Bank on IT to keep your money safe

IT has extended the business of banking to every conceivable channel be it
Internet, ATMs, mobiles and now even trains! Soon you would be spared the pain
of safekeeping multiple PINs and passwords through Biometrics. All this comes
with its own set of challenges. Read on to find out about those challenges, and
how banks are finding innovative ways to resolve them

Given the frenetic pace of life, we're all hard-pressed for time and energy
to take care of our critical tasks. And most of these inevitably require
transacting money in one form or the other. A growing economy and the associated
perils of inflation together ensure that banking and financial transactions
increase in volumes with each passing day. Just do a quick rehash of where you
depend on banks to fulfill daily needs and you'll know. Cash withdrawals or
deposits, utility bills (electricity, mobiles, landlines), corporation taxes,
income-tax, advance tax, transfer of funds across accounts, fixed deposits,
share trading and so on. How do you take time off your busy professional
schedule to visit the bank and carry these out? Thankfully, it's the other way
round. The trend among banks and financial services companies has been to
leverage IT to go to their customers instead of the other way around. That's why
one can see banks introducing so many channels for reaching out to their
customers, like phone banking, SMS banking, online banking, ATMs, credit cards,
debit cards and so on.

This sounds really impressive because banks have to use IT extensively to
make it happen. But, it comes with its own set of challenges, which the CIOs of
banks have to cope up with. One key concern is ensuring security of all these
channels. More channels means more number of ports opening up. Plus, the
security of transactions through these channels also has to be ensured. The
other key challenge is integration of various applications and their data. Every
bank today is trying to offer a host of services to customers. So apart from
bank accounts, a bank today also offers loans, investment options, credit cards,
etc. There are high chances that some of the customers are common across these
applications. However, since these applications have grown separately,
integrating them together to offer cross sell opportunities is a major
challenge. It's a real challenge in front of banks to utilize information
generated through one application for servicing the same customer for another
application. Simply count the number of times you get calls from the same bank,
each time trying to sell some product/service or the other but completely
oblivious of the fact that you might already be their existing customer and
therefore would expect the caller to have done his homework properly and not
bother you for basic information such as address, email, age, etc.

Sadly, this is seldom the case and more often than not you have to bear
unwarranted calls from one bank or the other. So, clearly banks have a challenge
here. To integrate data across different banking applications so that agents
manning various bank channels know before hand whether a customer they're
calling is already a customer or not.

Another challenge before banks is to tap the vast market of rural customers.
In fact, this is one area that remains neglected because of inadequate civic and
telecom infrastructure. May be it is time for banks to go beyond traditional
solutions and look at some of innovative ones. One such alternative is the use
biometric technologies in offering banking services to far-flung areas. In this
story we explore the solutions to all these challenges and see what Indian banks
have already done to alleviate those.

Where IT comes to the rescue

For a start, banks need to have centralized infrastructure not only for
their branches but also for the different channels. This would ensure common
access to customer information for users across different channels. The same
pool of information could be used to solicit new products and services to old
and new customers alike and at the same time provide an efficient management
information system (MIS) to the sales teams to generate leads from.

One strong solution to such integration challenges can be SOA or Services
Oriented Architecture. It could help banks ensure that their various
applications are able to connect with each other without writing any proprietary
code, or tampering with the individual databases. There's tremendous scope for
banks to utilize SOA for this job. In fact, it could even be used to integrate
their banking applications with the various communication channels.

On the security front, there are several solutions being worked out by banks.
One of course would be to deploy a complete information security solution that
is able to secure all applications and channels of entry. As an example of how
security across various channels can be enhanced, let's take a quick peek at how
SMS banking can be used to make and receive payments from third parties such as
merchant establishments.

A buyer sends a message for buying and the bank in turn sends a message
confirming the purchase to both the merchant as well as the buyer. Debit card
number is the key field which is used for the authenticity of the customer.
Security for transactions taking place through this channel is ensured in two
stages. First your mobile number is authenticated by the bank through the use of
authentication keys. Next, a customer enters a secret Mobile Personal
Identification Number (MPIN). This needs to be again authenticated by the bank.
As an enhanced security measure, access is denied after three invalid login
attempts.

A case for biometric authentication

The banking sector has been very lousy in adopting biometrics for the mass
consumer, as people used to perceive sharing details of their anatomies as
analogous to criminal investigation. But with a lot of thought being given to
innovation throughout the BFS, the technology is finding many takers now.
However, in rural areas, with literacy rates still below acceptable levels,
people have been pragmatic toward this technology. We believe anything that
makes for a simpler interface and saves you from the hassles of maintaining
mu`ltiple passwords or PINs is a welcome step. It is after all an automated
technique for establishing identity through unique physiological or behavioral
characteristics.

