DIGIPASS 837, Vasco's first Acoustic Smart Card Reader

The top 4 points about Acoustic Smart Cards are : -

1. Acoustic Smart Cards are based on authentication via Sound.

2. The technology is standardized as per ISO 7816 acoustic smart cards specifications.

3. There are few authentication companies which manufacture Acoustic Smart Cards.

4. The smart-card features reader-less interface based on sound waves and an online security model based on dynamic security.

The top 11 nuggets of DIGIPASS 837 are

1. Vasco's DIGIPASS 837 is simple to use, due its innovative acoustic feature that facilitates data transfer from the computer to the reader in an instant.

2. DIGIPASS 837 has been launched at this year’s CeBIT expo in Hannover, Germany.

3. DIGIPASS 837 reader combines the benefits of one-time password and electronic signature to thwart man-in-the-middle attacks by using EMV infrastructure.

4. DIGIPASS 837 receives sonic signals from a sonic signals from a PC, smart phone or tablet that’s held in the vicinity of the reader’s speakers. Then the reader converts them into the transaction information displayed on the DIGIPASS 837 screen. Finally the end-users can verify the data on the screen before signing for the transaction.

5. This is based on the 'what-you-see-is-what-you-sign' (WYSIWYS) concept, which allows end-users to verify the data of the transaction before signing it.

6. Another user-friendly feature, is that DIGIPASS 837 can function through high levels of background noise and works with a variety of speaker types, smart phones and tablet PCs. No special software is required for functionality

7. The complete transaction cycle is completed in a matter of seconds, making it easier for easy adaptability by the end-user's

8. The acoustic e-signature device just has to be held in the vicinity of the speakers in order to complete data transaction and should not be held at a specific tilt angle as is the case with optical devices. This is important as otherwise the user will spend considerable time, trying to hold the instrument at a specific tilt, thereby increasing the frustration levels.

9. DIGIPASS 837, does not require any software or driver to be installed as the communication is established through the speakers of the end-user's PC/Smartphone/Tablet PC and the acoustic sensors of DIGIPASS 837

10. A demo can be viewed at  www.vasco.com/digipass837demo

11. The signal played to the Digipass 837, sounds like an old dial-up modem, triggering old memories for users.

--------------

RBI releases Draft Guidelines for White Label Automated Teller Machines (WLAs) in India.

Q) What are White Label ATM's?

Ans) Do not worry, their will be labels on the ATM's stating the owner. The only difference is that the Owner will not be a Bank but non-bank entities.

Traditionally, Banks are owners of ATM's, but ATM's owned by non-bank entities are referred to as the White Label ATM's.

A a white label ATM is owned, run and maintained by a third-party service provider. There has a demand in India for introduction of White Label ATM's, as it was felt that this would speed up the ATM penetration in India, and reduce the load on the Banks.

The number of ATM's in Urban India is increasing day by day, but the same cannot be said in rural interiors.

Hence, to encourage non-bank entities to enter the ATM arena, Reserve Bank of India, has issued Draft Guidelines for White Label Automated Teller Machines (WLAs).

The top 20 highlights of this draft guidelines are:

1. Views/Comments by the public can be sent to Reserve Bank of India before 06/03/2012.
   
   
2. The views/comments can be sent by snail mail to the Chief General Manager, Reserve Bank of India, Department of Payment & Settlement Systems, Central Office, 14h floor, Central Office Building, Shahid Bhagat Singh Marg, Mumbai -400001 or can be emailed.
   
   
3. The interested Non-bank entities proposing to set up WLAs have to make an application to RBI for seeking authorization under the Payment and Settlement Systems Act 2007.
   
   
4. Such entities should have a minimum net worth of Rs. 100 crore at the time of making the application and on a continuing basis after issue of the requisite authorization.
   
   
5. To ensure that the ATM's are not concentrated only in Tier I & II centers, there will be annual targets in terms of the ratio of WLA between Tier I &II and Tier III-VI centers. These targets will be stipulated by Reserve Bank of India.
   
   
6. Initially, only the Cards issued by banks would be permitted to be used at the WLAs.
   
   
7. Cash Deposits, as of now, will not be permitted.
   
   
8. The WLA Operator will be the "acquirer" for all transactions at the WLA and earn his fee accordingly.
   
   
9. To decrease his operating costs, the WLA Operator would be permitted to earn extra revenue through advertisement and by offering value added services. Naturazlly, such advertisements would be subject to Advertising Standards Council of India (ASCI) codes and other regulations. The other regulations might be that there should no advertisement between the keying of the Password and disbursement of the cash.
   
