Bank on IT to keep your money safe

author-image
PCQ Bureau
New Update

IT has extended the business of banking to every conceivable channel be it
Internet, ATMs, mobiles and now even trains! Soon you would be spared the pain
of safekeeping multiple PINs and passwords through Biometrics. All this comes
with its own set of challenges. Read on to find out about those challenges, and
how banks are finding innovative ways to resolve them

Given the frenetic pace of life, we're all hard-pressed for time and energy
to take care of our critical tasks. And most of these inevitably require
transacting money in one form or the other. A growing economy and the associated
perils of inflation together ensure that banking and financial transactions
increase in volumes with each passing day. Just do a quick rehash of where you
depend on banks to fulfill daily needs and you'll know. Cash withdrawals or
deposits, utility bills (electricity, mobiles, landlines), corporation taxes,
income-tax, advance tax, transfer of funds across accounts, fixed deposits,
share trading and so on. How do you take time off your busy professional
schedule to visit the bank and carry these out? Thankfully, it's the other way
round. The trend among banks and financial services companies has been to
leverage IT to go to their customers instead of the other way around. That's why
one can see banks introducing so many channels for reaching out to their
customers, like phone banking, SMS banking, online banking, ATMs, credit cards,
debit cards and so on.

This sounds really impressive because banks have to use IT extensively to
make it happen. But, it comes with its own set of challenges, which the CIOs of
banks have to cope up with. One key concern is ensuring security of all these
channels. More channels means more number of ports opening up. Plus, the
security of transactions through these channels also has to be ensured. The
other key challenge is integration of various applications and their data. Every
bank today is trying to offer a host of services to customers. So apart from
bank accounts, a bank today also offers loans, investment options, credit cards,
etc. There are high chances that some of the customers are common across these
applications. However, since these applications have grown separately,
integrating them together to offer cross sell opportunities is a major
challenge. It's a real challenge in front of banks to utilize information
generated through one application for servicing the same customer for another
application. Simply count the number of times you get calls from the same bank,
each time trying to sell some product/service or the other but completely
oblivious of the fact that you might already be their existing customer and
therefore would expect the caller to have done his homework properly and not
bother you for basic information such as address, email, age, etc.

Sadly, this is seldom the case and more often than not you have to bear
unwarranted calls from one bank or the other. So, clearly banks have a challenge
here. To integrate data across different banking applications so that agents
manning various bank channels know before hand whether a customer they're
calling is already a customer or not.

Another challenge before banks is to tap the vast market of rural customers.
In fact, this is one area that remains neglected because of inadequate civic and
telecom infrastructure. May be it is time for banks to go beyond traditional
solutions and look at some of innovative ones. One such alternative is the use
biometric technologies in offering banking services to far-flung areas. In this
story we explore the solutions to all these challenges and see what Indian banks
have already done to alleviate those.

ATMs: A quick rewind

HSBC introduced the first ATM in India in
1987. ICICI, UTI, HDFC and IDBI together count for more than 50% of the
total ATMs in India. But SBI pips them all in reaching out to the remotest
of customers, with ATM machines in the smallest of towns and cities. After
SBI, The Corporation Bank has the second largest network of ATMs amongst
nationalized banks. Most of the banks are entering into tie-ups with other
banks to fast-forward their ATM deployment. For a nominal fee, which depends
on the scheme that a bank offers and the facilities you choose, customers
can enjoy the same benefits as they do from their bank's own ATM. All
information and transactions are routed among member institutions through a
network switch. This switch transmits the information to the bank which has
issued the card, which in turn approves or declines the transaction request
and notifies the switch. The decision of the card-issuing bank is then
routed by the switch to the processor of the ATM, which completes the
transaction. The account balances of member banks are sent at the end of the
day. It takes approximately Rs 10 lakhs to set up an ATM center. Rs 12-14
lakhs per annum are needed for its maintenance. To keep the cost in
equilibrium position, there should be around 250-300 transactions per day
per ATM.

Where IT comes to the rescue

For a start, banks need to have centralized infrastructure not only for
their branches but also for the different channels. This would ensure common
access to customer information for users across different channels. The same
pool of information could be used to solicit new products and services to old
and new customers alike and at the same time provide an efficient management
information system (MIS) to the sales teams to generate leads from.