Finger scanning is still the most popular application of biometrics in
automated teller machines. By plugging a portable scanning device into the back
of the ATM, any ATM machine can be enhanced to offer this functionality. This
machine in turn connects to the bank's server, which authenticates the visitor
by comparing with stored records. It's an unequivocal way of establishing the
identity of the person and one that can't be breached by intruders. And not just
ATMs, biometrics can also be used to restrict access to sensitive areas in banks
such as locker rooms and data centers.

What makes a biometric trait stand apart is that it is as unique as the
individual from whom it was created. So unlike a password or PIN, a biometric
trait cannot be lost, stolen, or recreated. This makes the use of biometrics a
sure enough remedy to prevent identity theft, a problem that is mushrooming
alongside databases of personal information. In fact, some of the channels for
monetary transactions such as credit cards are a very good candidate for
application of biometrics on the consumer side. More so, as they get smarter and
develop capabilities to store more and more personal details on an RFID chip.
Apart from the account information and other personal details, information
pertaining to the biometric traits of an individual can also be bolted inside.
Technology experts aver that a digital fingerprint will eventually prove cheaper
to incorporate for banks than any of the keyboard-based encrypted solutions as
the biggest issue with PIN based access remains its vulnerability to hackers
after it has been keyed in by the user and before it gets to the card reader.

We regularly do 'Penetration Tests,' wherein people from outside are allowed to test the vulnerability of our system K Asawa DGM, IT - Bank of Baroda How would you rate the adoption of IT by your bank and what according to you are the pain areas? The problem related to IT adoption is two-fold. For one, we have to face demands from suppliers and secondly, the staff needs to get adjusted to the latest technology. A vendor can only provide you with a solution, give you the connectivity and links, but it is upto you to utilize it for business development. The growth rate in banking is extremely high and IT industry at times fails to deliver. For eg, nowadays we talk of opening 50 branches in a single day. For that, we need hardware and connectivity. IT industry due to physical and capacity constraints fails to provide connectivity in certain places. When a rural branch is included in Core Banking System (CBS) and if any of the connectivity links goes down, it becomes a serious issue. What steps have you taken to ensure faster services to customers? Our processes have been re-engineered so that services get priority rather than the background processes. For eg, we have adopted an application called Universal Tailor which will dispose cash payment from the storage disk itself, shortening the time of the original process. The signature of the customer is made available to the cashier through technology. Customers can also open new accounts with us through Internet and come to the bank just once to sign documents. How do you alleviate security concerns at your as well as customer's end? We have a very elaborate system for security. However, one cannot remain static on security. It always needs to be upgraded. We regularly do “Penetration Test” wherein some people from outside with our permission are allowed to test the vulnerability of our system. In the datacenters, everyday a report is generated and reviewed to check whether there was an attempt to hack the system. To ensure identity of a customer, the most common way is an ID and a password. We are also adopting biometrics wherein through a thumb impression or colour of the eye the authenticity of the person is recognized. This would be especially useful in rural areas. How do you plan to expand your reach in rural areas? We are very keen on expanding in rural areas as more than 40 per cent of our business comes from there. Unfortunately, IT has failed in providing connectivity in many remote areas. There are business considerations involved while building infrastructure in these remote areas. All branches have to be brought on a common platform with similar technology. To resolve connectivity issues we tied up with a radio link provider to provide us connectivity through radio links.

Beyond finger scans

Finger-based scans are just one of the multitude of options that biometrics
based authentication technologies offer. There are other options such as
matching hand geometry to retina scans to iris scans and so on. Authentication
can also be done based on quasi-behavioral attributes such as a person's voice,
handwriting, etc. Yet another is facial recognition, where a person's face is
stored digitally and for each transaction, the live image of the person is
compared to the one stored in the database and co-related to his account number.
Hand geometry based systems are not easy to implement though as their parameters
change with external factors such as weather conditions, cleanliness of hands,
etc. Likewise, retina scans need perfect alignment of the eye to reach the
retina at the back of the eye; a time consuming activity in populated areas.
Iris scans are marginally better as they do not require contact between the
customer's eye and the biometric device to correlate the eye's colored area (ie,
the iris). Voice recognition at present seems the easiest of all biometric
techniques as voice can even be authenticated sitting at home through your
phone. A survey conducted backs this claims saying that 95% of consumers prefer
voice verification compared with the 80% that are willing to accept fingerprint
scans. As mentioned earlier, voice even works remotely (by phone) whereas
consumer's need to install special fingerprint readers at their premises to be
able to get themselves authenticated online. But before this all is well
accepted and practiced, technical standards need to be established so that
biometrics work universally. Work is in progress with a lot of ATM vendors
pitching in with their devices, and we expect some action sooner than later in
this space.

