Menu hamburger
Airtel Payments Bank Logo Light
Register
Login

Internet Banking Policy

Approval Details

Date & Approver of the Policy

Approval Date- 18 October 19

Approver- Pallavi Sud / A Ganesh

Classification- Public

Introduction

AIRTEL PAYMENTS BANK LIMITED INTERNET BANKING POLICY

The objectives of this policy is to (i) provide internet banking as an efficient system of instantaneous banking taking into consideration the availability of technology and infrastructure to support the new model of banking; (ii) built in adequate mechanism to tackle the security risk and operational risk aspects; (iii) adhering to the legal and regulatory framework to take care of the rights and obligation of the consumers; and (iv) to strategically adopt the Internet to maximize value for the consumers.

Key Highlights

  • ·       Scope of this policy include various financial, non- financial services and information-based services provided by the bank.
  • ·       Technology and Security Standards-Bank will deploy updated technology and adopt high security standards such as designated teams, two factor authentication, proxy server, DR set up etc.
  • ·       Legal Compliance- Bank will comply with various statues and regulations applicable to internet banking
  • ·       Customer Registration-Bank will strive to provide the customers, easy and user friendly option for registration for internet banking services, minimizing the need for the customer to visit the access points/branch for such service.
  • ·       Regulatory and Supervisory aspects-Bank will ensure safeguarding the interest of the bank and its customers by adopting sound and responsive management practices through due diligence and management of risks.
  • ·       Internal control system-the scope of internal audit/inspection of the bank will cover, among others, internet banking facility provided by it to its customers
  • ·       Customer complaints & grievance redressal mechanism-Customer complaints/grievances arising out of internet banking and financial services availed through internet banking would be covered under the Customer Grievance Redressal Policy and Customer Compensation Policy of the bank as well the Banking Ombudsman Scheme of Reserve Bank of India.

Review of the Policy

The policy will be reviewed whenever there is a change in the regulations and internal policy of the bank.

Introduction

AIRTEL PAYMENTS BANK LIMITED INTERNET BANKING POLICY

Airtel Payments Bank Limited(herein after referred to as the bank) will offer products and services as part of its line of business activities permitted under the Payments Bank guidelines of Reserve Bank of India. The endeavor of the bank would, interalia, include providing of innovative digital solutions to customers to fulfill their banking requirements by keeping the processes simpler, fast and reliable.

Objective

With the rapid and significant growth in electronic commerce and digital payments, it is obvious that electronic (Internet) banking and payments are likely to advance. The impact of Internet banking on cost savings, revenue growth and increased customer satisfaction is tremendous which can be leveraged as a potential tool for building a sound strategy.

The objectives of this policy is to (i) provide internet banking as an efficient system of instantaneous banking taking into consideration the availability of technology and infrastructure to support the new model of banking; (ii) built in adequate mechanism to tackle the security risk and operational risk aspects; (iii) adhering to the legal and regulatory framework to take care of the rights and obligation of the consumers; and (iv) to strategically adopt the Internet to maximize value for the consumers.

Towards these objectives, Airtel Payments Bank Limited would like to offer internet banking and financial services as one of the channels for consumers on a 24*7 basis on a real time basis through implementation of Core Banking Solution (CBS) and appropriate web technology (Java, Oracle, Angularjs etc.)

Scope

This policy will be applicable to all types of accounts for which internet banking services will be offered to the customer. This document lays down requirements related to internet banking services, which, include various financial, non- financial services and information-based services as detailed below:-

 

a)   Registration

b)   Authentication

c)   Linking of accounts

d)   Self-care, Digital Card Management

e)   View Account Balance/Statements (Mini statements, Period based statements, Historical Statement, download statements etc.).

f)   Application to the bank for various services offered by it

g)   Secured storing of credentials\

h)   Transaction status updates, information and advice

i)   General Product Information

j)   Notifications

k)   Such other non-financial services, which, bank will add from time to time

 

 

a)   Fund Transfer (Intra /Inter Bank) 

b)   Utility/Bill/Credit Card Payments

c) Recharges

d)   Ecommerce/M Commerce payments

e)   Standard Instructions

f)   Other types of financial services which bank will add from time-to-time

 

a)   Locator Services(Branch, access point, ATM etc.)

b)   Offers

c)   Feedback

d)   Contact us

e)   Use of customer’s social login or device print to customer or enhance intuitive transaction or

services to customers

f)   Financial market information such as deals executed, outstanding documents, confirmations, etc.