One strong solution to such integration challenges can be SOA or Services
Oriented Architecture. It could help banks ensure that their various
applications are able to connect with each other without writing any proprietary
code, or tampering with the individual databases. There's tremendous scope for
banks to utilize SOA for this job. In fact, it could even be used to integrate
their banking applications with the various communication channels.

On the security front, there are several solutions being worked out by banks.
One of course would be to deploy a complete information security solution that
is able to secure all applications and channels of entry. As an example of how
security across various channels can be enhanced, let's take a quick peek at how
SMS banking can be used to make and receive payments from third parties such as
merchant establishments.

A buyer sends a message for buying and the bank in turn sends a message
confirming the purchase to both the merchant as well as the buyer. Debit card
number is the key field which is used for the authenticity of the customer.
Security for transactions taking place through this channel is ensured in two
stages. First your mobile number is authenticated by the bank through the use of
authentication keys. Next, a customer enters a secret Mobile Personal
Identification Number (MPIN). This needs to be again authenticated by the bank.
As an enhanced security measure, access is denied after three invalid login
attempts.

A case for biometric authentication

The banking sector has been very lousy in adopting biometrics for the mass
consumer, as people used to perceive sharing details of their anatomies as
analogous to criminal investigation. But with a lot of thought being given to
innovation throughout the BFS, the technology is finding many takers now.
However, in rural areas, with literacy rates still below acceptable levels,
people have been pragmatic toward this technology. We believe anything that
makes for a simpler interface and saves you from the hassles of maintaining
mu`ltiple passwords or PINs is a welcome step. It is after all an automated
technique for establishing identity through unique physiological or behavioral
characteristics.

Finger scanning is still the most popular application of biometrics in
automated teller machines. By plugging a portable scanning device into the back
of the ATM, any ATM machine can be enhanced to offer this functionality. This
machine in turn connects to the bank's server, which authenticates the visitor
by comparing with stored records. It's an unequivocal way of establishing the
identity of the person and one that can't be breached by intruders. And not just
ATMs, biometrics can also be used to restrict access to sensitive areas in banks
such as locker rooms and data centers.

What makes a biometric trait stand apart is that it is as unique as the
individual from whom it was created. So unlike a password or PIN, a biometric
trait cannot be lost, stolen, or recreated. This makes the use of biometrics a
sure enough remedy to prevent identity theft, a problem that is mushrooming
alongside databases of personal information. In fact, some of the channels for
monetary transactions such as credit cards are a very good candidate for
application of biometrics on the consumer side. More so, as they get smarter and
develop capabilities to store more and more personal details on an RFID chip.
Apart from the account information and other personal details, information
pertaining to the biometric traits of an individual can also be bolted inside.
Technology experts aver that a digital fingerprint will eventually prove cheaper
to incorporate for banks than any of the keyboard-based encrypted solutions as
the biggest issue with PIN based access remains its vulnerability to hackers
after it has been keyed in by the user and before it gets to the card reader.

We regularly do
'Penetration Tests,' wherein people from outside are allowed to test the
vulnerability of our system

K
Asawa


DGM, IT - Bank of Baroda

How would you rate the adoption of IT by your bank and what
according to you are the pain areas?


The problem related to IT adoption is two-fold. For one, we have to face
demands from suppliers and secondly, the staff needs to get adjusted to the
latest technology. A vendor can only provide you with a solution, give you
the connectivity and links, but it is upto you to utilize it for business
development. The growth rate in banking is extremely high and IT industry at
times fails to deliver. For eg, nowadays we talk of opening 50 branches in a
single day. For that, we need hardware and connectivity. IT industry due to
physical and capacity constraints fails to provide connectivity in certain
places. When a rural branch is included in Core Banking System (CBS) and if
any of the connectivity links goes down, it becomes a serious issue.

What steps have you taken to
ensure faster services to customers?

Our processes have been re-engineered so that services get priority
rather than the background processes. For eg, we have adopted an application
called Universal Tailor which will dispose cash payment from the storage
disk itself, shortening the time of the original process. The signature of
the customer is made available to the cashier through technology. Customers
can also open new accounts with us through Internet and come to the bank
just once to sign documents.

How do you alleviate security
concerns at your as well as customer's end?

