal.
In case a charge slip is not generated but the cardholder's account gets debited,
then in such cases the cardholder has to contact his card issuing bank for requesting
the refund of the transaction. The merchant must be aware that the goods or
services may not be parted with, unless a charge slip is generated. In such cases
where the charge slip is not generated, the transaction is unsuccessful.

Installation Process

The Bank has tied up with external service providers for installation of POS
terminals at the merchant's business establishment. Each installation is carried out
in a professional manner that involves calling the merchant before scheduling the
visit and imparting complete training to the merchant about the POS terminal. Let
us go through the steps involved in the installation process.

a) Step 1: Branch Manager / Marketing Officer may approach the Merchant for
availing POS Facility (Share POS USPs as above as well as our competitive service
charges for a positive response).

b) Step 2: Branch must guide the merchant about the terms & conditions specific to
POS facility.
c) Step 3: Once the merchant agreement form is completely filled up by the
merchant and signed, it needs to be kept safe by the branch for future reference.

d) Step 4: The merchant request for POS installation must be forwarded to POS
team at central office by entering the merchant specific details in the new POS
menu in Finacle core. At present, Branch shall continue to send the leads in the excel
format through respective CMC at regional offices till the new Finacle menu is made
live to the branches.

e) At present Bank is providing the facility of POS terminals to our own clients.
However our USPs may be used to on-board new clients and thereafter set up POS
terminals at their business establishments.

f) Step 5: The new requests for POS installation received at central office are
subjected to Risk and Compliance check before approving the merchant's POS
installation request. Therefore it is important to capture the correct business type
and address details in Finacle or excel sheet before submitting the request to
central office for processing.

g) Step 6: After the approval of the leads at Central Office, below TAT is followed
for installation:

General Guidelines

> Proper Installation Address with PIN code and Contact person name and at least
two contact numbers should be provided at the time of submitting POS terminal
installation request to Central Office.

> In case merchant wants an additional terminal at a different location but for the
same business, branch must obtain details in a new Merchant request letter along
with new location address proof.

> International Card Acceptance is not available by default on every terminal. The
Merchant needs to submit a request in a standard format printed on the business
letter head. (Format is available from central office on request)
> The merchant may raise a complaint related to paper roll, terminal or any other
service related issue with the POS helpdesk. The contact number of the helpdesk is
printed on the reverse of the POS terminal.

PREPAID PAYMENT INSTRUMENTS

Introduction

Prepaid Payment Instruments(PPls) are payment instruments that facilitate

purchase of goods and services, including financialservices, remittance facilities etc.
against the value stored on it which paid for by the holders by cash, by debiting bank
account, by credit and debit cards and other PPls(permitted by RBI) and can be
issued as cards, wallets, and other such form/instrument.

Types of PPI

1. Closed System PPls

2. Semi-closed System PPls
3. Open System PPIs.
Closed System PPIs

 Closed System PPIs are issued by the Bank for facilitating purchase of goods
and services from the Bank only.
 Cash withdrawal is not permitted as these instruments cannot be used for
payments or settlement for third party services.

Semi-closed System PPls

Semi-closed System PPls are used for the purchase of goods and services,
financial services, remittance at a group of clearly identified merchant
locations/establishments which have a specific contract with the Bank (or
 contract through a payment aggregator/paymentgateway) to accept the PPls
as payment instruments. Cash withdrawal is not permitted for these PPIs.
Semi-closed PPIs up to Rs. 10000/-with minimum details.
 Issued by Bank after obtaining minimum details which include mobile number,
One Time Pin(OTP), self-declaration of name and unique identification number
of any of the 'Officially Valid Document' , reloadable and issued in electronic
form only.
 Maximum loading amount Rs. 10000/- per month.
 Total loading amount should not exceed Rs. 100000/- financial year.
 Total amount debited during any month should not exceed Rs.10000/-.
 Outstanding amount in PPIs at any point should not exceed Rs.10000/·
 Semi-closed PPIs shall be converted into KYC compliant semi-closed PPIs
within 12 months, else no further credit will be allowed.
 No Semi-closed PPI will be issued to the same user with the same details in
future.
 PPI holder can close the PPI at any time and outstanding balance can be
transferred to own bank account.