In line with the Internet Banking in India-Guidelines issued by Reserve Bank of India, the bank will adhere to the guidelines as under:-

Technology and Security Standards

The bank will deploy updated technology and adopt high security standards. Towards these, the bank will put in place the following arrangements:

  • a) Designated network & database administrator and a dedicated Information Security Officer/Group. These teams will carry out their operations by adopting high security standards for implementing internet banking services to customers.
  • b)   Updated Security infrastructure with installation of patches whenever released by the developers and newer versions are installed through proper agreement with the OEMs/suppliers/developers.
  • c)  Each new payee will be authorized by the customer based on an OTP sent via SMS by the bank which also shows payee details.
  • d)  A cooling period of 1 hour will be provided for adding a new beneficiary. The customer will be intimated via SMS and E-mail alerts whenever a new beneficiary is added.
  • d)   Two factor authentication (2FA) for undertaking transactions to ensure security of the transactions and to strengthen the confidence of the customer for using digital channel. Under 2FA, the customer will use his/her user id and password/MPIN to login (first factor) and use the One Time Password (OTP) as second factor to undertake financial transactions.
  • e)   Proxy server type of Firewall will be used to ensure that there is no direct access to the banks’ systems through internet. Dial up services through modem or otherwise from the systems located on the same LAN where the application/database servers are placed will be isolated to prevent intrusions into the network as these may bypass the proxy server.
  • f)   I28bit/256bit SSL will be used until PKI is created. All unnecessary services on the application server such as FTP, Telnet will be disabled. The bank’s application server will be isolated from the e-mail server. All computer accesses, including messages received are logged.
  • g)   Data will be preserved for a period of 10 years as per the mandate of Reserve Bank of India on the preservation of payments system data/records. Readability test of the Backed-up data would be periodically conducted to ensure seamless recovery of data in case of need.
  • h)   Operations from DR site will be conducted at periodic intervals to ensure the uninterrupted availability of various banking services to customers including internet banking.
  • i)   The services of Information Systems Auditor will be utilized to ensure that the bank’s system are protected, reliable, available at all times and compliant with the security standards stipulated by its Top Management and Regulator. These auditors, among others, will undertake periodic penetration test of the system by using password cracking tools, back door traps etc. in the system.
  • j)   Volume scalability, DDoS & DoS, penetration testing will be carried out by engaging outside experts at periodic intervals.
  • k)   Physical access controls would strictly be enforced. Physical security covers all the information system and sites where they are housed, both against internal and external threats.
  • l) An authenticated session, together with its encryption protocol, will remain intact throughout the interaction with the customer. However, in case of any session breakage or interruption during customer interaction, the session will be terminated and the affected transactions will be resolved or reversed out. Further, the customer will be notified promptly by the bank that the session is being concluded.
  • m) The bank will notify the customer, through SMS, of all payment or fund transfer transactions above a specified value to be determined by the customer.

Legal Compliance

Internet Banking is subject to various statues including Banking Regulations Act, 1949, Reserve Bank of India Act, 1934, Foreign Exchange Management Act, 1999, Information Technology Act, 2000, Indian Contract Act, 1872, Negotiable Instruments Act, 1881, Indian Evidence Act, 1872, Prevention of Money Laundering Act 2002, Consumer Protection Act 1986, Income Tax Act 1961 etc. The bank will ensures

compliance to all regulations applicable to internet banking.

To achieve compliance, the bank will put in place the following arrangements

  • a)   Adopt such security procedures which are recognized by law as a substitute for signature for authenticating user.
  • b)   Account opening requests over internet are acceded to only after proper introduction and physical verification of the identity of the customer.
  • c)   There is little scope to accede to customers’ request for stop payment instructions under internet banking. Considering the same, the bank may accept such requests from customer as a matter of grace under such circumstances where it is feasible to accept.
  • d)   Recognizes the rights of the customers and liability of the bank on account of unauthorized transfer through hacking, denial of service on account of technological failure etc. The bank will have adequate checks and balances to insure itself and its customers from such risks.

