Mobile Banking Policy
Approval Details
Date & Approver of the Policy
Approval Date- 18 October 19
Approver- Pallavi Sud / A Ganesh
Classification- Public
Introduction
Airtel Payments Bank Limited will be offering various products and services as part of its line of business activities permitted under the Payments Bank guidelines of Reserve Bank of India. Our Bank envisions to provide innovative solutions to customers to fulfill their requirements by keeping the processes simpler, user friendly and reliable.
One of the channels to deliver banking services is through the use of mobile device. With the advent of affordable handsets, greater data connectivity and the fact that mobile penetration is very high, the Bank would like to offer mobile banking and financial services as of the direct banking channels for its customers. Mobile as a channel gives customers a 24*7 access to banking information & services to all its customers.
Scope
This facility shall be for all types of mobile channels and all types of accounts on which mobile banking services will be offered to the customer. The mobile banking also span across following modes:-
i. Mobile Application based services
ii. USSD services
iii. SMS banking
Non-financial Services
This document lays down requirements related to mobile banking services which include various financial, non- financial services and information-based services as follows:-
a) Registration
b) Authentication
c) Linking of accounts
d) Self-care, Card Management
e) View Account Balance/Statements (Mini statements, Period based etc., download statements).
f) Application for services
g) Secured storing of credentials
h) Transaction status updates, information and advices
i) General Product Information
j) Notifications
k) Other types of non-financial services which bank will add from time to time
Financial Services
a) Fund Transfer (Intra Bank/Inter Bank)
b) Utility/Bill/Credit Card Payments
c) Recharges
d) Ecommerce/Mcommerce payments
e) Standard Instructions
f) Other types of financial services which bank will add from time-to-time
Information Based Services
a) Locator Services (Branch, CSP, FIFO, ATM, etc)
b) Offers
c) Feedback
d) Contact us
e) Use of customer’s social login or device print to customer or enhance intuitive transaction or services to customers
f) Financial market information such as deals executed, outstanding documents, confirmations, etc.
A) Regulatory Requirements
In line with the RBI guidelines on mobile banking, Airtel payments Bank adhere to guidelines as under:-
Airtel Payments Bank(APB) has implemented Core Banking Solutions. APB provides domestic services only which involve Indian rupee transactions. APB follow KYC, AML, CFT guidelines while on boarding. It has a robust mechanism of identifying frauds and comply with the regulatory reporting such as submitting suspicious Transaction reports etc. to the concerned authorities.
B) Impact Assessment
Mobile Banking services shall be offered only to those customers who are on boarded through appropriate KYC guidelines.
The services shall be offered 24X7 provided the customer has the internet access on the device data access etc.
The services shall be offered in accordance with the legal terms and conditions appropriately communicated to the customers by the bank.
The bank shall deploy suitable standards and procedures to ensure that its mobile banking and financial services are network independent i.e. mobile phones of any network operators can be used for availing the mobile banking services of the bank
C) Customer Registration
Airtel Payments Bank strive to facilitate customer registration for mobile banking through various channels which, interalia, include internet banking, IVR, etc. We also communicate to customers regarding mobile banking services and options available for customer registration.
D) Technology & Security Standards
In Airtel Payments Bank, all transactions are end to end encrypted. We use public private key encryption. Following algorithms are used for encryption:-
• RSA/ECB/PKCS1Padding • TripleDES
Periodic risk management analysis, security vulnerability assessment of application and network shall be conducted by the bank at periodic intervals.
The bank shall maintain appropriate data privacy standards for all sensitive customer data and transaction data updated through mobile banking and financial services.
The bank shall use only accredited mobile banking and financial services servers for its transaction offering
The bank shall conduct regular Information Security Audit of the mobile banking and financial services in accordance with the IT audit plan of the bank.
E) Interoperability
Our app is operator agnostic. Customers on different mobile networks can create their accounts and access our banking services. Our mobile banking service is handset agnostic. Customers can access our mobile banking on various handsets.
F) Clearing & Settlement of Inter-bank Fund Transfers
Airtel Payments Bank will participate in all payments systems and customers can avail such services through mobile banking.
G) Customer Service & Grievance Redressal Mechanism
Bank shall ensure that there are adequate customer education and awareness programs through difference channel of communication.
The full details of the terms and conditions of service offered by the bank shall be communicated to the customer in a manner that the legal risk involved in mobile banking and financial service transactions are communicated to customers appropriately.
The bank shall notify the time frame and circumstances in which any stop payment instructions could be accepted.
The bank shall periodically assess extant regulatory and statutory requirements relating to customer protection. The bank shall take adequate counter measures to contain the risks resulting in customer liabilities.
The bank shall make mandatory disclosures such as risk and responsibility and liabilities of the customer through various channels.
Customer complaints/grievances arising out of mobile banking and financial services facility would be covered under the Customer Grievance Redressal Policy and Customer Compensation Policy of the bank as well the Banking Ombudsman Scheme of Reserve Bank of India.
Customers can lodge their complaints relating to mobile banking through the following modes:-
Level 1:- In the app, there will be customer service tab, in which we will give access to customers to log complaints. These complaints will land up to our vCare where our customer care executives will provide resolutions.
Level 2: If the grievance is not redressed within seven working days, customers can also mail to our grievance officer through email , the details of which are available on the website of the bank.
It is our endeavour to redress all such complaints/customer grievances with minimum Turn Around Time as per the policy of the bank and applicable regulatory guidelines.
H) Transaction Limits
The bank shall consider placing appropriate limits taking into account the guidelines issued by Reserve Bank of India and its own risk perception and shall include
Daily cap on transactions involving purchase of goods and services
Cap on transaction limits and velocity limits in case of remittance of funds for disbursement in cash.
I) Remittance of Funds for Disbursement in Cash
We have developed an ecosystem of Customer Service Points (CSPs) and Financially Included Franchise Outlet (FIFO) from where our customers can withdraw cash in close proximity to customers.
J) Risk Management and Mitigation
The risk management and control requirements applicable for mobile banking and financial services are covered under the following broad heads:
· Technology and Security Standards that will ensure confidentiality, integrity, authenticity and non-repudiation.
· Transactions limit
· Customer Service
· Customer Protection and grievance redressal
In addition to the above, we have the following risk mitigation measures:
a. Two factor authentication: - Our authentication matrix involve two factors:- mPIN (what you know) & OTP (what you have). Transactions valuing less than Rs. 2,000/- will be permitted through single factor and beyond Rs. 2,000/- are authenticated by two factors. Customers are notified of these with choice to customers to exercise option.
b. Specific OTP for adding new payee: Each new payee is authorized by the customer based on an OTP sent via SMS by the bank which also shows payee details.
c. Cooling Period & intimation to customer for adding new beneficiary: A cooling period of 1 hour is provided for adding a new beneficiary. The customer is intimated via SMS and E-mail alerts whenever a new beneficiary is added.
d. Session breakage/interruption: We ensure that an authenticated session, together with its encryption protocol, will remain intact throughout the interaction with the customer. However, in case of any session breakage or interruption during customer interaction, the session is terminated and the affected transactions is resolved or reversed out. Further, the customer is notified promptly by the bank that the session is being concluded.
e. Second Channel notification/confirmation: The bank notifies the customer, through SMS, of all payment or fund transfer transactions above a specified value to be determined by the customer.
f. De-dupe system:- We have developed a de-dupe system in which customers are allowed to create any one account in our system.
g. Blacklist validation:- We undertake this validation as part of our KYC/AML policy.
K) Review
The policy shall be reviewed at annual intervals or at such periodic intervals when it is deemed necessary or if there is any regulatory changes necessitating such reviews.