Mobile Payment in India - Operative Guidelines for Banks
1. Introduction
1.1 With the rapid growth in the number of mobile phone subscribers in India (about
261 million as at the end of March 2008 and growing at about 8 million a month), banks have been exploring the feasibility of using mobile phones as an alternative channel of delivery of banking services. A few banks have started offering information based services like balance enquiry, stop payment instruction of cheques, record of last five transactions, location of nearest ATM/branch etc. Acceptance of transfer of funds instruction for credit to beneficiaries of same/or another bank in favor of pre-registered beneficiaries have also commenced in a few banks. Considering that the technology is relatively new and due care needs to be taken on security of financial transactions, there has been an urgent need for a set of operating guidelines that can be adopted by banks.
1.2 For the purpose of these Guidelines, "mobile payments" is defined as information exchange between a bank and its customers for financial transactions through the use of mobile phones. Mobile payment involves debit/credit to a customer''s account''s on the basis of funds transfer instruction received over the mobile phones.
1.3 Providing the framework for enabling mobile payments services to banking customers would generally involve the collaboration of banks, mobile payments service providers and mobile network operators (MNOs). The service can also be provided as a proximity payment system, where the transactions are independent of the MNOs. In mobile payment systems, the banks provide the basic service framework, ensure compliance to KYC/AML norms, creates a risk management and mitigation framework, and ensures settlement of funds. The mobile payments service providers are intermediaries for providing the technology framework for the implementation of the mobile payments services. The mobile network operators provide the telecom infrastructure and connectivity to the customers. Their role is limited to providing the SMS/WAP/GPRS/USSD/NFC GSM or CDMA voice and data services connectivity and in hosting the certain technology solutions like USSD. In a Non-MNO based systems, proximity or contactless channels like IRDA, RFID, Optical, NFC, etc. are used for communication between POS and the mobile phone of the customer.
1.4 As a first step towards building a mobile payment framework in India, these guidelines are meant only for banking customers -- within the same bank and across the banks. It would be the responsibility of the banks offering mobile payment service to ensure compliance to these guidelines.
1.5 A brief description of the regulatory framework for mobile payments in a few countries is given at Annex -- I.
2. Regulatory & Supervisory Issues
2.1 Only such banks which are licensed and supervised in India and have a physical presence in India will be permitted to offer mobile payment services to residents of India.
2.2 The services should be restricted to only to bank accounts/ credit card accounts in India which are KYC/AML compliant.
2.3 Only Indian Rupee based services should be provided.
2.4 Banks may use the services of Business Correspondents for extending this facility, to their customers. The guidelines with regard to use of business correspondent would be as per the RBI circular on Business correspondents issued from time to time.
2.5 The guidelines issued by RBI on ''Risks and Controls in Computers and
Telecommunications'' vide circular DBS.CO.ITC.BC. 10/ 31.09.001/ 97-98 dated
4th February 1998 will equally apply to Mobile payments, since Mobile devices used for this purpose have embedded computing and communication capabilities.
2.6 The RBI guidelines on "Know Your Customer (KYC)" and "Anti Money Laundering (AML)" as prescribed by RBI from time to time would be would be applicable to customers opting for mobile based banking service.
3. Registration of customers for mobile service
3.1 Banks should offer mobile based banking service only to their own customers.
3.2 Banks should have a system of registration before commencing mobile based payment service to a customer.
3.3 There can be two levels of mobile based banking service - the first or basic level in the nature of information like balance enquiry, SMS alert for credit or debit, status of last five transactions, and many other information providing services and the second or standard level in the nature of financial transactions such as payments, transfers and stop payments. The risk associated with the basic level of information services is much less compared to the standard level of actual payment services. Prior registration of the customers would be necessary irrespective of the type of service requested. For the standard level service one time registration should be done through a signed document.
4 Technology and Security Standards
4.1 The technology used for mobile payments must be secure and should ensure confidentiality, integrity, authenticity and non-repudiability. An illustrative, but not exhaustive framework is given at Annex-II.
4.2 The Information Security Policy of the banks may be suitably updated and enforced to take care of the security controls required specially for mobile phone based delivery channel.
5. Inter-operability
5.1 When a bank offers mobile payments service, it may be ensured that customers having mobile phones of any network operator should be in a position to request for service. Restriction, if any, to the customers of particular mobile operator(s) may be only during the pilot phase.
5.2 To ensure inter-operability between banks and between their mobile payments service providers, it is recommended that banks may adopt the message formats being developed by Mobile Payments Forum of India (MPFI). Message formats such as ISO 8583, which is already being used by banks for switching of ATM transactions, may be suitably adapted for communication between switches where the source and destination are credit card/ debit cards/pre-paid cards.
5.3 The long term goal of mobile payment framework in India would be to enable funds transfer from account in one bank to any other account in the same or any other bank on a real time basis irrespective of mobile network a customer has subscribed to. This would require inter-operability between mobile payments service providers and banks and development of a host of message formats. Banks may keep this objective while developing solution or entering into arrangements with mobile payments solution providers.
6. Clearing and Settlement for inter-bank funds transfer transactions
6.1 For inter-bank funds transfer transactions, banks can either have bilateral or multilateral arrangements.
6.2 To meet the long term objective of a nation-wide mobile payment framework in India as indicated at para 5.3 above, a robust clearing and settlement infrastructure operating on a 24x7 basis would be necessary. Pending creation of such an infrastructure on a national basis, banks may enter in to multilateral arrangement and create Mobile Switches / Inter-bank Payment Gateways with expressed permission from RBI.
7. Customer Complaints and Grievance Redressal Mechanism
7.1 The customer /consumer protection issues assume a special significance in view of the fact that the delivery of banking services through mobile phones is relatively new. Some of the key issues in this regard and the legal aspects pertaining to them are given at Annex-III.
8. Need for Board level approval
8.1 Banks should get the Mobile payments scheme approved by their respective boards / Local board (for foreign banks) before offering it to their customers. The Board approval must document the extent of Operational and Fraud risk assumed by the bank and the bank''s processes and policies designed to mitigate such risk.
8.2 banks who have already started offering mobile payment service may review the position and comply to these guidelines within a period of three months from issuance of these guidelines.
| List of Abbreviations< xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> |
|
| AML | Anti Money Laundering |
| CDMA | Code Division Multiple Access GPRS General Packet Radio Service GSM Global System for < xml:namespace prefix = st1 /> |
| IDS | Intruder Detection System |
| IRDA | Infrared Data Association |
| ISO | International Standards |
To continue reading
Request your trial