AUSPI/145/2008/21329thSeptember 2008
Ms.Alpana Killawala,
Chief General Manager,
Reserve Bank of India,
Department of Payment and Settlement Systems,
Central Office, 14th floor, CentralOfficeBuilding,
S.B.S. Marg,
Mumbai 400001
Sub: Mobile Banking Transactions in India-Operative Guidelines for Banks
Dear Madam,
This is with reference to the recent RBI Operative Guidelines for Mobile Banking Transactions of 19th September 2008.
2.AUSPI is an association of Telecom Service Providers predominantly using CDMA technology to provide mobile and fixed line telephone services. Our members have also been allowed to provide GSM based fully mobile service. Our member companies are major supplier of telecom resources to number of banks. They also have significant interests in the area of Mobile Banking.
3.At the outset, we would like to submit thatmobile phone banking is a significant development on the banking sector as it provides convenience of banking from any place at any point of time and has potential to revolutionize the banking service and will have major impact on our economy, especially, rural economy. The mobile phone would provide benefits of modern banking in every corner including remote and rural areas which hitherto were untouched by any time banking through ATMs. Further, the vast penetration of mobile phones would make it possible to extend the banking services to even those segments which till now were unserved or underserved. Therefore, AUSPI suggests that the mobile banking should be exploited to its maximum and we should try to remove every possible barriers.
The RBI guideline isprogressive first step towards introduction of mobile banking. In this connection, AUSPI is pleased to offer comments and recommendations as outlined as follows in paras 4 to 8.
4.Regulatory & Supervisory Issues
(i) With reference to clause 2.2
The services shall be restricted only to customers of banks and holders of debit/credit cards issued as per the extant Reserve Bank of India guidelines.
Comments:
Limiting the service to only debit / credit card holders will restrict the scope of this service to a small percentage of entire banking base of India. Mobile banking as a service should be extended to all banked customers even without any plastic attached to it. In the second phase, mobile banking should be used as an enabler to convert the unbanked customers into the banking ecosystem fold.
(ii)With reference to clause 2.3
Only Indian Rupee based domestic services shall be provided. Use of mobile banking services for cross border transfers is strictly prohibited.
Comments:
The clause is restrictive as transactions are allowed only in Indian rupees.
India receives one of the highest inward remittance flows from across the globe, including FDI. Inward remittance was nearly USD 25 billion last year and expected to grow at the rate of 25% yearly. Considering this fact, there is a huge opportunity for mobile based remittance service as this offers convenience and reach for consumers / citizens coupled with higher safety and security over conventional remittance channels.
To begin with, mobile based cross border remittance should be allowed only through banks who have implemented core banking solutions and in second phase it should be extended to other banks as well.
The Reserve Bank of India has already stated in its various communication that Credit Cards, ATM Cards and Debit Cards etc, being only different methods of payment, all Rules/Regulations and directions issued under the Foreign Exchange Management Act, 1999 (FEMA), apply to Credit Cards, Debit Cards and ATM Cards etc. also. Users are allowed to use credit cards, debit cards, ATM Cards etc over internet for any purpose for which exchange can be purchased from an Authorized Dealer in India, e.g. for import of books, purchase of downloadable software or import of any other item permissible under EXIM Policy. The mobile is only separate mode of communication, therefore, the restrictive permission to allow transaction in India Rupees only would not be in the interest of propagation of this service. Therefore it is suggested that this condition may not be prescribed.
(iii) With reference to clause 2.4
Banks may also use the services of Business Correspondent appointed in compliance with RBI guidelines, for extending this facility to their customers.
Comments:
Banks should also consider telecom operators, their channel partners, distributors, franchisees, retailers, joint ventures and subsidiaries et al as a Business Correspondent. Given the far reach of telecom operator in the length and breadth of the country and strong presence in the retail distribution channels, telecom operators and their ecosystem can play a role of Business Correspondent very effectively.
5.Registration of customers for mobile service
(i) With reference to clause 3.1
Banks shall put in place a system of document based registration with mandatory physical presence of their customers, before commencing mobile banking service.
Comments:
The proposed condition isrestrictive and may impact large scale deployment. There are number of measures available to establish the user’s identity.
Making physical presence and document based registration for mobile service will hamper the uptake of this service. All banks currently have many access points to service their customers like branches, internet, call centre, kiosks as well as mobile. There should be an alternative method utilizing any of the above mentioned channels of registration which is non-physical and ensures the safety and security aspect as well, including support documentation for account opening, wherever available. The current verification norms utilized by telecom operators may be extended suo moto as deemed compliance for Banking ‘Know Your Customer’.For rural markets and inclusion objective, primary physical presence at any touch point, in absence of any supporting documentation may be included. Banks may be allowed to use these alternate secure channels for authentication and activation of services.
6.Clearing and Settlement for inter-bank funds transfer transactions
(i)With reference to clause 6.1
To meet the objective of a nation-wide mobile banking framework, facilitating inter-banksettlement, a robust clearing and settlement infrastructure operating on a 24x7 basis would benecessary. Pending creation of such a national infrastructure, banks may enter into bilateral ormultilateral arrangement for inter-bank settlements, with express permission from Reserve Bankof India, wherever necessary.
Comments:
AUSPI would like to submit that banks have existing bilateral/multilateral arrangements and the same may be allowed for mobile banking. The mobile banking is no different from other modes of banking through ATM or internet, it only represents a different communication system. Therefore a separate permission for mobile banking per se is not required. The RBI may consider prescribing a reporting requirement in case existing arrangements are supplemented to provide mobile banking.
7.Transaction limit
With reference to Clause 8.1
A per transaction limit of Rs. 2,500/- shall be imposed on all Mobile Banking transactions. subject to an overall cap of Rs. 5,000/- per day, per customer.
Comments:
AUSPI is of the considered view that the proposed transactional limit of Rs. 2500/- is too low. This is likely to take away the convenience available with the subscribers to transact. We, therefore, strongly recommendupward transaction limit should be same as prescribed for ATM banking or internet banking.
8.Technology and security standards (Annexure-I)
With reference to para 3 (a) to (d) of Annexure-I
a)All mobile banking shall be permitted only by validation through a two factor authentication.
b)One of the factors of authentication shall be mPIN or any higher standard.
c)Where mPIN is used, end to end encryption of the mPIN shall be ensured, i.e., mPIN shall not be in clear text anywhere in the network.
d)The mPIN shall be stored in a secure environment.
Comments:
Mandating the need for encryption, we believe that any implications of encryption, would have an impact on Mobile Network Operators current regulations mandating them to adhere to stringent Lawful Interception Measures, as prescribed by the licensor i.e., DOT. While the Mobile Network Operators would be able to provide the necessary encryption, the Mobile Network Operators would have to share the decryption keys with DOT, as part of fulfilling the Lawful interception requirements. This would lead to misalignment of regulations, until a common set of norms is created between requirements of MOC & IT, MOF & MHA.
We hope you will find merit in our submissions. Should you require any further information or clarification, we shall be pleased to furnish the same.
Thanking you,
Yours faithfully,
S.C.KHANNA
SECRETARY GENERAL
Page 1 of 5