Semi-closed PPls up to Rs.100000/- after completing KYC of the PPI holder

 Issued after completing KYC of the PPI holder.
 Reloadable in nature and issued only in electronic form.
 Outstanding amount in PPIs at any point should not exceed Rs.100000/·
 Funds transfer limit for Pre-registered beneficiaries is Rs.100000/-permonth
per beneficiary.
 The fund transfer limits for all other cases is Rs.10000/per month.
 On closure or expiry of validity, available balancein the PPI can be transferred
to pre-designated bank account or other PPI.

Open System PPls:

 Open System PPIs can be used at any merchant for purchase of goods and
services, financial services and remittance. Bank can issue open system PPls
after completing KYC of the PPI holder. Cash withdrawal at ATMs/Point of
Sale (PoS)/Business Correspondents (BCs) are permitted for Open System
PPIs.
Open system PPls after completing KYC of the PPl holder
 Reloadable in nature and issued only in electronic form including cards.
 Outstanding amount in PPI should not exceed Rs.100000/- at any point
 Pre-registered beneficiary facility is available with maximum funds transfer
limit of Rs.100000/- per month per beneficiary.
 The fund transfer limits for all other cases is Rs.10000/per month
 Funds transfer from Open system PPls can be permitted to other open system
PPls, debit cards and credit cards as per the limits.
 On closure or expiry of validity, available balancein the PPI can be transferred
to pre-designated bank account or other PPI.
 Issue EMV chip and pin based Prepaid General Purpose cards.

Specific Categories of PPls

Gift Instruments
 KYC details of the purchasers of such instruments shall be maintained by the
branch.
 Maximum value of each prepaid gift instrument is Rs.10000/-
 Gift instruments are not reloadable.
 No cash-out, refund or funds transfer is permitted.
 Gift instruments can be revalidated.
 Bank will issue new gift card as EMV chip and pin card only.

PPls for Mass Transit Systems (PPI-MTS)

 Semi-closed PPls are issued by mass transit system operators.
 To qualify as the PPl-MTS, it must necessarily contain the Automated Fare
Collection application related to the transit service.
  PPI-MTS can be used only at merchants whose activities are allied/related to
or are carried on within the premises of the transit system.
 MTS is reloadable PPI and maximum outstanding amount should not exceed
Rs.3000/- at any point.
 Cash-out or refund or funds transfer is not permitted from these PPls.

National Electronic Toll Collection (Issuance of FASTags)

 National Electronic Toll Collection (NETC) systems enable toll to be collected
electronically from vehicles at toll plaza while vehicle is in motion.
 The technology standard stipulated by the Government of India for NETC is
RFID based tags called FASTag.
 Bank will issue FASTag to customers and non-customers with full KYC through
Direct selling agents (DSAs) and branches.

Travel prepaid card

 The International Travel prepaid card is considered as one of the most
preferred paperless payment card industry.
 The foreign currency denominated Travel Prepaid Cards are alternative to
cash and travellers cheques, in view of the wider acceptance at ATMS and
Merchant locations.
 Issued through 'B' category branches.

PPls under co-branding arrangements

 The co-branding partner shall be a registered company or a bank licensed by
RBI.
 Bank shall be liable for all acts of the co-branding partner.
 Bank shall co-brand such instruments with the name/logo of the company for
whose customers/beneficiaries such co-branded instruments are to be issued.
 In case of co-branding arrangement with any non-bank entity, the role of the
non-bank entity shall be limited to marketing/ distribution of the PPIs or
providing access to the PPI holder.
Safeguards against Money Laundering (KYC/ AML/CFT) Provisions
Banks are required to follow the guidelines of: -
 Know Your Customer (KYC)/Anti-Money Laundering (AML) / Combating
Financing of Terrorism (CFT).
 Maintained the log of all PPls transactions at least for 10 years for scrutiny
purpose.
 Filling of Suspicious Transaction Reports (STRs) to Financial Intelligence
Unit-India (FIU-IND).

