Bank on IT to keep your money safe

IT has extended the business of banking to every conceivable channel be it

Internet, ATMs, mobiles and now even trains! Soon you would be spared the pain

of safekeeping multiple PINs and passwords through Biometrics. All this comes

with its own set of challenges. Read on to find out about those challenges, and

how banks are finding innovative ways to resolve them

Given the frenetic pace of life, we're all hard-pressed for time and energy

to take care of our critical tasks. And most of these inevitably require

transacting money in one form or the other. A growing economy and the associated

perils of inflation together ensure that banking and financial transactions

increase in volumes with each passing day. Just do a quick rehash of where you

depend on banks to fulfill daily needs and you'll know. Cash withdrawals or

deposits, utility bills (electricity, mobiles, landlines), corporation taxes,

income-tax, advance tax, transfer of funds across accounts, fixed deposits,

share trading and so on. How do you take time off your busy professional

schedule to visit the bank and carry these out? Thankfully, it's the other way

round. The trend among banks and financial services companies has been to

leverage IT to go to their customers instead of the other way around. That's why

one can see banks introducing so many channels for reaching out to their

customers, like phone banking, SMS banking, online banking, ATMs, credit cards,

debit cards and so on.

This sounds really impressive because banks have to use IT extensively to

make it happen. But, it comes with its own set of challenges, which the CIOs of

banks have to cope up with. One key concern is ensuring security of all these

channels. More channels means more number of ports opening up. Plus, the

security of transactions through these channels also has to be ensured. The

other key challenge is integration of various applications and their data. Every

bank today is trying to offer a host of services to customers. So apart from

bank accounts, a bank today also offers loans, investment options, credit cards,

etc. There are high chances that some of the customers are common across these

applications. However, since these applications have grown separately,

integrating them together to offer cross sell opportunities is a major

challenge. It's a real challenge in front of banks to utilize information

generated through one application for servicing the same customer for another

application. Simply count the number of times you get calls from the same bank,

each time trying to sell some product/service or the other but completely

oblivious of the fact that you might already be their existing customer and

therefore would expect the caller to have done his homework properly and not

bother you for basic information such as address, email, age, etc.

Sadly, this is seldom the case and more often than not you have to bear

unwarranted calls from one bank or the other. So, clearly banks have a challenge

here. To integrate data across different banking applications so that agents

manning various bank channels know before hand whether a customer they're

calling is already a customer or not.

Another challenge before banks is to tap the vast market of rural customers.

In fact, this is one area that remains neglected because of inadequate civic and

telecom infrastructure. May be it is time for banks to go beyond traditional

solutions and look at some of innovative ones. One such alternative is the use

biometric technologies in offering banking services to far-flung areas. In this

story we explore the solutions to all these challenges and see what Indian banks

have already done to alleviate those.

Where IT comes to the rescue



For a start, banks need to have centralized infrastructure not only for

their branches but also for the different channels. This would ensure common

access to customer information for users across different channels. The same

pool of information could be used to solicit new products and services to old

and new customers alike and at the same time provide an efficient management

information system (MIS) to the sales teams to generate leads from.

One strong solution to such integration challenges can be SOA or Services

Oriented Architecture. It could help banks ensure that their various

applications are able to connect with each other without writing any proprietary

code, or tampering with the individual databases. There's tremendous scope for

banks to utilize SOA for this job. In fact, it could even be used to integrate

their banking applications with the various communication channels.

On the security front, there are several solutions being worked out by banks.

One of course would be to deploy a complete information security solution that

is able to secure all applications and channels of entry. As an example of how

security across various channels can be enhanced, let's take a quick peek at how

SMS banking can be used to make and receive payments from third parties such as

merchant establishments.

A buyer sends a message for buying and the bank in turn sends a message

confirming the purchase to both the merchant as well as the buyer. Debit card

number is the key field which is used for the authenticity of the customer.

Security for transactions taking place through this channel is ensured in two

stages. First your mobile number is authenticated by the bank through the use of

authentication keys. Next, a customer enters a secret Mobile Personal

Identification Number (MPIN). This needs to be again authenticated by the bank.

As an enhanced security measure, access is denied after three invalid login

attempts.

A case for biometric authentication



The banking sector has been very lousy in adopting biometrics for the mass

consumer, as people used to perceive sharing details of their anatomies as

analogous to criminal investigation. But with a lot of thought being given to

innovation throughout the BFS, the technology is finding many takers now.