We have a very elaborate system for security. However, one cannot remain
static on security. It always needs to be upgraded. We regularly do
“Penetration Test” wherein some people from outside with our permission are
allowed to test the vulnerability of our system. In the datacenters,
everyday a report is generated and reviewed to check whether there was an
attempt to hack the system. To ensure identity of a customer, the most
common way is an ID and a password. We are also adopting biometrics wherein
through a thumb impression or colour of the eye the authenticity of the
person is recognized. This would be especially useful in rural areas.

How do you plan to expand your
reach in rural areas?

We are very keen on expanding in rural areas as more than 40 per cent of
our business comes from there. Unfortunately, IT has failed in providing
connectivity in many remote areas. There are business considerations
involved while building infrastructure in these remote areas. All branches
have to be brought on a common platform with similar technology. To resolve
connectivity issues we tied up with a radio link provider to provide us
connectivity through radio links.

Beyond finger scans

Finger-based scans are just one of the multitude of options that biometrics
based authentication technologies offer. There are other options such as
matching hand geometry to retina scans to iris scans and so on. Authentication
can also be done based on quasi-behavioral attributes such as a person's voice,
handwriting, etc. Yet another is facial recognition, where a person's face is
stored digitally and for each transaction, the live image of the person is
compared to the one stored in the database and co-related to his account number.
Hand geometry based systems are not easy to implement though as their parameters
change with external factors such as weather conditions, cleanliness of hands,
etc. Likewise, retina scans need perfect alignment of the eye to reach the
retina at the back of the eye; a time consuming activity in populated areas.
Iris scans are marginally better as they do not require contact between the
customer's eye and the biometric device to correlate the eye's colored area (ie,
the iris). Voice recognition at present seems the easiest of all biometric
techniques as voice can even be authenticated sitting at home through your
phone. A survey conducted backs this claims saying that 95% of consumers prefer
voice verification compared with the 80% that are willing to accept fingerprint
scans. As mentioned earlier, voice even works remotely (by phone) whereas
consumer's need to install special fingerprint readers at their premises to be
able to get themselves authenticated online. But before this all is well
accepted and practiced, technical standards need to be established so that
biometrics work universally. Work is in progress with a lot of ATM vendors
pitching in with their devices, and we expect some action sooner than later in
this space.

Biometric banking@Canara Bank

Last month, a village near
Bangalore called Devanahalli, was chosen by Canara Bank to feature the
first-ever biometric ATM in the country. Besides performing the functions of
a regular ATM, it captures the fingerprints of customers that would be
transferred to the central server through a CDMA phone. Thus a customer is
authenticated through his fingerprints instead of the four-digit pin. Since
the initiative is targeted at rural users, a pre-recorded voice system in
the appropriate regional language is included to guide the customer. In the
first stage of its financial inclusion project, Canara Bank has opened 6
lakh 'no-frills' accounts spread across 1639 villages all over the country,
and hopes to increase this figure to 10 lakh by the end of this fiscal.
These no-frills accounts go back to the very basics of banking and allow
deposits, withdrawals and account balance enquiries. The key here is the
fact that human interaction with equipment or technology is done in the
local language, and to overcome resistance to technology, voice, and not
text is used as the primary mode of communication. As part of its next pilot
program, Canara Bank plans to equip villagers of Leisure and Kuluvanahalli
pockets of Karnataka with smartcards and soon spread its reach across the
country. The bank also uses fingerprint scanning to safeguard account
details that are stored in an RFID chip. It has gone a step further and
introducing what it calls the 'Mobile ATM'. This is essentially a van that
houses a toned down version of the ATM, powered by high capacity batteries.
The van would travel around villages, and be stationed at particular spots
on definite days of the month. Villagers who have no-frills account can
enter the van, scan their fingerprints and perform transactions. As soon as
the transaction is complete, the details would be recorded in a mobile phone
and at the end of every 'session', the details would be uploaded to the
central server.

Micro-banking in rural areas

We have seen how biometric authentication can provide a secure and remotely
accessible channel for bank customers and how it can come in handy for banks
while servicing rural populace. Let's now look at some other initiatives taken
by banks for the rural sector. Rural banking is one area where political
pressures play their part. One significant challenge for banks while providing
services to rural customers is the change in government policies for
agriculturists and the related thrust on farm credit. However, technologically
their efforts depend on the availability of telecom infrastructure. The silver
lining here is the continued downward spiral in the prices of telecom products
over the past few years. This trend is likely to continue and is in alignment
with the increasing demand for networking backbone. This is great news for all
customers, more so banks who are always large consumers of bandwidth. The
reduced bandwidth costs mean that banks can get their far-flung branches
networked at far lower costs than was the case earlier. This would also create
redundancy and in turn greater resilience for their networks.

