adsense

Wednesday, October 5, 2011

Indian Domestic Money Transfer- Norms Relaxation by Reserve Bank of India Will UIDAI/Aadhar number, bridge the gap?





There has been a growing demand to allow non-bank entities to be part of the Domestic Money Transfer mechanism.
The most quoted alternate is MPesa pioneered in Kenya.

The focus of RBI, is on KYC/AML norms. Any domestic money transfer mechanism, should be KYC/AML compliant.  This might seem to be a bit harsh, and the proponents of alternate money transfer mechanisms, see this as the stumbling block in financial inclusion.

However, in the long run, compliance to KYC/AML norms will safeguard the Banks, customers and other participants.

There have numerous representatives to RBI, to open up the formal banking channel to facilitate fund transfers of small value, subject to monthly ceilings and monitoring, to give impetus to the process of financial inclusion.

In this regard, RBI today issued notifications on Domestic Money Transfer - Relaxations vide notification no RBI/2011-12/213 DPSS.PD.CO.No. 62/02.27.019/2011-2012 dt,October 5, 2011.

The notification can be viewed @


The relaxations will not give  impetus to the money transfer facilities in the country, but also ensure that the financial transfers happen  in a safe, secure and efficient manner across the length and breadth of the country.

Broadly, the relaxations fall under the following three categories:


01) Liberalising the cash pay-out arrangements for amounts being transferred out of bank accounts to beneficiaries not having a bank account and enhancing the transaction cap from the existing limit of Rs. 5,000 to Rs. 10,000 subject to an overall monthly cap of Rs. 25,000 per beneficiary.

02) Enabling walk in customers not having bank account (for instance migrant workers) to transfer funds to bank accounts ( of say family members or others) subject to a transaction limit of Rs. 5,000 and a monthly cap of Rs. 25,000 per remitter.

03) Enabling transfer of funds among domestic debit/credit/pre-paid cards subject to the same transaction/monthly cap as at (b) above.

The operational instructions are in a separate Annex.  



Banks/ non-banks may adhere to the following while enabling the domestic fund transfers enumerated above.

a) A robust risk and fraud management system in place which will include reporting of suspicious transactions to the appropriate authorities.

b) Such fund transfers are expected to be effected on a real/near real time basis.

c) The total outstanding amount on a prepaid payment instrument shall not at any point of time exceed the limits prescribed in the extant guidelines on the RBI on the policy guidelines for issuance and operation of prepaid payment instruments.

d) Inter-bank settlement of funds shall be effected using RBI approved payment systems only.

e) On charges, the same should be reasonable, i.e a balance between the cost of the scheme and the charge paying capacity of the target audience.

f) Banks/non-banks may put in place appropriate systems for redressal of customer grievances.

g) The customer grievances under the Domestic Money Transfer Scheme will also be part of the Reserve Bank of India’s Banking Ombudsman Scheme.

The key aspect of the relaxations is the  monthly cap restriction.


The participants under the Domestic Money Transfer Scheme, have to devise ways to ensure that the transactions do not breach the monthly cap norm.

Cash-Out - Monthly cap - Rs25,000/- per beneficiary.

Cash-In - Monthly cap - Rs25,000/- per remitter.  

In my view, the Rs25,000/- cap per beneficiary or per remitter monitoring has to be done  not   Payment System Provider wise, but the complete industry wise.

Eg: Cash- Out Monthly  cap - Rs25,000/- per beneficiary.
Can  Beneficiary A receive money from 10 remitter’s in excess of Rs25,000/- in a month. If the limit is breached, what will be the monitoring mechanism?

The key question, is what will be unique identifier to ensure that the cap on the remitter is not breached.

Here, the UIDAI/Aadhar number can fill in the gap.

The process flow :
a) The transaction is originated with the UIDAI/Aadhar number
b) The UIDAI/Aadhar number is verified at the  UIDAI server and the transaction tagged to the UIDAI/Aadhar number.
c) Subsequent transactions are tagged to the respective UIDAI/Aadhar number, and in case the monetary limit is breached, the transaction can be  denied.

Benefits:
01) UIDAI/Aadhar number is expected to be issued to majority of our countrymen and is also expected to be the game changer for financial inclusion.

02) The start can be made now. Yes, initial investments will be required at all levels. This will be one-time investments and the infrastructure can be utilised for other purposes.

03) Tagging of financial transactions to UIDAI/Aadhar number, will reduce the investments in risk management of individual Payment System Providers. Each Payment System Provider, need not develop individual tools, but utilise the UIDAI/Aadhar number tool.

04) Risk Management can be automated, and manual intervention will be required only for exceptional cases.