However, in rural areas, with literacy rates still below acceptable levels,

people have been pragmatic toward this technology. We believe anything that

makes for a simpler interface and saves you from the hassles of maintaining

mu`ltiple passwords or PINs is a welcome step. It is after all an automated

technique for establishing identity through unique physiological or behavioral

characteristics.

Finger scanning is still the most popular application of biometrics in

automated teller machines. By plugging a portable scanning device into the back

of the ATM, any ATM machine can be enhanced to offer this functionality. This

machine in turn connects to the bank's server, which authenticates the visitor

by comparing with stored records. It's an unequivocal way of establishing the

identity of the person and one that can't be breached by intruders. And not just

ATMs, biometrics can also be used to restrict access to sensitive areas in banks

such as locker rooms and data centers.

What makes a biometric trait stand apart is that it is as unique as the

individual from whom it was created. So unlike a password or PIN, a biometric

trait cannot be lost, stolen, or recreated. This makes the use of biometrics a

sure enough remedy to prevent identity theft, a problem that is mushrooming

alongside databases of personal information. In fact, some of the channels for

monetary transactions such as credit cards are a very good candidate for

application of biometrics on the consumer side. More so, as they get smarter and

develop capabilities to store more and more personal details on an RFID chip.

Apart from the account information and other personal details, information

pertaining to the biometric traits of an individual can also be bolted inside.

Technology experts aver that a digital fingerprint will eventually prove cheaper

to incorporate for banks than any of the keyboard-based encrypted solutions as

the biggest issue with PIN based access remains its vulnerability to hackers

after it has been keyed in by the user and before it gets to the card reader.

We regularly do 'Penetration Tests,' wherein people from outside are allowed to test the vulnerability of our system K Asawa DGM, IT - Bank of Baroda How would you rate the adoption of IT by your bank and what according to you are the pain areas? The problem related to IT adoption is two-fold. For one, we have to face demands from suppliers and secondly, the staff needs to get adjusted to the latest technology. A vendor can only provide you with a solution, give you the connectivity and links, but it is upto you to utilize it for business development. The growth rate in banking is extremely high and IT industry at times fails to deliver. For eg, nowadays we talk of opening 50 branches in a single day. For that, we need hardware and connectivity. IT industry due to physical and capacity constraints fails to provide connectivity in certain places. When a rural branch is included in Core Banking System (CBS) and if any of the connectivity links goes down, it becomes a serious issue. What steps have you taken to ensure faster services to customers? Our processes have been re-engineered so that services get priority rather than the background processes. For eg, we have adopted an application called Universal Tailor which will dispose cash payment from the storage disk itself, shortening the time of the original process. The signature of the customer is made available to the cashier through technology. Customers can also open new accounts with us through Internet and come to the bank just once to sign documents. How do you alleviate security concerns at your as well as customer's end? We have a very elaborate system for security. However, one cannot remain static on security. It always needs to be upgraded. We regularly do “Penetration Test” wherein some people from outside with our permission are allowed to test the vulnerability of our system. In the datacenters, everyday a report is generated and reviewed to check whether there was an attempt to hack the system. To ensure identity of a customer, the most common way is an ID and a password. We are also adopting biometrics wherein through a thumb impression or colour of the eye the authenticity of the person is recognized. This would be especially useful in rural areas. How do you plan to expand your reach in rural areas? We are very keen on expanding in rural areas as more than 40 per cent of our business comes from there. Unfortunately, IT has failed in providing connectivity in many remote areas. There are business considerations involved while building infrastructure in these remote areas. All branches have to be brought on a common platform with similar technology. To resolve connectivity issues we tied up with a radio link provider to provide us connectivity through radio links.

Beyond finger scans



Finger-based scans are just one of the multitude of options that biometrics

based authentication technologies offer. There are other options such as

matching hand geometry to retina scans to iris scans and so on. Authentication

can also be done based on quasi-behavioral attributes such as a person's voice,

handwriting, etc. Yet another is facial recognition, where a person's face is

stored digitally and for each transaction, the live image of the person is

compared to the one stored in the database and co-related to his account number.

Hand geometry based systems are not easy to implement though as their parameters

change with external factors such as weather conditions, cleanliness of hands,

etc. Likewise, retina scans need perfect alignment of the eye to reach the

retina at the back of the eye; a time consuming activity in populated areas.