   
10. Regulatory guidelines relating to compensation for failed ATM transactions would apply to transactions at WLAs.
    
    
11. Prior Authorization of RBI under the Payment and Settlement Systems Act, 2007, is required by the WLA Operator, to commence its operations.
    
    
12. Each WLA Operator shall have one “Sponsor Bank” , who will serve as the Settlement Bank for the settlement of all the service transactions at the WLAs. The Sponsor Bank should be a member of one of the ATM networks authorized by the RBI and also be a member of the RTGS.
    
    
13. Cash Management of the WLAs shall be entrusted to the Sponsor Bank, who may have necessary arrangements in this regard with other banks for servicing cash requirements at various places. At no point of time, the WLA Operator or his agents shall have access to the cash at the WLAs.
    
    
14. Settlement of all the transactions at the ATMs shall be done only in the books of the Sponsor Bank through the ATM Network with whom the WLA Operator has established connectivity.
    
    
15. Maintenance and servicing of the WLAs shall be the sole responsibility of the WLA Operator.
    
    
16. Customer Grievance Redressal : The primary responsibility to redress grievance of customers relating to failed ATM transactions will vest with the Issuing Bank,. However, the Sponsor Bank will provide necessary support in this regard, including making available relevant records and information, to the Issuing Bank. For this purpose, the Sponsor Bank should have necessary arrangement with the WLA Operator.
    
    
17. The extant directives of the RBI on the time-lines for resolution of complaints of failed ATM transactions would also apply to transactions at the WLAs. For delay in resolution of such complaints attributable to the Sponsor Bank or the WLA Operator resulting in payment of penalty to the customer by the Issuing Bank in terms of the directives of RBI, the Issuing Bank shall be compensated by the Sponsor Bank. The Sponsor Bank may have appropriate agreements with the WLA Operator for recovery of such amounts.
    
    
18. ATM Network Operators will offer direct connectivity to the WLA Operator to facilitate transactions at the WLA and the settlement thereof after seeking requisite approvals from the RBI.
    
    
19. The above step bring the WLA Operator under the ambit of the Network’s Operating Guidelines and the Dispute Resolution Mechanism put in place in accordance with the extant directives of the Reserve Bank of India.
    
    
20. A Tripartite Service Level Agreement between 01) The ATM Network Operator, 02) the WLA Operator and 03) the Sponsor Bank will be requied to address issues relating to inter-bank settlement of the transactions at the WLAs and settlement of customer complaints relating to failed ATM transactions. The SLAs should clearly spell out the role of each party.

To reduce the instances of counterfeit currency entering the system, the cash handling responsibility is of the Sponsor Bank. RBI is clear that at no point of time, the WLA operator or his agents, shall have access to the cash at the WLAs.

Internationally, retailers that own white label ATMs, and not banks, load cash into the machines.

ArrayShield Card - One more weapon from India for Online Security

Today morning while reading 'The Hindu' @ Safe, read about ArrayShield product, Arrayshield Card.

More about this card can be read at the company's website How it works?

In the last couple of months, my focus has been on solutions for safe online banking technologies.

ArrayShield Card has made a beginning in the new direction for 2FA (2 Factor Authentication).

The ArrayShield Card does not rely on Mobiles or RSA tokens, but on a proprietary ArrayShield translucent Card.

The Process in brief is as under :

1. Users choose a memorable pattern (sequence of cells on the array) as their secret and register the same.
2. The User on logging into a ArrayShield enabled protected site, have to overlap the Arraycard, which will display the specific values.
3. The specific values are an OTP (One-time password) which have to be entered on the login page.
4. Every time they log on, they are presented with a challenge Array of random characters, which will be displayed on their computer screen.

ArrayShield Card has been launched very recently and as the usage spreads by word of mouth, more and more websites would be interested in it.

As more and more products are introduced for Safe eBanking, the number of converts from physical banking to eBanking will increase, benefiting the Banks as well as the bank's customers.

Indian Domestic Money Transfer- Norms Relaxation by Reserve Bank of India Will UIDAI/Aadhar number, bridge the gap?

There has been a growing demand to allow non-bank entities to be part of the Domestic Money Transfer mechanism.

