Financial Inclusion Transaction Switch

Author: Ashish Banerjee, 19 Jan 2011. (For Private Circulation Only). version 1.3

Executive Summary
The process of ensuring access to financial services and timely and adequate credit where needed by vulnerable groups such as weaker sections and low income groups at an affordable cost - The Committee on Financial Inclusion (Chairman: Dr. C. Rangarajan, 2008)

Financial Inclusion is a Public Private Partnership initiative for providing access to the main stream banking services for Below the Poverty Line (BPL) Citizen of India. Out of 1.2 Billion Indians only 240 million citizens have access to banking services; Whereas 450 million people have mobile phones. UIDAI (Unique Identity Authority of India) under the Planning Commission, targets to provide unique identity to 450 million residents in next 5 years. UIDAI have identified Financial Inclusion as the main driver for UID and enabling egovernance. RBI (Reserve Bank of India) has liberalized banking rules like KYC (know Your Customer) and Outsourcing of banking services to facilitate financial inclusion. Public sector banks are proactively working on the initiative. For example, the largest public sector bank, SBI, with the help of 79 outsourcing partners, have opened more than 40 lakhs no-frill bank accounts for poor farmers in the rural areas. As the Financial Inclusion initiative is growing at a rapid pace, with the participation of 96 banks with each bank having about 70 outsourcing partners, the technology diversity and interoperability are an issue. Also, there is a need for inter-bank customer transactions, that is one customer of a bank must be able to transact with another bank's customer. The conventional channels like Visa/Master credit-card networks, ATM networks and RTGS (Real Time Gross Settlements) are not suitable for low value with high volume tractions. Thus RBI has encouraged formation of multilateral transaction system for financial inclusion. This establishes an urgent need for a Financial Inclusion Transaction Switch. Financial Inclusion Transaction Switch will enable financial inclusion beneficiaries to transact with each other, even when they have accounts with different banks. Also, the Financial Inclusion Transaction Switch will allow other intermediary services like micro-finance and micro-insurance to be delivered directly to the BPL citizen.

This paper outlines the business opportunity in financial inclusion and micro transaction in India. It then outlines the regulatory guidelines followed by technical standards, specification and architecture of the financial transaction switch.
1. Financial Inclusion Business Model ..................................................... 3 1. Background ....................................................................................... 3 1. Financial Inclusion Initiative in India................................................... 4 2. Services Envisioned within Financial Inclusion Initiative......................... 4 3. Entities........................................................................................... 4 2. Roles and Business Models................................................................... 5 1. Apex Bodies .................................................................................... 5 2. Banks ............................................................................................ 5 3. BC/BF ............................................................................................ 6 4. CSP ............................................................................................... 6 1. Customer Service Point (CSP) Device............................................... 6 5. Multilateral Financial Transaction Switch Providers ............................... 7 3. Financial Inclusion Business Processes................................................... 8 4. Transactions and Use-cases ................................................................ 11 1. Transaction Security ....................................................................... 11 2. Banking Transactions ...................................................................... 12 3. Payments ...................................................................................... 12 1. On Demand or Pull Based Micro-payments.......................................12 2. Interbank Micro-Payment via Multilateral Financial Transaction Switch 12 4. Receipts ........................................................................................ 13 5. Balance Inquiry .............................................................................. 13 2. Financial Inclusion Transaction Switch: Technology Architecture ..... 13 1. The Building Blocks........................................................................... 14 1. Customer Card ............................................................................... 14 1. Card Security .............................................................................. 15 2. CSP Device .................................................................................... 15 3. Secured Mobile Gateway.................................................................. 16 4. Secured Messaging Layer................................................................. 16 5. Transaction Core ............................................................................ 16 6. External Channel Gateway ............................................................... 17 3. Oracle Technology Stack ................................................................... 18 1. Database ....................................................................................... 18 2. Business Process Manager (BPM) ......................................................18 3. Business Rules Engine ..................................................................... 18 4. Weblogic Application Server (WLS)....................................................19 5. Oracle Service Bus .......................................................................... 19 6. Complex Event Processing ............................................................... 19 7. Single Sign On and Federation.......................................................... 19 4. Implementing a High Velocity Payment Infrastructure ..................... 20 5. Conclusion ........................................................................................ 22 6. Resources: ........................................................................................ 22 1. RBI : Approach papers & presentations on Financial Inclusion..................22 1. RBI Guidelines and Policy Documents ................................................22 2. UIDAI .............................................................................................. 23 3. Others ............................................................................................. 23 4. Master Visa Cards.............................................................................. 23 5. Biometrics Technologies ..................................................................... 24 1. Fingerprint..................................................................................... 24