Micro-banking in rural areas

We have seen how biometric authentication can provide a secure and remotely
accessible channel for bank customers and how it can come in handy for banks
while servicing rural populace. Let's now look at some other initiatives taken
by banks for the rural sector. Rural banking is one area where political
pressures play their part. One significant challenge for banks while providing
services to rural customers is the change in government policies for
agriculturists and the related thrust on farm credit. However, technologically
their efforts depend on the availability of telecom infrastructure. The silver
lining here is the continued downward spiral in the prices of telecom products
over the past few years. This trend is likely to continue and is in alignment
with the increasing demand for networking backbone. This is great news for all
customers, more so banks who are always large consumers of bandwidth. The
reduced bandwidth costs mean that banks can get their far-flung branches
networked at far lower costs than was the case earlier. This would also create
redundancy and in turn greater resilience for their networks.

A biometric-enabled RFID smartcard containing fingerprint scans communicates with the mobile phone at the bank using 'Near Field Communication'

A combination of two technologies — RFID and Near Field Communication (NFC) —
is all set to enable the rural population of the country to perform essential
banking transactions. NXP Semiconductors, founded by Philips, that co-invented
the NFC technology has partnered with A Little World, inventors of a mobile
platform for inclusive banking, have tried the concept of micro-banking in over
450 villages across four states of the country. The technology involves setting
up of Customer Service Points equipped with state-of-the-art mobile phones that
support NFC. Each villager who is an account holder, will be given a
biometric-enabled RFID smartcard, which will communicate with the mobile phone
at the Customer Service Point. The smartcard essentially contains information
about identity of the customer such as name, address, photograph, fingerprint
templates and relevant details of the savings or loan accounts held by the
issuing bank. NFC, being a short-range wireless connectivity technology enables
secure exchange of data between two devices, by just placing them together,
pretty much like how Bluetooth functions. Since NFC effectively combines
contactless identification and networking technologies, it can communicate
between an RFID card and an NFC mobile phone, or if required, between two NFC
devices. Currently, the NFC-enabled mobile phones used in this project are
sourced from Motorola and Nokia.

The NFC works on the concept of magnetic field induction, and operates within
the unlicensed radio frequency band of 13.56MHz. Speeds can vary between 106
Kbit/s, 212 Kbit/s and 424 Kbit/s. It is an open platform technology
standardized in ECMA-340 and operates with both the 'active' and 'passive' modes
of RFID. During its pilot run, Uttarakhand, Mizoram, Meghalaya and Andhra
Pradesh have been covered, and banks like State bank of India, Union Bank, Axis
Bank, Andhra bank and the Andhra Pradesh Grameen Bank have collaborated with the
project. In the Warangal district of AP, social security pensioners were given
their payments using Micro-banking, and in places like Aizwal in Mizoram and
Pithoragarh in Uttarakhand, the project introduced the concept of banking, since
these areas have never had a bank before. Interestingly, the RFID cards used for
the initiative were tailored around a completely different application. These
cards are currently used in about 35 countries including Singapore, the US, and
the UK, on their newly issued e-passports. The RFID chips are embedded in the
passports, and are aimed at reducing paperwork and making the passport data
tamper-proof. For the NFC initiative however, it is designed to eliminate the
cost and effort to set up physical branches in rural areas, and providing
services ranging from cash deposits, cash withdrawals, utility payments, and
money transfers.

