Dvara Research BlogDvara Research Blog
Dvara Research Blog
Doorway to Financial Access
  • Home
  • Our Work
  • Themes
  • Subscribe
    • Email Subscription
    • Feed
  • Contact Us
Menu back  

Insights from the “Digital Payments Roundtable” hosted by the Future of Finance Initiative

May 30, 2017Leave a commentEvents Viewed : 3884

(This post is authored by the Future of Finance Team at the IFMR Finance Foundation).

In April, the Future of Finance Initiative (FFI) hosted a series of closed door workshops with a small set of digital financial service providers focusing on payments, credit and investments. The primary goal of the workshops was to map the “transaction journeys” of individuals using digital financial services in India and identify points of weakness from a supply side perspective. This helped us get a clearer understanding of the emerging customer level vulnerabilities in the Indian digital financial landscape. This blog summarises key insights from the first workshop that we hosted on digital payments. The discussions were held under the Chatham House Rule, so this post is limited to overall themes without attributing comments to participants. We thank the participants for their frank and open views presented at the discussions.

The payments ecosystem in India has undergone rapid evolution in the recent past. Post demonetisation, the big push from Government to scale up digital payments has been front-and-centre on the policy and industry agenda. Given all of this, we wanted to understand:

  • How are providers providing solutions relevant to new market segments?
  • Where are the risks and vulnerabilities across the chain of the players and processes associated with making a digital payment?

We posed some of these questions to the carefully curated set of participants of the digital payments workshop. They reflected players across the payments ecosystem in India including wallets, payment system operators, payment gateways, card payment processors and software developers.

New customer segments need new products tailored to their needs

The workshop kicked off with a discussion on broad trends and considerations emerging for those working in the payments industry in India. A key observation was that new segments of customers are being brought into the digital payments ecosystem who are different in their capacity to absorb any losses, compared to existing customers. This opens up new opportunities and responsibilities for providers, including on product design and innovation.

Specifically, financial services tailored for low income consumers, have not evolved in the Indian financial market — unlike other sectors such as telecommunications (where for e.g. different levels and durations for phone recharges are available). As an illustration, most credit cards are set up for 45 days cycles as they are aimed to cater to “salaried’ employees who earn once a month. However, there are no cards with 20 days cycles for people earning twice a month or at more frequent intervals (such as those in part-time work or the informal sector). In the future, such a segment could be served by small finance banks and payment banks, potentially in partnership. Some participants felt that this approach to banking could be a more effective for fostering financial inclusion than recent government schemes which scale-up inflexible products (such as no-frills bank accounts).

Services providers in the chain of payments

The FFI’s focus to date has been understanding customer-level risks in digital finance. We wanted to use this opportunity to test our concerns with providers involved in payments transactions. To frame the discussion, and locate the various parties in the chain of a payments transaction, we presented a simplified schematic of our understanding of the payments ecosystem to the participants.

Figure 1: Card Not Present[1]: Online Payment Schematic


Source: The Future of Finance Initiative (2017)

The black arrows track transaction data flows and the green arrows tracking funds flows in the back end of a typical payments transaction. Participants agreed that this reflected the flows of a standard payments transaction. This schematic has remained broadly the same at the back-end for most forms of payments, but the challenges from the push towards newer forms of digital payment methods arise mainly due from (1) the variance among front-end customer-facing applications (2) increases in volumes of transactions and (3) the related data. 

Pain Points include security, transaction failures and policy uncertainty  

Discussions then followed through the afternoon about the operational aspects of completing payment transactions and pain points in the current scenario.

Data protection and data security: Payment services providers generally include clauses in their terms and conditions regarding customer data use. However the practices around this vary vastly. A key concern with direct impact on customers relates to data security, given the amount of data collected, stored and transmitted digitally in the payments process. ISO 27001 is the key global standard to which players in the payments industry generally aspire to. It was observed that full compliance with the standard was unaffordable for most providers, though the majority of them complied to the best extent possible.

Issues with the Payment Card Industry Data Security Standard (PCI DSS) — the industry standard for policies and procedures aimed at protecting data in card and payment transactions –- were also discussed. Adherence to all aspects of the PCI–DSS was patchy across industry participants. The standard does not have an enforcement body (being an industry standard with compliance driven by the requirements of other payment brands and acquirers). Concerns were raised that certain payment gateways and services were falling foul of the requirements without being censured –for example, by storing CVV for extensive periods of time in contravention of PCI-DSS.[2] It was pointed out that the PCI DSS provisions are from a pre-mobile era, and tend to be web-focussed. This results in gaps arising even in these standards with respect to data security for mobile transactions.

With regard to future regulation, participants stressed the need to balance the costs of compliance to be measured against evaluations of risk carefully when regulations are being formulated.

Hardware security: Hardware security is often overlooked in discussions around payments security. Participants discussed the absence of hardware checks for mobile phone handsets or regulations limiting pre-installed applications on mobile phones. This opens up the possibility of phones manufactured in other countries being sources of data theft and spyware. For instance, in 2016 firmware was found on Chinese manufactured smartphones being sold in the US which transmitted personally identifiable information (PII) to servers in China via a back door.[3]

To raise consumer awareness of security vulnerabilities and to drive providers to adopt better security practices, one idea suggested was to develop standardised indicators on apps and webpages to give usersSource: hostcats.com (2016) an immediate indication of the level of security. An existing example of this is the green lock HTTPS URL marker (right) currently used to indicate that a web browser holds a Secure Socket Layer (SSL) certification.

Transaction failures and frauds: Participants noted that the payments industry needs to improve on the failure rates for transactions to avoid affecting consumer confidence and usage. There was consensus that the regulator could play a constructive role in publishing aggregated information about transaction failure rates to incentivise higher data security standards. Providers themselves would shy away from publishing this kind of data individually. However, aggregated data published by a neutral third party or regulator could drive the providers to measure themselves against this benchmark and aspire to better rates.

Regulatory uncertainty and intervention: Participants discussed concerns about the impact of regulatory uncertainty along with how prescriptive regulatory standards had the potential to stifle innovation. Providers were concerned about competing with Government sponsored payments products and services and were anxious about Government subsidies and price caps that could put pressure on market prices, and introduce uncertainty for providers who were seeking to be commercially viable. There was also discussion on the need for having a level-playing field for new payment service providers as against established providers like banks.

Overall, the workshop was a fascinating deep dive into the perspective of the various actors who participate in making a payment transaction possible – while keeping the customer’s experience and concerns at the heart of the discussions.

—-

About the Future of Finance Initiative:

The Future of Finance Initiative (FFI) is housed within IFMR Finance Foundation and aims to promote policy and regulatory strategies that protect citizens accessing finance given the sweeping changes that are reshaping retail financial services in India – including those driven by Indiastack, Payments Banks, mobile usage and the growing P2P market.

—

[1] Card not present (CNP) refers to a purchase a consumer makes without physically being present or presenting his or her credit or debit card at the time of purchase.  CNP transactions often occur online and are conducted by consumers without the actual in-store credit card swipe – which is likely the major direction of travel, as more digital payments are made over mobile/internet to pay for goods and services.

[2] For more see: https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf

[3] For more see: http://gadgets.ndtv.com/mobiles/news/chinese-firm-installed-back-door-on-thousands-of-smartphones-says-it-was-a-mistake-1626136

 

Share Via :Tweet about this on Twitter
Twitter
Share on Facebook
Facebook
Share on LinkedIn
Linkedin
Email this to someone
email
digital paymentsFFI-WorkshopFuture of Finance
Leave Comment

Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

four × five =

clear formSubmit

Related posts
Primer on Designing Optimal Regulation
April 4, 2019
Primer on Consumer Data Infrastructure
April 4, 2019
Primer on Suitability for Consumer Data Use and Product Design
April 3, 2019
Primer on Consumer Data Regulation
April 2, 2019
The 4th Dvara Research Conference on Regulating Data-driven Finance
April 1, 2019
Proceedings of the Participant Sessions at the Workshop on Suitability in Microcredit
December 10, 2018
Search
Recent Comments
  • Srikara Prasad on Artificial Intelligence in Digital Credit in India: “Thank you for the feedback and for sharing these resources, Mr Rathi. They will definitely be helpful in our work.”
  • Harshit Rathi on Artificial Intelligence in Digital Credit in India: “Hi, Wonderful article on the use of AI/ML for digital credit in India. As rightly mentioned in the article, many…”
  • Srikara Prasad on Artificial Intelligence in Digital Credit in India: “Thank you, Bindu. Our upcoming posts on regulation of AI in finance will benefit from these pointers. It will be…”
Subscribe and Follow Us

Popular Post

Popular Post
  • Making Grievances Matter: Unpacking Exclusion, Grievance Redress, and the Role of Civil Society Organisations
    March 2, 2021
  • Access, Redressal & Finance in Uttar Pradesh: The Farmers in Rural Uttar Pradesh
    February 19, 2021
  • Consumer Grievance Redress in Financial Disputes in India
    February 18, 2021

Categories

Categories
  • Channels(88)
  • Consumer Protection(33)
  • Events(30)
  • Featured(31)
  • Field Reports(6)
  • From the field(9)
  • General(22)
  • Guest(29)
  • Household Research(75)
  • Long Term Debt Markets(9)
  • News(45)
  • Origination(30)
  • Products(42)
  • Regulation(112)
  • Research(176)
  • Risk Aggregation(26)
  • Risk transmission(63)
  • Small Cities(21)
  • Technology(25)
  • Uncategorized(105)
  • Unemployment Support(5)

Archives

Archives
  • March 2021 (1)
  • February 2021 (8)
  • January 2021 (4)
  • December 2020 (7)
  • November 2020 (7)
  • October 2020 (11)
  • September 2020 (10)
  • August 2020 (12)
  • July 2020 (3)
  • June 2020 (5)
  • May 2020 (8)
  • April 2020 (4)
  • March 2020 (8)
  • February 2020 (3)
  • January 2020 (9)
  • December 2019 (4)
  • November 2019 (3)
  • October 2019 (7)
  • September 2019 (3)
  • August 2019 (2)
  • July 2019 (4)
  • June 2019 (4)
  • May 2019 (4)
  • April 2019 (7)
  • March 2019 (2)
  • February 2019 (3)
  • January 2019 (3)
  • December 2018 (5)
  • November 2018 (2)
  • October 2018 (5)
  • September 2018 (2)
  • August 2018 (2)
  • July 2018 (2)
  • June 2018 (2)
  • May 2018 (1)
  • April 2018 (1)
  • March 2018 (5)
  • February 2018 (2)
  • January 2018 (2)
  • December 2017 (5)
  • November 2017 (4)
  • October 2017 (3)
  • September 2017 (1)
  • August 2017 (3)
  • July 2017 (1)
  • June 2017 (3)
  • May 2017 (4)
  • April 2017 (3)
  • March 2017 (4)
  • February 2017 (3)
  • January 2017 (6)
  • December 2016 (5)
  • November 2016 (2)
  • October 2016 (3)
  • September 2016 (5)
  • August 2016 (4)
  • July 2016 (4)
  • June 2016 (8)
  • May 2016 (4)
  • April 2016 (5)
  • March 2016 (4)
  • February 2016 (3)
  • January 2016 (3)
  • December 2015 (3)
  • November 2015 (1)
  • October 2015 (2)
  • September 2015 (3)
  • August 2015 (5)
  • July 2015 (3)
  • June 2015 (3)
  • May 2015 (3)
  • April 2015 (2)
  • March 2015 (3)
  • February 2015 (1)
  • January 2015 (1)
  • December 2014 (5)
  • November 2014 (4)
  • October 2014 (3)
  • September 2014 (4)
  • August 2014 (4)
  • July 2014 (4)
  • June 2014 (8)
  • May 2014 (1)
  • April 2014 (4)
  • March 2014 (5)
  • February 2014 (6)
  • January 2014 (8)
  • December 2013 (7)
  • November 2013 (8)
  • October 2013 (7)
  • September 2013 (7)
  • August 2013 (5)
  • July 2013 (6)
  • June 2013 (7)
  • May 2013 (6)
  • April 2013 (8)
  • March 2013 (9)
  • February 2013 (6)
  • January 2013 (9)
  • December 2012 (8)
  • November 2012 (7)
  • October 2012 (5)
  • September 2012 (5)
  • August 2012 (5)
  • July 2012 (7)
  • June 2012 (4)
  • May 2012 (6)
  • April 2012 (4)
  • March 2012 (7)
  • February 2012 (6)
  • January 2012 (8)
  • December 2011 (8)
  • November 2011 (7)
  • October 2011 (8)
  • September 2011 (7)
  • August 2011 (3)
  • July 2011 (6)
  • June 2011 (11)
  • May 2011 (8)
  • April 2011 (9)
  • March 2011 (13)
  • February 2011 (10)
  • January 2011 (8)
  • December 2010 (10)
  • November 2010 (10)
  • October 2010 (10)
  • September 2010 (7)
  • August 2010 (13)
  • July 2010 (10)
  • June 2010 (6)
  • May 2010 (13)
  • April 2010 (7)
  • March 2010 (10)
  • February 2010 (5)
  • January 2010 (4)
  • December 2009 (3)
  • November 2009 (1)
  • October 2009 (6)
  • August 2009 (1)
  • July 2009 (2)
  • June 2009 (1)
  • May 2009 (1)
  • April 2009 (1)
  • March 2009 (1)
Share Via :Tweet about this on Twitter
Twitter
Share on Facebook
Facebook
Share on LinkedIn
Linkedin
Email this to someone
email
Site Map

www.dvara.com