Issuance, loading and reloading of PPIs

 Reloadable and non-reloadable PPls depending upon the type of PPIs
 No interest is to be paid on PPI balance.
 PPls can be loaded/reloaded by using bank account, credit and debit cards, and
other PPls issued can only by regulated entities in India and shall be in INR
only.
 No new PPI will be created to facilitate another cash-based remittances for
same person whose PPI is already created for previous remittance to other
PPIs/bank accounts.

Validity and Redemption

 Non-reloadable Prepaid Gift instruments are valid for one year.
 All other reloadable prepaid instruments are valid for three years.
 Caution advice is to be sent by SMS/e-mail/post to PPI holder prior to 45
days of expiry of PPI.
 Expiry period of the PPI is to be conveyed clearly to the customer at the time
of issuance.
 If for any reason the scheme is being wound up or is directed by RBI to be
discontinued, the holders of PPls is permitted to redeem the outstanding
balance inthe PPI.
Transaction Limits and Refunds
 There is no separate limit on purchase of goods and services using PPls and
the holder is allowed to use the PPI for these purposes within the overall PPI
limit applicable.
 Cash withdrawal limit for open type PPls is to be fixed separately. At present,
the cash withdrawal limit has been fixed as per Debit Card Policy.
 Refunds of failed/returned/rejected/cancelled transactions shall be applied
to the respective PPI immediately.
 Refunds of transactions of any other payment instrument shall not be
credited to PPI.

Security, Fraud prevention and Risk Management Framework

A strong risk management system is necessary to meet the challenges of
fraudand ensure customer protection. Bank shall put in place adequate
information and data security infrastructure and systems for prevention and
detection of frauds.

Customer Protection and Grievance Redressal Framework

 Information on customer protection and grievance redressal policy is to be
disseminated in simple language (preferably in English, Hindi and the local
language).
 Customer should have recourse to the Banking Ombudsman Scheme for
grievance redressal.
 Charges for various types of transactions should be displayed on website,
mobile app and amount collected from the customer should be acknowledged
by issuing a receipt (printed/electronic).
 Frequently asked questions to be displayed on bank's website/mobile app
related to PPls.

Debit Card:
 Types of Accounts Eligible for Debit Cards

• All customers having SB account or current account in individual name or in

joint names with "any one of us" or "either or survivor" mandate for operation
of account
• All existing debit card holders for renewal of debit card after its expiry
• Proprietary Current accounts in personal names of Proprietor
• SB/CD accounts of NRIs and add-on cards to Power of Attorney holders of
NRI accounts
• Staff OD accounts of all staff members including ex-staff members
• Account holders under Flexi schemes (both saving flexi and current flexi) and
Multi Gain Savings Account (MGSA) and Multi Gain Current Account (MGCA)
for individual, proprietorship and pensioners
• No frills accounts / Small accounts
• Persons with disabilities including blind persons
• Savings cum CCAGR account holders s
• Minor accounts where independent operations are allowed
• Partnership and HUF savings and current accounts
• Debit card can also be issued to LLP and Pvt. Ltd. companies by obtaining board
resolution and certain other prerequisites

Limits of Various Cards

Account Tier Card Variant

Classification Classic Platinum Business Signature
Platinum
AQB (Average Nil AQB of Rs. AQB of Rs. AQB of Rs.
Quarterly 5000/-and 100000/- 1,00,000/-
Balance)/Account above or or balance
balance balance of of 50000/-
15000/-at at the time
the time of issuance
of issuance of card
 of the
card

Daily Withdrawal limit – 25,000/- 75,000/- 1,00,000/- 1,00,000/-

ATM
Daily Shopping limit – 50,000/- 1,50,000/- 3,00,000/- 3,00,000/-
POS
Total Daily limit 75,000/- 2,25,000/- 4,00,000 /- 4,00,000/-

Personal Accident Insurance Cover:

Accidental insurance cover for 2.00 lakh

primary card holders
Accidental insurance cover for 1.00 lakh
secondary card holders
Air accidental insurance for Platinum 5.00 lakh
card holders
Air accidental insurance for 50.00 lakh
Signature card holders