Iris scans are marginally better as they do not require contact between the

customer's eye and the biometric device to correlate the eye's colored area (ie,

the iris). Voice recognition at present seems the easiest of all biometric

techniques as voice can even be authenticated sitting at home through your

phone. A survey conducted backs this claims saying that 95% of consumers prefer

voice verification compared with the 80% that are willing to accept fingerprint

scans. As mentioned earlier, voice even works remotely (by phone) whereas

consumer's need to install special fingerprint readers at their premises to be

able to get themselves authenticated online. But before this all is well

accepted and practiced, technical standards need to be established so that

biometrics work universally. Work is in progress with a lot of ATM vendors

pitching in with their devices, and we expect some action sooner than later in

this space.

Micro-banking in rural areas



We have seen how biometric authentication can provide a secure and remotely

accessible channel for bank customers and how it can come in handy for banks

while servicing rural populace. Let's now look at some other initiatives taken

by banks for the rural sector. Rural banking is one area where political

pressures play their part. One significant challenge for banks while providing

services to rural customers is the change in government policies for

agriculturists and the related thrust on farm credit. However, technologically

their efforts depend on the availability of telecom infrastructure. The silver

lining here is the continued downward spiral in the prices of telecom products

over the past few years. This trend is likely to continue and is in alignment

with the increasing demand for networking backbone. This is great news for all

customers, more so banks who are always large consumers of bandwidth. The

reduced bandwidth costs mean that banks can get their far-flung branches

networked at far lower costs than was the case earlier. This would also create

redundancy and in turn greater resilience for their networks.

A biometric-enabled RFID smartcard containing fingerprint scans communicates with the mobile phone at the bank using 'Near Field Communication'

A combination of two technologies — RFID and Near Field Communication (NFC) —

is all set to enable the rural population of the country to perform essential

banking transactions. NXP Semiconductors, founded by Philips, that co-invented

the NFC technology has partnered with A Little World, inventors of a mobile

platform for inclusive banking, have tried the concept of micro-banking in over

450 villages across four states of the country. The technology involves setting

up of Customer Service Points equipped with state-of-the-art mobile phones that

support NFC. Each villager who is an account holder, will be given a

biometric-enabled RFID smartcard, which will communicate with the mobile phone

at the Customer Service Point. The smartcard essentially contains information

about identity of the customer such as name, address, photograph, fingerprint

templates and relevant details of the savings or loan accounts held by the

issuing bank. NFC, being a short-range wireless connectivity technology enables

secure exchange of data between two devices, by just placing them together,

pretty much like how Bluetooth functions. Since NFC effectively combines

contactless identification and networking technologies, it can communicate

between an RFID card and an NFC mobile phone, or if required, between two NFC

devices. Currently, the NFC-enabled mobile phones used in this project are

sourced from Motorola and Nokia.

The NFC works on the concept of magnetic field induction, and operates within

the unlicensed radio frequency band of 13.56MHz. Speeds can vary between 106

Kbit/s, 212 Kbit/s and 424 Kbit/s. It is an open platform technology

standardized in ECMA-340 and operates with both the 'active' and 'passive' modes

of RFID. During its pilot run, Uttarakhand, Mizoram, Meghalaya and Andhra

Pradesh have been covered, and banks like State bank of India, Union Bank, Axis

Bank, Andhra bank and the Andhra Pradesh Grameen Bank have collaborated with the

project. In the Warangal district of AP, social security pensioners were given

their payments using Micro-banking, and in places like Aizwal in Mizoram and

Pithoragarh in Uttarakhand, the project introduced the concept of banking, since

these areas have never had a bank before. Interestingly, the RFID cards used for

the initiative were tailored around a completely different application. These

cards are currently used in about 35 countries including Singapore, the US, and

the UK, on their newly issued e-passports. The RFID chips are embedded in the

passports, and are aimed at reducing paperwork and making the passport data

tamper-proof. For the NFC initiative however, it is designed to eliminate the

cost and effort to set up physical branches in rural areas, and providing

services ranging from cash deposits, cash withdrawals, utility payments, and

money transfers.

Increasing IT Orientation of the Indian Banking Industry Parishesh Mishra and Arpan Gupta, Industry Verticals Research Practice, IDC India With the entry of large foreign banks in the Indian banking arena in 2009, Indian banks with their relatively small sizes will be forced to consolidate to take the increased competition head-on. Indian banking industry today faces unprecedented challenges (customer acquisition and retention, reducing costs of transactions, risk management, and regulatory compliance) to sustain their growth path. To leverage the opportunities present (and created) and the challenges tickling the industry, the sector is increasingly getting exposed to information technology. Effective use of technology has dramatically improved the efficiency of sector's operations, which has led to increased productivity and profitability. According to the IDC report titled India BFSI Sector IT Usage and Trends 2007-2011 Forecast and Analysis, the IT market in the Indian banking sector is forecasted to grow at CAGR of 13.0% for the period of 2006-2011. The key IT segments in the Indian banking industry would be the Packaged Software, PCs, Mid-range Servers and Networking Equipment. The IT deployments in the banks will not only act as a facilitator for further expansion but will also help the banks in dealing with the issues of storage, security, understanding customer informatics and regulatory compliances. Banks are increasingly becoming technology-intensive and are looking to leverage IT to meet the exponentially increasing consumer demands in terms of cost, efficiency, convenience and reliability. The banks in India are looking to provide Web-based trade support, real-time gross settlement, online tax accounting system, value-added transaction services and basic online transaction services, to attract and retain customers. The key IT solutions being targeted by the Indian banking industry are networking, customer relationship management, business intelligence, Internet banking and storage and security solutions. By leveraging IT the banks are looking to develop alternative delivery channels such as ATMs, tele-banking, and Mobile banking. Thus IT is playing a very crucial role in bringing the banking sector to its real worth and is focusing more on customer convenience and development of banking habits among all. Also the banking system will become transparent in its dealings and will adopt global best practices in accounting and disclosures driven by the motto of value enhancement for all the stakeholders involved. Technology would make the flow of information much faster, more accurate and enable quicker analysis of data received. Therefore the conventional definition of banking will make way for the more tech-enabled banking; all because of increased IT orientation of the Indian banking industry.

Passengers, Goods and... ATMs on Trains



You've seen mobile ATM vans across cities and rural areas. But how about

ATMs on railways---the ultimate mobility solution. Close on the heels of setting

up of ATMs on railway platforms, the government has given permission to banks to

set up ATMs on trains! And why not, with the progress in telecommunications such

as improved VSAT and microwave links, technology has become a key enabler for

setting this infrastructure. Right now, there are more than 1800 ATMs on railway

platforms across India. Most of these are placed in the bigger and more popular

stations in metros, which is logical as these stations see enormous number of

passengers commuting on a daily basis. Having ATMs on trains would help

passengers coming from the smaller cities and towns, where the infrastructure to

establish ATMs or other such mobile banking solutions is either simply

non-existent or proves pretty expensive. Plus, there are security concerns. In

fact, a long-distance train could act as the fastest and longest mobile carrier

of ATMs across this vast country. This would also ensure safety of passengers as

they need not carry large sums of cash during journey. Instead they can withdraw

money as and when required. This facility can further be enhanced by installing

e-ticketing kiosks alongside the ATMs. This means a passenger can withdraw money

and buy rail tickets at the same place!

In rural areas we plan to move to banking through mobile sets, as mobile penetration is good S K Sehgal GM, IT - State Bank of India Being the largest bank in the country what challenges you face and how can IT help overcome those? There are two immediate challenges-the bank's size and its geographical reach. IT is helping us in handling banking volumes, amount of transactions and accounts. There are 100 million accounts in the system and over 20 million transactions in a day. In three years time, we plan to grow about five times this volume and without IT infrastructure it is not possible. There has to be similar IT infrastructure across all branches. However, IT infrastructure deficiency is the main challenge. What are the key technologies/solutions that you are using to speed up internal process across branches? We are trying to reduce footfalls in our transits by providing alternative channels to people. Right now around 20 lakh transactions take place through these channels. Currently we have 11,000 branches and 7,000 ATMs. To enable a smooth communication amongst various branches we have set up our own network using various technologies such as CDMA, VSAT and radio frequency. How do you ensure security from your as well as customer's end? There are two levels of security. One is manual security for identity protection and the other is system security. SBI was the first bank to come up with a document called security policy of bank. Even for networking the security policy is deployed. When a message is moved from the branch to the datacenter, it is encrypted. Even if someone intercepts it, he will not be able to crack the code. Even for other transactions bank has come up with documented security policy, which is followed meticulously. There are regular audits carried out to check the security of the system. We have ISO certificates for our datacenters. In the datacenters, nobody has access to data. On our website password is not asked. So we issue a warning that if someone I asking the password do not mention. We are looking at biometrics in ATM. How does SBI use technology to serve rural customers? We have 6600 rural branches. We have put most of them on core banking. The last phase of connectivity should be completed by March. We use VSAT in such remote areas. The question is not of connectivity alone. I have to service them later on. The issue in rural areas is, that there are hardly any private players giving connectivity. We are planning to move to banking through mobile sets, as mobile penetration is good in these areas. We are also looking at kiosk banking or setting up a PC wherein a person can look after it and operate it. We have mobile ATMs, which go from place to place. We also have mobile VSATs.