Saturday, September 24, 2011

Security Issues and Risk mitigation measures related to Card Present (CP) transactions – Indian



In continuation of report of WORKING GROUP ON SECURING CARD PRESENT TRANSACTIONS, submitted to RBI on 31/05/2011, RBI, DPSS has started to roll out security measures for ‘Card Present Transactions’.

RBI, DPSS has issued a notification on 22/09/2011, and laid down 3 tasks , for adoption by the various players, in the Cards Industry.

The Press Release can be accessed @ RBI 22 Sept

Broadly the points are :
  1. Introduce additional security features for CP (Card Present) transactions. It has been observed, that the reported frauds for CP (Card Present) transactions too are on the rise. This is especially for Credit Cards, which are not yet protected by PIN (Personal Identification Number)
  2. One of the options, before RBI  was to adopt e  Aadhaar-based biometric authentication as a second factor of authentication for card present transactions. This option would be reviewed towards the end of December, 2012, to assess the need for a complete switch over to EMV Chip and PIN Technology for card based transactions.
  3. (Unique Key per terminal- UKPT or Derived Unique Key per transaction- DUKPT/ Terminal line encryption- TLE) to be live by September 30, 2013. UKPT is a data encryption tool, adapted world-wide in the Cards industry.
                                                              i.      UKPT is a method of generating new keys for use in the DES algorithm from an initial key called a generating or derivation key. This method uses a unique key for every encryption operation and is identified for the decryptor by a serial number combined with an encryption cycle counter, enabling the decryptor to calculate the current key.
  1. Enablement of all POS terminals to accept debit card transactions with PIN by June 30, 2013
  2. Issuers to be  ready from technical perspective to issue EMV Cards by June 30,2013
  3. For international transactions, EMV Chip Card and PIN to be issued to customers who have evidenced at least one purchase using their debit/credit card in a foreign location.

EMV stands for Europay, MasterCard and VISA card standard. It is a global standard based on joint effort by Europay, Mastercard and Visa. Hence, the name EMV.

Europay has been absorbed by Mastercard, in 2002.

EMV cards can be contact based or contactless based.

The main advantages of EMV Contact or EMV Contactless Cards are :

01)  EMV Cards are more secure, than normal cards that rely on data encoded in a magnetic stripe on the back of the card.

02)  The EMV card features a micro-processing chip that stores cardholder data securely, helping reduce the number of fraudulent transactions resulting from counterfeit, lost and stolen cards

03)  A transaction-unique digital seal or signature in the chip proves its authenticity in an offline environment and prevents criminals from using fraudulent payment cards. It is almost impossible to replicate an EMV based card.

04)  Can be used to secure online payment transactions and protect cardholders, merchants and issuers against fraud through a transaction-unique online cryptogram. This is an important security feature, as the numbers of online transactions are increasing day by day

05)  Stores considerably more information than magnetic stripe cards

  The latest trend in EMV cards are dual based i.e the same card can be utilized for ‘Contact’ as well as ‘Contactless’ transactions.

Wednesday, September 21, 2011

Dishonor of electronic funds transfer for insufficiency of funds in the bank account – clarification





Today Reserve Bank of India, DPSS has issued a clarification on Dishonour of electronic funds transfer for insufficiency of funds in the bank account.
The Press Release can be accessed @ RBI Press Release

The clarification was necessary, as the general market opinion was that on ‘Dishonour of electronic funds transfer for insufficiency of funds in the bank account’, equal protection as under penalties stipulated for dishonor of cheques under the Negotiable Instruments Act, 1881, were not available

Through this clarification, RBI has informed that electronic funds transfer are on par with the penalties stipulated for dishonor of cheques under the Negotiable Instruments Act, 1881.

This clarification should now encourage migration of Loan Payments from the paper-mode to electronic mode.  

It is to be noted, in case of electronic funds transfer i.e Electronic Clearing Services-Debit, the Sponsor Bank can generate the requisite reports in case the ECS transaction is ‘returned.’

As everything moves electronically, the data can be exchanged quickly amongst the various participants in the process.

For an interesting article on the dishonor of cheques under the Negotiable Instruments Act, 1881, please refer here  NI ACT - Dishonor of Cheques

LinkWithin

Related Posts with Thumbnails

Disclaimer

The thoughts in this BLOG are personal, and reflect only my view on the subject.
This are not the views of my Employers.
All images, logos rights rest with the Original TitleHolders

All efforts have been made to make this information as accurate as possible, N Prashant will not be responsible for any loss to any person caused by inaccuracy in the information available on this Website. Relevent Official Gazettes Communications may be consulted for an accurate information. Any discrepancy found may be brought to the notice of N Prashant