2. IRIS Scan ...................................................................................... 24 6. Oracle SOA Suite 11g......................................................................... 24

Financial Inclusion Business Model

Background
Financial Inclusion is a Nation wide initiative to include the BPL (Below Poverty Line) citizens into the banking system, under the Private Public Partnership (PPP) model. Financial Inclusion brings banking services to the financially excluded, economically weak sections, of the society. According to Dr. K.C.Chakrabarty, Deputy Governor, Reserve Bank of India, prior initiatives like Co-operative Movement, setting up of State Bank of India, Nationalization of banks, Lead Bank Scheme, RRBs (Regional Rural Banks), Service Area Approach,Self Help Groups have failed to significantly reduce the financially excluded population in India. About 40% of its citizen have a bank account. The lack of previous generation financial inclusion schemes is mainly attributed by him to lack of technology applications in banking, this technology barrier have been overcome in the current initiatives. India has about 1.2 Billion people, and has 70 million income tax payers (PAN card holders), 60 million passport holders and 90 million driving license holders. India has in excess of 450 million mobile phones and around 240 million bank accounts. India has 150 million BPL (Below Poverty Line) identifications. Most of its citizen do not have access to formal system of banking and therefore either resort to taking very high rate loan (some times as high as 5% per month). Thus there is an urgent need for financially include maximum number of its citizen. The un-banked citizens resort to very high interest loans from local money lenders who charge as much as 60% interest per annum. The MFI (Micro Finance Institutions) has stepped in to help the BPL citizens. They follow the Mohd. Yonus's Grameen Bank model. In this model the MFI organizes the villagers into SHG (Shelf Help Groups) and empower them to form a group of 10 to 12 persons make savings; Based on the saving history, the group members' loan repaying capacity is estimated. The member can avail loan from the MFI and the load is guaranteed by the SHG. The loan repayment record has been excellent, in tune of 98.8%. MIX (Micro-finance Information Exchange) data shows than India has 130 MFIs, US$ 2.1 billion loan portfolio with 16.1 million borrows and they have deposits US$ 88.6 million from 1.2 million depositors. However, RBI (Reserve Bank of India) has taken an exception of the fact that even though the default rate is negligible, around 1%. MFI charge interest as high as 35% per annum, eqivalent to the credit card balance charges, which has a very high default rate of 10%. To promote Financial Inclusion, RBI has relaxed certain norms like KYC (Know Your Customers) and has allowed outsourcing of banking activities to agencies called Business Correspondents or BC and allowing mobile banking transactions. RBI has mandated public sector banks to include BPL citizen in the banking system. NABARD (National Bank for Agriculture and Rural Development) is also promoting disbursement of loans related to rural enterprise and thus also promotes Financial Inclusion.

Financial Inclusion Initiative in India

The financial inclusion will not only help the BPL (Below Poverty Line) citizens access to banking system, but also helps plug leakages in resource allocation and brings about egovernance efficiency. For example, as per an ET (Economic Times) article, CLSA research estimates that over the next 5 years, more than 40% of the US$ 250 billion government subsidy will be siphoned off and will not reach the targeted citizens. With Financial Inclusion, the subsidies can be paid directly to the BPL citizen's account, bypassing the leakages in intermediary routes. It will grow the GDP and will expand the taxpayer base. In the long run, it will also eliminate the parallel economy, also popularly known as black money economy. Technology is identified as the key driver in the present Financial Inclusion Initiative. Along with relaxed norms, adequate safeguards against misuse of the relaxed norms have been provided through RBI policies and guidelines see: RBI Polices References. . Biometric technologies, namely finger-print and photographs are being used. However, with UIDAI Aadhar ID taking off, Iris scan is also being used for de-duplication of identities as iris scan and the National consensus has mandate to record iris scan of the citizens along with the census data. Mobile and Biometric technology enabled Financial Inclusion initiative is progressing at a fast rate, SBI has opened 40 Lakhs of no-frills bank accounts, branded as SBI Tiny, for the BPL citizens across India in 2009. Other public sector banks have proportionate numbers based on their size, totaling to more than 28 million no-frills account. RBI plans to have 50 million house-holds financially included by 2012 and 100 million by 2015.