The most quoted alternate is MPesa pioneered in Kenya.

The focus of RBI, is on KYC/AML norms. Any domestic money transfer mechanism, should be KYC/AML compliant.  This might seem to be a bit harsh, and the proponents of alternate money transfer mechanisms, see this as the stumbling block in financial inclusion.

However, in the long run, compliance to KYC/AML norms will safeguard the Banks, customers and other participants.

There have numerous representatives to RBI, to open up the formal banking channel to facilitate fund transfers of small value, subject to monthly ceilings and monitoring, to give impetus to the process of financial inclusion.

In this regard, RBI today issued notifications on Domestic Money Transfer - Relaxations vide notification no RBI/2011-12/213 DPSS.PD.CO.No. 62/02.27.019/2011-2012 dt,October 5, 2011.

The notification can be viewed @

http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=6750&Mode=0

The relaxations will not give  impetus to the money transfer facilities in the country, but also ensure that the financial transfers happen  in a safe, secure and efficient manner across the length and breadth of the country.

Broadly, the relaxations fall under the following three categories:

01) Liberalising the cash pay-out arrangements for amounts being transferred out of bank accounts to beneficiaries not having a bank account and enhancing the transaction cap from the existing limit of Rs. 5,000 to Rs. 10,000 subject to an overall monthly cap of Rs. 25,000 per beneficiary.

02) Enabling walk in customers not having bank account (for instance migrant workers) to transfer funds to bank accounts ( of say family members or others) subject to a transaction limit of Rs. 5,000 and a monthly cap of Rs. 25,000 per remitter.

03) Enabling transfer of funds among domestic debit/credit/pre-paid cards subject to the same transaction/monthly cap as at (b) above.

The operational instructions are in a separate Annex.  

Banks/ non-banks may adhere to the following while enabling the domestic fund transfers enumerated above.

a) A robust risk and fraud management system in place which will include reporting of suspicious transactions to the appropriate authorities.

b) Such fund transfers are expected to be effected on a real/near real time basis.

c) The total outstanding amount on a prepaid payment instrument shall not at any point of time exceed the limits prescribed in the extant guidelines on the RBI on the policy guidelines for issuance and operation of prepaid payment instruments.

d) Inter-bank settlement of funds shall be effected using RBI approved payment systems only.

e) On charges, the same should be reasonable, i.e a balance between the cost of the scheme and the charge paying capacity of the target audience.

f) Banks/non-banks may put in place appropriate systems for redressal of customer grievances.

g) The customer grievances under the Domestic Money Transfer Scheme will also be part of the Reserve Bank of India’s Banking Ombudsman Scheme.

The key aspect of the relaxations is the  monthly cap restriction.

The participants under the Domestic Money Transfer Scheme, have to devise ways to ensure that the transactions do not breach the monthly cap norm.

Cash-Out - Monthly cap - Rs25,000/- per beneficiary.

Cash-In - Monthly cap - Rs25,000/- per remitter.  

In my view, the Rs25,000/- cap per beneficiary or per remitter monitoring has to be done  not   Payment System Provider wise, but the complete industry wise.

Eg: Cash- Out Monthly  cap - Rs25,000/- per beneficiary.

Can  Beneficiary A receive money from 10 remitter’s in excess of Rs25,000/- in a month. If the limit is breached, what will be the monitoring mechanism?

The key question, is what will be unique identifier to ensure that the cap on the remitter is not breached.

Here, the UIDAI/Aadhar number can fill in the gap.

The process flow :

a) The transaction is originated with the UIDAI/Aadhar number

b) The UIDAI/Aadhar number is verified at the  UIDAI server and the transaction tagged to the UIDAI/Aadhar number.

c) Subsequent transactions are tagged to the respective UIDAI/Aadhar number, and in case the monetary limit is breached, the transaction can be  denied.

Benefits:

01) UIDAI/Aadhar number is expected to be issued to majority of our countrymen and is also expected to be the game changer for financial inclusion.

02) The start can be made now. Yes, initial investments will be required at all levels. This will be one-time investments and the infrastructure can be utilised for other purposes.

03) Tagging of financial transactions to UIDAI/Aadhar number, will reduce the investments in risk management of individual Payment System Providers. Each Payment System Provider, need not develop individual tools, but utilise the UIDAI/Aadhar number tool.

04) Risk Management can be automated, and manual intervention will be required only for exceptional cases.