BS Banking Annual 2016: 'Banks should collaborate to prevent fraud'

Edited excerpts from a discussion at the Business Standard Banking Technology Round Table 2016 held in October. 

The financial technology sector will be 1.7x by 2020, said a Nasscom report. But, retail payments are still primarily cash. So, how much of it is reality?

Ramaswamy Venkatachalam: There is a leap in ATM (automated teller machine) transactions in rural areas. The rural market is going to take off, be it ATMs or e-commerce. But, acceptance is a challenge, since cash makes it easier. We have to see if the unified payment interface (UPI) and newer mechanisms take off. Mobile first will drive it in the future, and rural India will be a big driver of that.

Rajesh Mirjankar: The digital products launched in the past decade of digitisation will see a demand push. We have seen it in the number of transactions that have happened since launch. Is it comparable to cash transactions? Not yet, but the percentage of digital transactions is increasing.

Shinjini Kumar:  Digital makes it possible to do really small transactions. There’s a mindshift from doing transactions of Rs 2 lakh and above through RTGS and NEFT to cash. Now, all of a sudden, all the attention, technology development and interface are focused on replacing that. Mobile is the major contributor. The policy push to bring people into formal economy will make this happen.  

Madhivanan Balakrishnan: The numbers by Nasscom are an indication of the future, especially in automatic mechanisms. For us, 80 per cent of automation is non-cash related within the branch. In the rural segment, if the cost of transactions comes down, it would be a big story. Mobile becoming the centre of attention suddenly changes this paradigm. Our ability to make transactions as low as Rs 50 on mobile is big. Hindrances such as consumer awareness, ease of using technology for consumer, regulation and cyber security fears are what we as an industry need to take care of.

Nitin Chugh: It is going to grow manifold from now. The prerequisite is the availability of public infrastructure in terms of bandwidth, connectivity and the penetration and performance of smartphones. Some of these challenges will continue. Time and effort will go towards educating the consumer, and network effect will have a role to play. Besides, merchant infrastructure and merchant acceptance will determine how effective it will be.  

Are banks equipped to handle cyber security related threats? Critics have said the response time in the recent data breach could have been better. Do you agree?

Balakrishnan: I do not tend to agree on the response time bit. If 3.2 million customers were exposed, the fact that only 2,000-odd customers got impacted demonstrates banks’ ability to respond quickly. Is there a way to make it better in terms of interoperable issues? The answer is yes. 

Chugh: Every time something like this happens and is reported in the media, there is an issue of customer confidence, but banks must provide reassurance by not only displaying that they have a mechanism to protect their customers but also by their response. The customer perception of the incident, be it fear or doubt, can be mitigated only by the degree of response and the time taken to respond. 

Venkatachalam: About 12-15 months back, we had reports in the press on phishing attacks where customers were unaware of not revealing information and allowed access to internet banking systems etc. This is a global phenomenon. In India, digitisation is increasing the possibilities of such frauds. 

Could the banks have handled it better?

Chugh: While banks have been reassuring their own customers, they also need to assure customers that the entire network is safe. That degree of comfort would have been more reassuring than the one we have seen in this case. This is because the customer will perceive it as a network threat.

Venkatachalam: The reality is that these will happen. The question is how quickly do we detect them and how quickly do we share information. Banks are worried about one aspect: reputation. Therefore, unless, we are sure that our stables are secure, there is a reluctance to provide information. This is a wake-up call to see if this mechanism can evolve, maybe the regulator can play a greater role in facilitating it. In the pursuit of transactions and to reduce the cost of transactions there are compromises being made. So even the regulator needs to take a look at it. There is a chasm set by a few and the rest, and the weakest link can be the chink in the armour. 

Balakrishnan: Just like the credit bureaus, there should be a cyber risk mechanism as well. There is no competitive interest here, so the ecosystem as a whole needs to grow up and collaborate. We should have a better interoperable system of security in the banking industry to stay one step ahead of the fraudsters. We need a cyber security defence alliance like some other nations.

What about Reserve Bank of India’s cyber security policy? 

Venkatachalam: It is a policy, but is there a framework where one can say this is how you respond? You have mechanisms like the Computer Emergency Response Team, which tell you about emergency response, but in the digital era we have probably not paid as much attention. The reality is, in the pursuit of jugaad and in pursuit of lowest cost per transaction, there are compromises being made. We have to figure out if the regulator also looks into some of these elements and says that there should be some basic standards, you cannot go below these standards; and if there is a cost to serve that, so be it. 

Mirjankar: It is important that there is discipline around vetting the vendors who take up the contracts for implementing digital strategies for banks. Our experience is that all banks take security quite seriously. Importantly, the regulator has put in the right policies and if you look at the payment aggregator National Payments Corporation of India, the standards to put in digital solutions are there. 

Chugh: There can’t be any jugaad in financial services because finally it is the customers’ money and most banks when taking a call between convenience and security will go for security. That level of digital maturity is not there on the customers’ side, and will have to be built over time. If the bank is reassuring them and also makes an effort to explain to customers that we have taken steps in their interest, then it helps. It’s important to keep that balance in place as much as it is important to have the right infrastructure to prevent, detect and respond.

Balakrishnan: This is an area where there isn’t much competitive interest so collaboration and credit bureaus and will help. Our ability to bring technology, data etc to respond in a common forum is important and it is the right time. Innovation and security go hand in hand and you can’t eliminate one for the other if you want to go for a less-cash society.

Is there a need for the regulator to understand that payments banks and small finance banks have to be treated differently?

Kumar: Yes, it is very logical. The genesis of the payments bank was the idea that banks were not able to scale up at the level that the economy requires for small value transactions because of inherent business models and cost effectiveness reasons. So it was the informal players that were fulfilling the gap. We have to bear in mind that it is not just about small transactions but also about savings. Thus, the structure that was formed is inherently different from the conventional banking risk structure. For payments banks a lot of the risk stands reduced because of the limit on deposits and lending restrictions. Having created that structure, it is important that they are treated differently. You can’t have the cost structure of a bank and not a similar revenue model.

From digital wallets last year, the conversation has now moved to artificial intelligence (AI) and robots. Where do you see it going from here?

Chugh: In the last couple of years, a lot of data have been generated. When you want to use all this data effectively then it is going to be impossible for human beings to do it without help from AI so that digital can be taken to the next level.

Balakrishnan: A lot of information is available of multiple nature about how a person  behaves in the social world etc. Technology can help sift and sort that data and this combination of data and technology is throwing up a lot more opportunity. It is helping us to make operations efficient. Person to person payments and how we are able to incorporate more micro events such as mobile recharge into the digital world will be the next big stories in payments.