A biometric-enabled RFID
smartcard containing fingerprint scans communicates with the mobile phone at
the bank using 'Near Field Communication'

A combination of two technologies — RFID and Near Field Communication (NFC) —
is all set to enable the rural population of the country to perform essential
banking transactions. NXP Semiconductors, founded by Philips, that co-invented
the NFC technology has partnered with A Little World, inventors of a mobile
platform for inclusive banking, have tried the concept of micro-banking in over
450 villages across four states of the country. The technology involves setting
up of Customer Service Points equipped with state-of-the-art mobile phones that
support NFC. Each villager who is an account holder, will be given a
biometric-enabled RFID smartcard, which will communicate with the mobile phone
at the Customer Service Point. The smartcard essentially contains information
about identity of the customer such as name, address, photograph, fingerprint
templates and relevant details of the savings or loan accounts held by the
issuing bank. NFC, being a short-range wireless connectivity technology enables
secure exchange of data between two devices, by just placing them together,
pretty much like how Bluetooth functions. Since NFC effectively combines
contactless identification and networking technologies, it can communicate
between an RFID card and an NFC mobile phone, or if required, between two NFC
devices. Currently, the NFC-enabled mobile phones used in this project are
sourced from Motorola and Nokia.

The NFC works on the concept of magnetic field induction, and operates within
the unlicensed radio frequency band of 13.56MHz. Speeds can vary between 106
Kbit/s, 212 Kbit/s and 424 Kbit/s. It is an open platform technology
standardized in ECMA-340 and operates with both the 'active' and 'passive' modes
of RFID. During its pilot run, Uttarakhand, Mizoram, Meghalaya and Andhra
Pradesh have been covered, and banks like State bank of India, Union Bank, Axis
Bank, Andhra bank and the Andhra Pradesh Grameen Bank have collaborated with the
project. In the Warangal district of AP, social security pensioners were given
their payments using Micro-banking, and in places like Aizwal in Mizoram and
Pithoragarh in Uttarakhand, the project introduced the concept of banking, since
these areas have never had a bank before. Interestingly, the RFID cards used for
the initiative were tailored around a completely different application. These
cards are currently used in about 35 countries including Singapore, the US, and
the UK, on their newly issued e-passports. The RFID chips are embedded in the
passports, and are aimed at reducing paperwork and making the passport data
tamper-proof. For the NFC initiative however, it is designed to eliminate the
cost and effort to set up physical branches in rural areas, and providing
services ranging from cash deposits, cash withdrawals, utility payments, and
money transfers.

Increasing IT Orientation of the Indian
Banking Industry

Parishesh Mishra and Arpan Gupta,
Industry Verticals Research Practice, IDC India

With the entry of large foreign
banks in the Indian banking arena in 2009, Indian banks with their
relatively small sizes will be forced to consolidate to take the increased
competition head-on. Indian banking industry today faces unprecedented
challenges (customer acquisition and retention, reducing costs of
transactions, risk management, and regulatory compliance) to sustain their
growth path. To leverage the opportunities present (and created) and the
challenges tickling the industry, the sector is increasingly getting exposed
to information technology. Effective use of technology has dramatically
improved the efficiency of sector's operations, which has led to increased
productivity and profitability. According to the IDC report titled India
BFSI Sector IT Usage and Trends 2007-2011 Forecast and Analysis, the IT
market in the Indian banking sector is forecasted to grow at CAGR of 13.0%
for the period of 2006-2011. The key IT segments in the Indian banking
industry would be the Packaged Software, PCs, Mid-range Servers and
Networking Equipment. The IT deployments in the banks will not only act as a
facilitator for further expansion but will also help the banks in dealing
with the issues of storage, security, understanding customer informatics and
regulatory compliances. Banks are increasingly becoming technology-intensive
and are looking to leverage IT to meet the exponentially increasing consumer
demands in terms of cost, efficiency, convenience and reliability. The banks
in India are looking to provide Web-based trade support, real-time gross
settlement, online tax accounting system, value-added transaction services
and basic online transaction services, to attract and retain customers. The
key IT solutions being targeted by the Indian banking industry are
networking, customer relationship management, business intelligence,
Internet banking and storage and security solutions. By leveraging IT the
banks are looking to develop alternative delivery channels such as ATMs,
tele-banking, and Mobile banking. Thus IT is playing a very crucial role in
bringing the banking sector to its real worth and is focusing more on
customer convenience and development of banking habits among all. Also the
banking system will become transparent in its dealings and will adopt global
best practices in accounting and disclosures driven by the motto of value
enhancement for all the stakeholders involved. Technology would make the
flow of information much faster, more accurate and enable quicker analysis
of data received. Therefore the conventional definition of banking will make
way for the more tech-enabled banking; all because of increased IT
orientation of the Indian banking industry.