Customer Registration

The Bank will strive to provide the customers, easy and user friendly option for registration for internet banking services, minimizing the need for the customer to visit the access points/branch for such service.

Towards this, the bank will put in place the following arrangements for registration for internet banking by account holders and for upgrading existing Airtel Money Customers.

  • a)   SMS containing link of our internet banking will be sent to the customer to register for internet banking. The link will guide the customers to the bank’s website and give the customer the option to provide consent for the same by verifying the OTP. After completion of the process, the customer is getting registered for Airtel payments Bank internet banking.
  • b)   New Customer onboarding including upgradation of bank wallet customer will also be done over the internet by following the applicable regulatory guidelines. In the process, the customer will enter his/her KYC details applicable to a bank customer. Post entering the details, customer will be directed to visit its nearest access point to submit physical documents or to undertake e-KYC process. The bank will use the Authentication User Agency (AUA) & E-KYC User Agency (KUA) provided by UIDAI for the purpose.

Regulatory and Supervisory Aspects

  • a)   Internet banking facility is available to the customers of the bank whom are Resident Indian Nationals.
  • b)   Internet banking services will be available only to include transactions in Indian Rupees and Indian Rupees products.
  • c)   While ensuring security of the transactions undertaken through internet banking, the bank will make mandatory disclosures of risks involved, responsibilities and liabilities of the customer while doing transactions through internet.
  • d)   Copy of internet banking user guidelines and Terms and conditions for using internet banking (clearly explaining the responsibility of the user and liability of the bank) will be made available on the website of the bank.
  • e)   The bank understands that hyperlinks from banks’ websites, raise the issue of reputational risk. Such links should not mislead the customers into believing that banks sponsor any particular product or any business unrelated to banking. Considering the same, Hyperlinks from our bank’s Site to other sites will be confined to such portals with which the bank has payment arrangement or sites of its subsidiaries or principal.
  • f)   The bank understands the risk arising out of outsourced service providers associated with internet banking such as disruption in service, deflective services and personnel of service provider gaining intimate knowledge of banks systems and customers.
  • g)   The bank will ensure safeguarding the interest of the bank and its customers by adopting sound and responsive management practices through due diligence and management of risks arising from outsourcing activities as guided by its outsourcing policy, formulated in line with RBI Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by banks.
  • h)   While facilitating customers for undertaking e-commerce transactions in a seamless way, the bank will ensure appropriate settlement arrangements and secured connectivity between the gateway and the computer system of the bank.
  • i)   The bank will scrupulously adhere to the KYC Directions 2016. Towards this, it will have a robust mechanism of identifying frauds/suspicious transactions undertaken through internet banking, take immediate follow up action and submit appropriate report to the RBI/FIU within the prescribed timelines.
  • j)   The bank will set up cyber security operation center, which will monitor and manage cyber risk on a real-time. The bank will immediately inform RBI of any cyber-attack incidents including such incidents where the attempts are not fructified.
  • k)   The bank through its dedupe checking and one IMEI one wallet/account checking, will ensure that one individual is allowed to have only one customer relationship with the bank.

Internal Control System

  • a)   The scope of internal audit/inspection of the bank will cover, among others, internet banking facility provided by it to its customer to ensure that adequate safeguards are in place to protect integrity of data, customer confidentiality and security of data.
  • b)   The bank will ensure that a robust audit trail is generated to facilitate conduct of audit, serving as forensic evidence when required and assist in dispute resolution. Any breach or failure of security systems and procedures will be reported to the higher authority including to the board.

Customer Complaints & Grievance Redressal Mechanism

  • a)   Customer complaints/grievances arising out of internet banking and financial services availed through internet banking would be covered under the Customer Grievance Redressal Policy and Customer Compensation Policy of the bank as well the Banking Ombudsman Scheme of Reserve Bank of India.
  • b)   Customers can lodge their complaints relating to internet banking through various modes as described in the Grievance Redressal Policy of the bank including the internet banking module. It would be the endeavor of the bank to resolve such complaints within the timeline specified in its Grievance Redressal Policy.

Review of the Policy

The policy will be reviewed whenever there is a change in the regulations and internal policy of the bank.