Services Envisioned within Financial Inclusion Initiative

Immediate Credit Savings products Remittances & Payment services Insurance - Healthcare Mortgage Financial advisory services Entrepreneurial credit (source: presentation by Dr. K.C.Chakrabarty, Deputy Governor, Reserve Bank of India) Direct Electronic Benefit Transfer (EBT) by banks to citizens qualifying for government schemes like PDS (Public Distribution Scheme) subsidy and NREGS (National Rural Employment Guarantee Scheme).

Entities
NGO (Non Government Organization) are not for profit organizations can be formed under Indian Societies Act or Under section 25 of Companies Act 1956. MFI (Micro Finance Institutions) are NBFI (Non Banking Financial Institutions) , that lend to the Below the Poverty Line (BPL) persons. NBFI are regulated by RBI and it can be either for profit or not for profit organization. Business Correspondents (BC) are appointed by banks as their agents to transact banking services to remote areas. BC act as Bank's agent in the financial inclusion

process. In 2008, SBI had 79 BC in Noth-East. Post Offices also have mandate to act as BC. Business Facilitator (BF) is like BC, but cannot transact cash. In 2008, SBI had 76 BF in Noth-East. Customer Service Point (CSP) are the agents of the BC, and they act as Human Micro-ATM. They are usually women operating small shops in the same village. Common Services Centres (CSCs) are established by the Service Centre Agencies (SCAs) under the National e-Governance Plan (NeGP). CSC, deliver e-government services and charge a fees. SCA are NGO affiliated to the Ministry of IT (Information Technology) and can become a BC. Rural Central Processing Center (RCPC), are regional centers of the banks which coordinate loan disbursement in their circle, they also train, monitor, co-ordinate, enable and audit the BC/SCA. SBI (State Bank of India) has more than 126 RCPC.

Roles and Business Models

Apex Bodies
Apex bodies like RBI, UIDAI and NABARD are mandated by the government to enable, catalyze and facilitate financial inclusion through policy intervention as well as direct actions. RBI is the governing body for all banks. Its the Banker of the Banks. NABARD (National Bank for Agriculture and Rural Development) , under RBI directive support, monitor and regulate rural banking. It also facilitates loan disbursements through RRB (Regional Rural Banks) and Primary Agricultural Credit Societies (PACS). NABARD also issues bonds for raising capital for rural loans. UIDAI (Unique Identification Authority of India) will provide a 12 digit Unique ID or UID (Aaadhaar ID) to all residents of India. This initiative captures biometrics like photograph, fingerprint and iris scan for uniquely identifying a resident. A resident need not be a citizen of India to get an UID. UIDAI pays Rs. 30 for enrollment to an agency like NGO or CSC (Common Service Center) and would charge a small amount from organizations for verification and authentication of a UID through a secure web service.

Banks
Banks are primarily responsible for creating and managing the no-frill accounts. They ensure compliance with the RBI guidelines and also provide loans and related banking functions. They outsource their financial inclusion activities to BC under RBI guidelines and pay BC commissions. Following are the benchmark commissions that are paid by the banks to the BC: Account opening :- Rs. 10 one time Transaction fee of 0.5% of all receipts and payments Cash management fee of 0.5% of the daily net cash deficit at CSPs (Customer Service Providers) outlets. Account management :- Rs. 4.50 per month per account 2% commission for each loan application processed and disbursed 1% additional commission on successful loan recovery, at the end of final installment received.

 Rs. 25K per cash point to purchase equipment. Rs. 2,500 per month for routine expenses such as paper, mobile etc. per cash point.

BC/BF
Syndicate Bank in its RFP issued in 2010 has mandated BC to carry out the following activities on its behalf: Opening of deposit a/c Opening of loan a/c Cash deposit Cash withdrawal Transfer transaction ( both deposit & withdrawal ) between two cards Uploading transactions Offline and Online Downloading Interest paid/ loan repaid transactions Pension disbursement through centralized job stream posting A report generation module for generation of various MIS reports Enquiry module for on line quarry and help line related activities Dormant Flagging for Inactive Accounts Account closure module Asset Classification Interest application for loans /Deposit accounts Some of the BC are BASIX, FINO, ALW (Zero Mass Foundation). ALW and FINO also provider of Micro Finance Transaction Switching platform.

CSP
The CSP is appointed by the BC, as per RBI guidelines. The BC shares with the CSP a part of the commissions received from the Bank. Customer Service Point (CSP) Device

source: ET, Brand Equity, 19May10, used without permission for internal use only. The CSP device consists of a Bluetooth enabled thermal printer, fingerprint scanner and a GPS. Which, communicates with a mobile device which has a Java ME application and stores offline transactions as well as fingerprints of all the accounts in its catchment area. The device as per UIDAI Micro-ATM1 specification should be able to store 10,000 fingerprints and 1000 transactions or one day worth of transactions which ever is more.