Passengers, Goods and... ATMs on Trains

You've seen mobile ATM vans across cities and rural areas. But how about
ATMs on railways---the ultimate mobility solution. Close on the heels of setting
up of ATMs on railway platforms, the government has given permission to banks to
set up ATMs on trains! And why not, with the progress in telecommunications such
as improved VSAT and microwave links, technology has become a key enabler for
setting this infrastructure. Right now, there are more than 1800 ATMs on railway
platforms across India. Most of these are placed in the bigger and more popular
stations in metros, which is logical as these stations see enormous number of
passengers commuting on a daily basis. Having ATMs on trains would help
passengers coming from the smaller cities and towns, where the infrastructure to
establish ATMs or other such mobile banking solutions is either simply
non-existent or proves pretty expensive. Plus, there are security concerns. In
fact, a long-distance train could act as the fastest and longest mobile carrier
of ATMs across this vast country. This would also ensure safety of passengers as
they need not carry large sums of cash during journey. Instead they can withdraw
money as and when required. This facility can further be enhanced by installing
e-ticketing kiosks alongside the ATMs. This means a passenger can withdraw money
and buy rail tickets at the same place!

In rural areas we plan
to move to banking through mobile sets, as mobile penetration is good


S K Sehgal

GM, IT - State Bank of India

Being the largest bank in the country what
challenges you face and how can IT help overcome those? There are two
immediate challenges-the bank's size and its geographical reach. IT is
helping us in handling banking volumes, amount of transactions and accounts.
There are 100 million accounts in the system and over 20 million
transactions in a day. In three years time, we plan to grow about five times
this volume and without IT infrastructure it is not possible. There has to
be similar IT infrastructure across all branches. However, IT infrastructure
deficiency is the main challenge. What are the key technologies/solutions
that you are using to speed up internal process across branches? We are
trying to reduce footfalls in our transits by providing alternative channels
to people. Right now around 20 lakh transactions take place through these
channels. Currently we have 11,000 branches and 7,000 ATMs. To enable a
smooth communication amongst various branches we have set up our own network
using various technologies such as CDMA, VSAT and radio frequency. How do
you ensure security from your as well as customer's end? There are two
levels of security. One is manual security for identity protection and the
other is system security. SBI was the first bank to come up with a document
called security policy of bank. Even for networking the security policy is
deployed. When a message is moved from the branch to the datacenter, it is
encrypted. Even if someone intercepts it, he will not be able to crack the
code. Even for other transactions bank has come up with documented security
policy, which is followed meticulously. There are regular audits carried out
to check the security of the system. We have ISO certificates for our
datacenters. In the datacenters, nobody has access to data. On our website
password is not asked. So we issue a warning that if someone I asking the
password do not mention. We are looking at biometrics in ATM. How does SBI
use technology to serve rural customers? We have 6600 rural branches. We
have put most of them on core banking. The last phase of connectivity should
be completed by March. We use VSAT in such remote areas. The question is not
of connectivity alone. I have to service them later on. The issue in rural
areas is, that there are hardly any private players giving connectivity. We
are planning to move to banking through mobile sets, as mobile penetration
is good in these areas. We are also looking at kiosk banking or setting up a
PC wherein a person can look after it and operate it. We have mobile ATMs,
which go from place to place. We also have mobile VSATs.

Stay connected with us through our social media channels for the latest updates and news!

Follow us: