Can anyone comment on the challenges in mobile banking in the rural India? SMS is a very good medium as suggested above, but is there any data available as to what is the educational background of the people using mobile banking, their levels of technology acceptance etc.
If anyone can help me on these issue, please comment.
Thanks a lot,
Regards,
Anand

Looking at it from the Indian context, I think the RBI has done absolutely the right thing – the mobile phone provides banks with an opportunity to bring customers into the banking fold with a lower cost to serve, and RBI is keen to ensure that the banks to get the most of this opportunity. They have chosen not to look at short-term gains and do things in a structured manner with long-term benefits in mind.

The long-term objective here is to bring people into the banking fraternity – plain and simple. Telcos play a key role in this – but the responsibility and ownership and guarantee of funds lies absolutely with the bank.

The fact that one model has been successful in Kenya or Philippines is encouraging, but the sheer scale at which India would need to operate means we have to think differently – the long-term effect of allowing non-banks to take consumer deposits are unknown.

The only scalable model is to keep the customer ownership of the float and the responsibility of guarantee of funds with the banks – this also ensures the long-term benefit of upgrading a user to a full bank account.

As far as technology platforms go – as Shumit points out – SMS can definitely be encrypted with 128-bit strength algorithms like 3DES, with a Java phone or SIM card application (the latter on the lowest-end handsets)

As far as reaching out to the masses, already we have Airtel shipping the mChek secure application to several Million SIM cards every month – this is a significant step forward in the industry. Similar initiatives with others will ensure that, over a 24-36 month period, most households will have mobile phones with banking-grade secure applications, and mobile banking can be enabled Over-The-Air.

The banking fraternity would gladly take this equation – and the roles of the banks, Telcos and intermediaries will continue to remain the same.

RBI, in my mind, has intelligently combined the right balance of conservativeness and innovation in a manner that takes into account the scale in India – while leaving the door open for tweaking the guidelines over time, as initial results validate the theories.

Sanjay

A few more thoughts

Regulation 1: The RBI guidelines, by implication, say that only banks can offer mobile transaction services. The guidelines say this service can be offered only to customers of banks and/or holders of debit/credit cards. Document-based registration is called for, with the mandatory physical presence of the customer, before mobile services are offered. The banks are responsible for ensuring Know Your Customer norms, and must have core banking systems in place.

Several MFIs today act as a business correspondent (BC) (agents who work on behalf of banks) for commercial banks to reach areas where opening a bank branch is not viable. Usually at the business correspondent’s office, a bank representative is present who oversees the enrolment of clients and ensures that the KYC requirements are complied with. The bank through a BC can enroll clients, the clients can be served by the bank using mobile banking thus fulfilling the objective and the spirit of financial inclusion

Regulation 2: The RBI’s guidelines call for a two-factor authentication for validation of a customer. The industry has reacted to this by interpreting that two-factor authentication can be supported only by GPRS and not through SMS. Media has also criticized RBI by saying that the new mobile banking regulations such as the two factor authentication do not facilitate financial inclusion since basic mobile phones owned by majority of people in rural India do not support GPRS.

Secure transactions can happen even via SMS. SMS’es are of two types – Normal and Encrypted SMS. Normal SMS is what we use for day-to-day communication and is not secure. The SMS is not encrypted when it passes through the pipe it can be accessed. On the other hand, an encrypted SMS is converted into non-readable text using a RSA / AES (security) algorithm. The text that can be encrypted are numbers from 1-9, capital letters from A-Z and small letters from a-z. Special characters cannot be encrypted. When the bank client sends a sms from his phone to the server, a sms along with an encrypted key is sent to the server. If the encryption algorithm is strong enough, it is not possible to read the SMS. The server then decrypts (opens) the encrypted key using a RSA encryption algorithm. This technology is perfectly secure and GPRS is not mandatory. Not many phone users in India subscribe to GPRS and even fewer have phones that can support GPRS. Around 60 percent of the 306 million handsets or mobile connections in India are without GPRS and WAP. Due to lack of GPRS connectivity, Smart Trust applications, securea SMS based applications will be the prominent atleast in the initial years of mobile banking.

Thanks,
Shumit Vatsal

A few more thoughts

Regulation 1: The RBI guidelines, by implication, say that only banks can offer mobile transaction services. The guidelines say this service can be offered only to customers of banks and/or holders of debit/credit cards. Document-based registration is called for, with the mandatory physical presence of the customer, before mobile services are offered. The banks are responsible for ensuring Know Your Customer norms, and must have core banking systems in place.

Several MFIs today act as a business correspondent (BC) (agents who work on behalf of banks) for commercial banks to reach areas where opening a bank branch is not viable. Usually at the business correspondent’s office, a bank representative is present who oversees the enrolment of clients and ensures that the KYC requirements are complied with. The bank through a BC can enroll clients, the clients can be served by the bank using mobile banking thus fulfilling the objective and the spirit of financial inclusion

Regulation 2: The RBI’s guidelines call for a two-factor authentication for validation of a customer. The industry has reacted to this by interpreting that two-factor authentication can be supported only by GPRS and not through SMS. Media has also criticized RBI by saying that the new mobile banking regulations such as the two factor authentication do not facilitate financial inclusion since basic mobile phones owned by majority of people in rural India do not support GPRS.

Secure transactions can happen even via SMS. SMS’es are of two types – Normal and Encrypted SMS. Normal SMS is what we use for day-to-day communication and is not secure. The SMS is not encrypted when it passes through the pipe it can be accessed. On the other hand, an encrypted SMS is converted into non-readable text using a RSA / AES (security) algorithm. The text that can be encrypted are numbers from 1-9, capital letters from A-Z and small letters from a-z. Special characters cannot be encrypted. When the bank client sends a sms from his phone to the server, a sms along with an encrypted key is sent to the server. If the encryption algorithm is strong enough, it is not possible to read the SMS. The server then decrypts (opens) the encrypted key using a RSA encryption algorithm. This technology is perfectly secure and GPRS is not mandatory. Not many phone users in India subscribe to GPRS and even fewer have phones that can support GPRS. Around 60 percent of the 306 million handsets or mobile connections in India are without GPRS and WAP. Due to lack of GPRS connectivity, Smart Trust applications, securea SMS based applications will be the prominent atleast in the initial years of mobile banking.

Great post!!!

My thought is that the restrictions on the Rs.5000 per customer for fund transfer and Rs.10,000 for mobile purchases is allright in the context of an area like Tanjore (rural India). When people make purchases for say Rs.10,000. I feel that this restriction will not affect people in rural areas and people who are at the bottom or the pyramid.

SMS is a preferred mode of communication is most of the country. GPRS still does not function very well and ruling out SMS (although not explictly said yet) could totally hamper the user experience.

Thanks,
Shumit

Large scale financial inclusion is about balancing ‘risk perception’ with ‘increasing degrees of freedom’ for all the players involved. RBI has made a good first move, it must be viewed as just a cautious start. But this is a welcome move that lays the ground-rules for companies like Eko (www.eko.co.in), where I work, to roll out their initiatives.