In addition , NPCI is providing additional insurance cover as given

Criteria Insurance Amount
Rupay Classic Card Holders 1.00 lakh
Rupay Platinum Card Holders 2.00 lakh
PMJDY accounts opened upto 1.00 lakh
28.08.2018
PMJDY accounts opened after 2.00 lakh
28.08.2018

ATM Free ONUS transactions (per month)

 8 free transactions for (Classic and Platinum debit card holders)

20 free transactions for (Signature and Business debit card holders)

*Cumulative free transactions will remain same as above even if SB account

and current account or more than one account of the customer is linked to the
same debit card

Free transactions (per month) at other Bank ATMs

Savings accounts Current Accounts

Metro centers: 3 including both No transaction is free at other bank

financial and non-financial transaction ATM

Non-metro centers: 5 including both

financial and non-financial transactions

 Schedule of Service Charges: Debit card will be issued free as there is no

joining fee

Charges for 1st year of usage Nil

Charges for subsequent year to be
charged annually from the date of
card issuance.
F For other than waived accounts as
above.
 Classic - Rs. 125 + GST
 Platinum – Rs. 150 + GST
 Signature – Rs. 200 + GST
 Business – Rs. 200 + GST
Apart from features mentioned above, some other important features of debit
cards are:

Business Platinum Debit Card: Business Platinum Debit card” on VISA platform is
available for current account holders of our Bank as under:

a) Individual b) proprietorship c) Partnership d) HUF (Karta)

AQB : 1.00 lac or balance of 50000 at the time of issuance of card

Contactless Debit Card (VISA Paywave): Visa Paywave Debit card is based on
NFC (Near Field Communication) technology.

The following are the features of VISA Paywave Contactless Debit Card:

Classification VISA paywave (contactless)

Card Variant Classic

Per transaction limit for Rs. 2,000

contactless mode
Per day maximum limit for Rs. 5,000
contactless mode
Per day maximum number of 5
contactless transactions

Signature Contactless Debit Card : Additional feature of 4 reward points on

every 100 Rs. Spent on POS/E-Comm and airport lounge access .

JCB Platinum Debit Card

 Target: NRI corporate, salaried & professional class customers.

 City Lounge Access (JCB Plaza Lounge):Cardholder can avail unlimited city
lounge services in the locations viz. Tokyo, Los Angeles, Singapore, Paris,
Seoul, Bangkok, Hong Kong.
  Domestic Lounge Program: Two Free Accesses 2 per Quarter for Platinum
Cardholder.

 International Lounge Program:

 Six complementary accesses per year at specially chosen international
lounges located at popular destinations.
 4 international lounge accesses per year across Bangkok, Hong Kong,
Incheon (South Korea) & Singapore.
 2 International Lounge Accesses per year at Dubai (Marhaba
lounge).Unlimited access across lounges in China (33 lounges), Japan (43
lounges) and Hawai (1 lounge).

RUPAY QSPARC DEBIT CARD

Objective

After completion of this module, you will be able to understand

 What is a National Common Mobility Card (NCMC)?

 Features of Rupay QSPARC Debit Card
 Benefits of Rupay QSPARC Debit Card to customers

National common mobility card (NCMC)

The NCMC is an indigenously made product, and is a part of the Make in

India project. Our Bank has launched the National Common Mobility Card (NCMC) as
per the directives of government of India on our 100 th foundation day (11.11.2018)
with centenary celebration look and tag line “100 years, serving the nation”.
Our Bank National Common Mobility Card (NCMC) is based on Rupay Qsparc (Quick
Specification for Payment Application of Rupay Chip) debit card specifications.
Rupay Qsparc debit card works as a normal debit card. It also has a unique stored
value feature as prepaid card. The stored value can be recharged by either paying
money or debiting from customers account at the compatible NCMC POS terminals.

Both Online (Contact + Contactless) and Offline (Contactless Only) transactions are,
supported by RuPay QSPARC card. The transactions upto Rs. 2000/- per transaction
(Rs. 5000/ per day maximum 5 transactions) at compatible NCMC POS terminals in
offline mode will be debited to prepaid account maintained parallel in Finacle on T+1
basis during daily settlement with Rupay. The card is specially designed by
Government of India for deployment at locations like smart cities, metro, bus,
transits, parking etc.

Branches can indent the RuPay QSPARC debit card in DCARD menu in Finacle. A
separate account for the wallet faciltity is auto opened when the card is processed
for issuance, which can be viewed in finacle but only offline transactions through
system will be allowed while doing transactions at compatible NCMC POS terminals.
The mirror account number will be opened “R + Account Number” e.g.
R411602010012345.

The features of Rupay’ QSPARC Debit Card are as under

Card variant Classic

BIN Number 608332

Daily cash withdrawal limit Rs.25000 /-

Daily shopping limit POS & internet Rs.50000 /-

Total Daily limit Rs.75000 /-

Average quarterly balance (AQB) nil

Per transaction limit for contactless Rs.2000 /-
mode

Per day maximum limit for contactless Rs.5000 /-

mode transactions

Per day maximum number of 5

contactless transactions

Personal accidental insurance: Primary Rs. 2.00 lac & Rs. 1.00 lac respectivly
card holder & Secondary card holder
Rs. 2.00 lakh comprehensive insurance
by NPCI

Card issuance charges Nil

Card renewal charges Rs. 125

(waived for card which are used for 40

or more POS/E-Com transactions in the
previous year)

The card provides following benefits to the customers:

 It supports both contact and contactless transactions.

 It can also be used for payment in the compatible POS terminals which are
off line i.e. with no internet connectivity.
 It can be used for all payment applications (low value –offline/high value –
online) for public transport ( bus , metro etc.), retail toll parking , small
retail shops and smart cities.
 Empower all citizens to use a single card for all kind of payments.

Cashless Campus
Objective

 To enable all financial transactions through cashless digital channels in an

educational institution.
Process of converting leads to business

 Regional offices/branches should have a meeting and explain our offering and
understand their requirement
 Details to be sent to DBD for technical and commercial offering
 DBD will evaluate the offering and share the commercial with RO
 Vendor finalization will be strictly done by DBD
Information required for Lead

14. Business spread of institute

15. Type of account maintained and balance maintained
16. Expected CASA
17. Student strength
18. Ticket size
19. Average monthly number of transactions
20.Frequency of transaction
21. Existing Technical Setup
(IC 00685-2016 Annexure 1 format)

Benefit to Bank

Bank generates income from charges levied on all transaction

Brand image and visibility for Bank

Cashless campus will enable bank to connect to students at an early stage and
opportunity to cross sell

Business Opportunity

Opening all staffs, students and parents accounts hence increasing CASA

Cross selling digital products such as debit cards, credit cards etc
Education loan for students

Retail loan for staff and parents

Rupay Gift Card

Eligibility:

 Any existing customer having account with any branch

 Non-customer to provide KYC details i.e. ID and Address Proof as per
extant guidelines
 Cards can be issued both individuals and organizations
Loading of amount:

 Gift card is a non-reloadable card and can be loaded only once at the
time of issuance with minimum amount of Rs.100/- and maximum amount
of Rs.10000/-
Usage:

 Gift card are for domestic use only i.e. no International transaction is
permitted through gift card.
 Gift card can be used for purchase of goods and services at any merchant
location up to the value stored in the card.
 Cash withdrawal from ATM and online shopping through Gift card is not
permitted

Validity :

 Gift cards are valid for one year from the date of issue or upto the expiry
date mentioned on the card whichever is earlier

 Gift cards can be revalidated through issuance of new instruments only

KYC:

 Before issuing the card, branch should undertake proper KYC of the
purchaser and keep the documents on record.

 Separate KYC would not be required for customers who will be issued
such instruments against debit to their KYC compliant bank accounts .

Charges :

 Rs.50/- + GST per card to be collected from the purchaser at the time
of issuance or at time of revalidation of expired card through issuance of
new card.
Misc:

 Gift card can be issued by accepting cheque debit instruction

 For non-customers cards can be issued by accepting cash also
 A simple application is to be obtained from the purchaser
 For non –customer KYC documents are to be obtained as per extant
guidelines before accepting cash towards issuance of gift card

Steps involved in Gift Card Issuance

Step 1: Card Indent & Delivery

 Branches are required to place the indent to Digital Banking Dept.

 Digital Banking Department will download the request from Finacle and
place the order with vendor for supply of requested number of cards to

the branch

 Cards & PINs will be dispatched by the vendor to respective branches

 After receiving the cards from vendor ,branch will enter the cards in
their security register

 Cards to be issued to the purchaser against acknowledgement for which

separate register is to be maintained by branch

Step 2: Uploading Cards in Finacle

  Uploading cards into the system will be done by Digital Banking Department
 Uploading will be done through menu option PCA, which has been developed
specially for issuance of RuPay Gift Card

PAYMENT GATEWAY

Merchant processing

Merchant processing is the settlement of electronic payment transactions for

merchants. Merchant processing activities involve gathering sales information from
the merchant, obtaining authorization for the transaction, collecting funds from the
card-issuing banks and reimbursing the merchant.

Stake holders
The most common participants in merchant processing are Merchant, Consumer,
Acquiring Banks, Issuing bank, Agent Banks, Aggregator, Service providers &
Payment Networks

Merchant Eligibility
Merchant Application Form and Merchant Establishment Agreement should be duly
signed and stamped by the authorized signatory. Besides, For Business License /
Registration copy, any of the prescribed documents can be taken. For new
establishment where CST / ST / GST number is not available, applied for document
will be acceptable.
CST / ST / GST number may be waived for applications from Central or State
Government undertakings; Schools and Colleges; Private Hospitals, clinics, diagnostic
centers; Chemists; petroleum merchants & IATA certification for Travel agents
 Contact Point Verification will be mandatory
 Merchant negative database check using CIBIL bureau
  Signature verification of the authorized signatory (Any of Aadhaar card,
driving license, passport copy, bankers verification, PAN card)

In addition to above, further documentation as per merchants registered entity type

such as partnership, HUF, Private/Public Limited Company will be required.

Channels of Merchant Acquisition

Merchants prefer to avail various modes through which they can receive the
payments from consumers for sale of their goods and services. The existing channels
of merchant acquisition are Point of Sale (PoS) terminals, Payment Gateway & Mobile
Applications

Fraud Risk Management Practices

It is important for the bank to have a well-defined process of risk management viz.
Identification, Detection, Investigation, Deterrence and Prevention. Risk
management would encompass all risk types viz Fraud, Credit, Operational,
Reputational, Market risk or any other risk as applicable.

Business Process Flow:

Once the merchant has been prospected, a Proposal for Acquisition is given to the
merchant.
After the merchant accepts the offer, the next stage in the process flow is the
collection of required documents from the merchant so as to enable merchant set-
up in system.

Depending upon the technology platform, the Merchant has implemented at his end,
the corresponding integration files are to be sent to integrate Internet Payment
Gateway with Merchant Website.
Bank shall not onboard any merchants engaged in the business of Prostitution, Adult
Entertainment, Horse Racing, Dating and Escort Services, Weapons/Firearms,
Gambling & Lottery Sales.

After the final setup has been completed, the service provider will install the
terminal and will make test transactions.

Social Media Policy

Social Media is a new form of Media and it is the future of communication with
enhanced experience of information sharing such as text, photos, audio, video etc.
The mostly used social media platforms are Twitter, Facebook, YouTube, Instagram,
blogs and LinkedIn. Among these, approximate ten percent of the world’s population
is using Facebook and almost 500 million people log onto YouTube each month.

Financial institutions including banks now see these platforms as a medium to regain
and improve customer satisfaction and trust. Many of the banks are using these
platforms extensively for providing regular updates, on the other hand other banks
are still not active on social media. But as it is the need of the hour, banks can’t keep
them aloof from social media in this competitive era.

Social media can be used as a very good medium to collect relevant feedback related
to new initiatives, addressing customer needs and complaints with regard to branch,
product, initiatives, customers etc. Social Media can be used to increase brand
exposure, to know what people are saying about a brand, gaining competitive
intelligence, creating buzz for campaigns etc.

Union Bank Presence in Social Media

Bank has launched official presence in following social media channels:

 • Facebook - For creating awareness around information published by the
bank and interacting with the audience via visually rich and engaging
content.
• Twitter - For operating as a real time channel for broadcasting offers, new
developments and initiatives, and for engaging influences, as well as
responding to customer care queries.
• YouTube - Creating interesting brand videos with a focus on new products,
offers, campaign stories to engage the audience and educate them.
• Instagram - To create brand image among our young and other Instagram
audience by promoting eye-catching and informative creatives and short
videos.
• Linked In - To build a strong presence in banking industry and boost our
reach by posting contents and blogs on our bank's recent activities time to
time.

Union Connect (Social Media) Team

The ownership of social media is now with Corporate Communications Department

under the project “Union Connect”. A dedicated team of tech savvy officers having
good communication skill administers the social media pages on 24x7 basis. The team
monitors and manages contents and activities in sites continuously. Union Connect
team responds to comments and actionable updates within 12 hours. Union Connect
team manages the page from day one. Team deletes or suppresses negative content
relating to the products/services. Customer query answering or escalating the issue
to the right department for resolution is ensured.

Some Ground Rules regarding information/ opinion/views about the Bank on social
media

 Duty to protect Bank against malicious content/campaign.

 Duty to unfriend/off-connect with malicious content.

 Duty to protect interest/reputation of the Bank.

 Duty to maintain accuracy & confidentiality of Bank’s offers/policies

  Failure of complying with Social Media Policy will be treated as violation of
service regulations of “Union Bank of India Officer Employees (conduct)
Regulations, 1976 with all amendments”.

Digital Public Relation:

 To promote the brand better on all social media platform so as to make a

considerable impact, sponsored ads will be placed in social media
pages/handle, as these are repository of personal information of
prospective customers.

 Bank's publicity materials like posters, banners, holdings etc. will be printed
with:
 Like us on Facebook - facebook.com/UnionBankOfIndia
 Follow us on Twitter - twitter.com/UnionBankTweets
 Follow us on Instagram - instagram.com/UnionBanklnsta
 Subscribe us on YouTube - youtube.com/c/unionbankofindiautube
 Follow us on Linkedln - linkedin.com/company/unionbankofindia

Cyber Security Policy

Cyber security policy is a set of directives, procedures, guidelines, designed to
maintain cyber security and manage cyber risks proactively. The cyber security
policy at bank provides a set of directives that shall enable bank to identify, detect
and mitigate cyber-attacks in a timely manner to protect the confidentiality,
integrity and availability of data at bank.

Extensive usage of internet, digitization and virtualization in the Bank has increased
the Cyber risk and threats encountered by the people, processes and technologies
of the Bank. Cyber Security comprises of technologies, processes and practices
designed to protect networks, computers, applications and data from compromise
i.e., loss of confidentiality, integrity or availability. It also helps support the
resiliency of the system to recover from a cyber-attack.

RBI has mandated the Banks to have a Cyber Security Policy which is distinct and
separate from the broader Information Technology Policy (IT)/ Information
Security (IS) Policy so that it can highlight the risks from cyber threats and the
measures to address / mitigate these risks.

The policies define the baseline Security that is appropriate for securing the IT
infrastructure, underlying applications, processes, employees and customer data/
information of the Bank in line with regulatory requirements.

The policy is complementary to Bank’s Information Security Policy. The Cyber

Security Policy document shall be reviewed by the CISO (Chief Information Security
Officer) for any updation and the reviewed document shall be approved by the IT
Strategy Committee of Directors of Board and subsequently by the Board.

Scope: The policy applies to all intellectual property, data stored on bank equipment,
employees, contractors, consultants, and third party users sitting/accessing the
premises of bank, users connecting to bank via any network connection or using bank
equipment. The cyber security policy is complimentary to information security policy.

Cyber risks: Cyber risk represents the possibility that technologies, processes and
practices at bank can be circumvented, allowing unauthorized users to (including but
not limited to):

 Modify and/or delete key applications and information, which will affect the
accuracy or integrity of processing
 Access or extract protected or sensitive information (e.g., intellectual
property, proprietary information , credit card information , personally
identifiable information)
 Disrupt computer controlled operations to access to online systems

Cyber Security Governance:

Cyber Security Governance includes the following aspects:

a. Management Strategy
b. Cyber Security Awareness at Board/ Top-Management Level
c. Roles and Responsibilities

a. Management Strategy:
Management Strategy set up by our bank has following stages:
1. Identify:

Identification of critical assets and management of Cyber Security risks

2. Protect:

Safeguarding continually identified assets by deploying controls such as

security architecture mechanisms, event correlation systems, intrusion
prevention and detection systems and enforcement of secure configuration.

3. Detect:

Detecting incidents related to attacks or anomalies through continuous

monitoring.

4. Respond:

Take steps to assess the incident impact and take appropriate response
measures including escalation to relevant authorities.

5. Recover:

Recover from incident in a timely manner adequately following the

organization’s incident management, business continuity and disaster
recovery policies and procedures and to ensure that there is no loss of
confidential data at the bank and the bank’s IT assets are protected against
Cyber-attacks.

6. Learn:
 Post recovery, record the relevant learning’s of the cyber incidents and add
the cases to awareness sessions.

b. Cyber Security Awareness at Board/ Top-Management Level:

Training programs on IT Risk/ Cyber Security Risk and evolving best practices
shall be conducted for board members periodically.

c. Roles and Responsibilities:

While implementing Cyber Security Governance, stakeholders include:
- Board of Directors
- Business Vertical Heads
- GM-DIT/ CIO
- CISO
- IT Strategy Committee

The Board of Directors shall be ultimately responsible for Cyber Security. Senior
Management is responsible for advising and making the bank employees understand
and train them about the Cyber Security risks to the bank to ensure that they are
adequately addressed from a governance perspective.

The major role of top management is to implement the Board approved Cyber
Security Policy, establishing necessary organizational processes for Cyber Security
and providing necessary resources for successful Cyber Security.

The Organizational structure in implementation of Cyber Security Policy includes the

following:

A. Cyber Security Committee (CSC):

B. CISO office
C. Chief Information Security Officer (CISO):
D. Cyber Crisis Management Team:
E. Cyber Security Operations Centre (CSOC):

Cyber Security Committee (CSC):

 Information Security Committee will play the role of Cyber Security

Committee also.

Board

IT Strategy
Committee

Information

Security

GM - RMD CISO GM - DIT

CISO Office Implementation &

Maintenance
(Monitoring &
Management)

Cyber SOC

CISO office: CISO office shall be an independent central office vertical.it shall be

headed by an executive in the rank of a GM or DGM.CISO office focuses on Cyber

security management and monitoring.

Chief Information Security Officer (CISO):

A sufficiently senior level official, of the rank of General Manager (GM)/ Deputy
General Manger (DGM) shall be designated as CISO.

CISO shall be responsible for articulating and enforcing the Security related issues/
implementation within the organization as well as relevant external agencies. The
CISO shall have a working relationship with all the IT verticals to develop the
required rapport to understand the IT infrastructure and operations, to build
effective Cyber Security across the bank, in tune with the business requirements
and objectives. Roles of CISO are given as under

 CISO will be responsible for bringing to the notice of the Board / IT sub-
committee of the Board about the vulnerabilities and cyber security risk the
Bank is exposed to,
 CISO will be responsible for holding the Information security committee
meeting and discuss the current and emerging cyber threats.
 CISO's office shall manage and monitor SOC and drive cyber security related
projects. It can have dotted relation with CIO.
 CISO should coordinate the activities pertaining to Cyber Security Incident
Response Team.
 CISO shall develop cyber security Key Risk Indicator (KRI's) and Key
performance Indicator (KPI's) and get an independent assessment of the
same including its coverage at least on a quarterly basis.
 CISO shall have a robust working relationship with Chief Risk Officer (CRO)
to enable holistic risk management approach.
 CISO's office shall be adequately staffed with technically competent people.
 CISO shall be an invitee to the IT strategy committee and IT steering
committee,
 CISO shall not have any direct reporting relationship with the Chief
Information Officer (CIO) and shall not be given any business targets.
 The budget for IT Security I CISO's Office may be determined keeping in
view the current / emerging cyber threat landscape.
 CISO should Report to the ED overseeing Risk Management Department.

……………………………………………………………………………………………………………………………………………………
Wish you
All the Best!!