The CSP device communicates to a secure WAP gateway using GPRS. It can operate even when there is no connectivity and can sync, with the server when the CSP reaches a GPRS signal zone.

Multilateral Financial Transaction Switch Providers

In the main stream financial world, for international payments SWIFT provides the transaction switch platform to banks and large corporates. SWIFT charges about Rs. 400 per transaction. RBI operates RTGS and NEFT for national inter bank transactions. Master and Visa are the biggest providers of Financial Transaction Switching platforms. They are focused on Credit Card transactions and follow PCI (Payment Card Industry) DSS(Data Security Standard) . Their transaction charges are as high as 2% and minimum charge being Rs. 50. In India ATM network is mainly operated by FSS called FSSNET. It uses Base24 platform supporting ISO8583 protocol. IDRBT operates National Financial Switch connecting about 30,000 ATMs of 32 Nationalized banks. A cost of Rs 20 is incurred per transaction on these platforms. Thus they are unsuitable for micro-transactions. Private mobile payment gateways have come up to meet the demand of micro payments like oxicash, mchek. However, they cater to urban pre-paid segment and not tuned for financial inclusion. FINO and ALW have financial inclusion transaction switches. However, there are many limitations in these platforms. for example, ALW uses open source JPOS.org ISO8583 platform and has scalability issues. None are yet geared for UIDAI compliance and integration. RBI has issued Mobile Payment system guidelinesin Oct 2009. This has addressed many security issue currently lacking in third party mobile payment gateways and transaction switches. Section 6 of The RBI directive on Mobile Transactions allows for multilateral agreement between banks with RBI permission. NPCI (National Payment Corporation of India) has launched Inter-bank Mobile Payment Service (IMPS). Its an instant interbank electronic fund transfer platform through mobile phones. IMPS facilitates Bank Customers to send money 24x7 instantaneously to any other person registered for IMPS service in any of the 7 (as of Dec 2010) participating banks using a mobile application provided by the respective banks to its customers. All IMPS registered customers can also act as beneficiaries to receive money from any participating bank. IMPS facilitates Bank Customers to send money 24x7 instantaneously to any other person registered for IMPS service in any of the 10 participating banks using a mobile application provided by the respective banks to its customers. All IMPS registered customers can also act as beneficiaries to receive money from any participating bank.The participating banks issue its customer a 7 digit Mobile Money Identifier (MMID) corresponding to a saving bank account. One mobile number can be associated with multiple MMID. The customer downloads a JavaME mobile application for transacting on the IMPS platform. To receive money a user needs to convey to the sender her mobile number and a MMID. The sender then registers the beneficiary (receiver) using the mobile application. After registering the

receiver, the sender then can instantly transfer any amount up-to Rs 50,000 per day. For GPRS Rs 0.25 is charged per transaction from the sender and for SMS based the charges are Rs 2. As per the NPCI web site, as of Dec 2010, seven banks are participating in IMPS, with 11,02,546 MMID issued. However, the transaction volume is low at present. NPCI also operates the National Financial Switch (NFS). As per the NPCI web site, " National Financial Switch covers 41 member banks with about 60200 ATMs as of 30th June 2010. The daily average volume is around 2.75 million with a peak volume of 3.1 million in June 2010. While the primary site is located in the IDRBT Campus at Hyderabad, the back up site is being developed at Mumbai. " For enabling peer-to-peer micro payment and remittances a Multilateral Financial Inclusion Transaction Switch is required. This platform can act as an bridge between IMPS, NFS and other payment gateways. This platform can enable no-frill account holders to affect cashless transact in Haat, a intervillage weekly bazaar and Mela (regional fairs) enabled by a CSP present in the location. The platform can charge a 0.25% transaction fee or Rs. 1, whichever is higher for meeting its operations costs.