Increasing IT Orientation of the Indian Banking Industry Parishesh Mishra and Arpan Gupta, Industry Verticals Research Practice, IDC India With the entry of large foreign banks in the Indian banking arena in 2009, Indian banks with their relatively small sizes will be forced to consolidate to take the increased competition head-on. Indian banking industry today faces unprecedented challenges (customer acquisition and retention, reducing costs of transactions, risk management, and regulatory compliance) to sustain their growth path. To leverage the opportunities present (and created) and the challenges tickling the industry, the sector is increasingly getting exposed to information technology. Effective use of technology has dramatically improved the efficiency of sector's operations, which has led to increased productivity and profitability. According to the IDC report titled India BFSI Sector IT Usage and Trends 2007-2011 Forecast and Analysis, the IT market in the Indian banking sector is forecasted to grow at CAGR of 13.0% for the period of 2006-2011. The key IT segments in the Indian banking industry would be the Packaged Software, PCs, Mid-range Servers and Networking Equipment. The IT deployments in the banks will not only act as a facilitator for further expansion but will also help the banks in dealing with the issues of storage, security, understanding customer informatics and regulatory compliances. Banks are increasingly becoming technology-intensive and are looking to leverage IT to meet the exponentially increasing consumer demands in terms of cost, efficiency, convenience and reliability. The banks in India are looking to provide Web-based trade support, real-time gross settlement, online tax accounting system, value-added transaction services and basic online transaction services, to attract and retain customers. The key IT solutions being targeted by the Indian banking industry are networking, customer relationship management, business intelligence, Internet banking and storage and security solutions. By leveraging IT the banks are looking to develop alternative delivery channels such as ATMs, tele-banking, and Mobile banking. Thus IT is playing a very crucial role in bringing the banking sector to its real worth and is focusing more on customer convenience and development of banking habits among all. Also the banking system will become transparent in its dealings and will adopt global best practices in accounting and disclosures driven by the motto of value enhancement for all the stakeholders involved. Technology would make the flow of information much faster, more accurate and enable quicker analysis of data received. Therefore the conventional definition of banking will make way for the more tech-enabled banking; all because of increased IT orientation of the Indian banking industry.

Passengers, Goods and... ATMs on Trains

You've seen mobile ATM vans across cities and rural areas. But how about
ATMs on railways---the ultimate mobility solution. Close on the heels of setting
up of ATMs on railway platforms, the government has given permission to banks to
set up ATMs on trains! And why not, with the progress in telecommunications such
as improved VSAT and microwave links, technology has become a key enabler for
setting this infrastructure. Right now, there are more than 1800 ATMs on railway
platforms across India. Most of these are placed in the bigger and more popular
stations in metros, which is logical as these stations see enormous number of
passengers commuting on a daily basis. Having ATMs on trains would help
passengers coming from the smaller cities and towns, where the infrastructure to
establish ATMs or other such mobile banking solutions is either simply
non-existent or proves pretty expensive. Plus, there are security concerns. In
fact, a long-distance train could act as the fastest and longest mobile carrier
of ATMs across this vast country. This would also ensure safety of passengers as
they need not carry large sums of cash during journey. Instead they can withdraw
money as and when required. This facility can further be enhanced by installing
e-ticketing kiosks alongside the ATMs. This means a passenger can withdraw money
and buy rail tickets at the same place!

In rural areas we plan to move to banking through mobile sets, as mobile penetration is good S K Sehgal GM, IT - State Bank of India Being the largest bank in the country what challenges you face and how can IT help overcome those? There are two immediate challenges-the bank's size and its geographical reach. IT is helping us in handling banking volumes, amount of transactions and accounts. There are 100 million accounts in the system and over 20 million transactions in a day. In three years time, we plan to grow about five times this volume and without IT infrastructure it is not possible. There has to be similar IT infrastructure across all branches. However, IT infrastructure deficiency is the main challenge. What are the key technologies/solutions that you are using to speed up internal process across branches? We are trying to reduce footfalls in our transits by providing alternative channels to people. Right now around 20 lakh transactions take place through these channels. Currently we have 11,000 branches and 7,000 ATMs. To enable a smooth communication amongst various branches we have set up our own network using various technologies such as CDMA, VSAT and radio frequency. How do you ensure security from your as well as customer's end? There are two levels of security. One is manual security for identity protection and the other is system security. SBI was the first bank to come up with a document called security policy of bank. Even for networking the security policy is deployed. When a message is moved from the branch to the datacenter, it is encrypted. Even if someone intercepts it, he will not be able to crack the code. Even for other transactions bank has come up with documented security policy, which is followed meticulously. There are regular audits carried out to check the security of the system. We have ISO certificates for our datacenters. In the datacenters, nobody has access to data. On our website password is not asked. So we issue a warning that if someone I asking the password do not mention. We are looking at biometrics in ATM. How does SBI use technology to serve rural customers? We have 6600 rural branches. We have put most of them on core banking. The last phase of connectivity should be completed by March. We use VSAT in such remote areas. The question is not of connectivity alone. I have to service them later on. The issue in rural areas is, that there are hardly any private players giving connectivity. We are planning to move to banking through mobile sets, as mobile penetration is good in these areas. We are also looking at kiosk banking or setting up a PC wherein a person can look after it and operate it. We have mobile ATMs, which go from place to place. We also have mobile VSATs.