Telecom Operators
Telecom infrastructure is the prime enabler of the Financial Inclusion and Mobile Banking platforms. While the Telcos are already playing a passive role of providing the connectivity and bandwidth. They can provide a secured bandwidth and VPN that is not routed through Internet, that is a Value Added Network. They can also play an active role in the Financial Inclusion by becoming the Business Correspondent and enabling their distribution and customer service points to act as CSP (Customer Service Point) for affecting transactions. They are ideally placed to provide the multi-lateral secured Financial Transaction Switch. For example, Airtel has formed a joint venture with SBI, where Rs 100 Cr will be invested and 51% will be owned by SBI. This joint venture (JV) will target the 150 million Airtel customer base, leveraging its 1.5 million retail distribution outlets for providing financial inclusion and banking & financial services. The JV targets to get 2 million customers per year. Vodaphone and ICICI has formed a JV on similar business model. As per Economic Times, 17 Jan 2011, Government panel on Mobile banking has recommended that a 2% commission will be charged by the banks from its customers transacting through their mobile phones. Banks, in turn, will share a part of this revenue with the Telco; that is a minimum of Rs 2.25 or 1.4% of the transaction value. Also, if the Telco operates a Micro ATM, as per the UIDAI specification, then the banks will pay the Telco a minimum fee of Rs 3 or 2.25% of the transacted amount, which ever is more.

Financial Inclusion Business Processes

These are the non-exhaustive list of business processes: Enrollment Process Data Capture Data Authentication and Validation De-duplication

Secure storage and backup Biometric refresh Card & Terminal Life-cycle Card Life-cycle management CSP Terminal Life-cycle management Public Key Infrastructure management (as per IT Act 2K) Account opening Account closure Transactions Account balance enquiry Cash deposit Cash Widrawl Peer-to-peer money transfer (Remittance) Micro e-commerce at Rural Organized Retail outlets like e-choupal and CSC (Common Service Centers) like fee for land record checking. Micro Insurance Group Insurance identification Opt-in and opt-out Premium collection using Pull-transaction (equivalent to ECS but simplified and e-enabled) Claims processing Loan Life-cycle Identification of Loan eligibility. Loan Sanction and SHG guarantee Loan disbursement Installment collection Loan closure Default management and Blacklisting Aggregated Loan Portfolio Management Loan Portfolio Insurance Loan Portfolio Securitization Third-party Portfolio Guarantee Loan syndication Portfolio Restructuring Electronic Benefit Transfer (EBT) NREGA PDS (Public Distribution System) credit transfers Fertilizer subsidy Old Age Pensions Business Intelligence Fraud detection Mass scale leakage detections Misuse of BPL criteria Identity Theft Dormant account activation Anti Money Laundering Micro-credit Rating Portfolio benchmarking Classification of needs for services and products like group insurance and credit schemes Targeted Advertisement Accounting and Reconciliation BC to CSP Accounting and daily reconciliation Cash management

 Bank to BC transaction reconciliation Daily ledgers update Daily Loan repayment and daily deposits and interest paid reconciliation BC/BF management Appointment of BC/BF due-diligence Biometric validation of its CSP Monitoring and tracking BC through dashboards. Process Quality Audit of BC operations. Audit & Reporting Regulatory Compliance for BC float Priority Sector Loan disbursement Region-wise Coverage of mandated Inclusion RBI and NABARD Reports KYC, AML, Financial Intelligence Regulatory reports Credit Risk and Defaults reporting Security Audit Business Process Audit

Enrollment process is the first key step towards financial inclusion.

Source: ET, 26May10, page 8, used without permission for internal use only. For the purpose of acquiring a customer at the Bottom of the Pyramid, the banks generally are willing to pay Rs. 10 for covering the operational expenses incurred by the NGO or . UIDAI pays Rs.30 for enrolling a person for UID (Aadhaar ID). These acquisition cost do not take into account, the capital costs of equipment.

source: http://www.livemint.com/uidkarnataka.htm ,used without permission for internal use only.

Transactions and Use-cases

Banking transactions are indeleble, that is one a record is created it can not be deleted. Another record is created to cancel the affect of the erroneous transaction record. Transactions by CSP can be executed in both offline and online modes. All transactions are store and forward using WSRM (Web Services Reliable Messaging) protocol.

Transaction Security
For transaction confirmation, a bank-id number, which is linked to a 12 digit Aadhaar (UIDAI) Id and a biometric authentication like fingerprint or IRIS is required. Apart from establishing the id, a voice record or a video record may be captured for reference and non-repudiation of the amount and purpose of transaction. All the transaction related artifacts, like id number, biometric signature, location (GPS), voice/video record along with transaction message should be digitally signed by the transaction enabling device.

Banking Transactions
From banking customer's perspective, there are three types of transactions: payments, deposits and transfers. Apart from this, statement and balance inquiry are the most frequently accessed service.

Payments
Payments can be made on demand (pull) or can be pushed to the payee. In both cases the payer needs to register the payee. In case of institutions making bulk transfers, say for case of NREGA (National Rural Employment Guarantee Act) or Old Age Pensions, the paying institution can just transfer a signed file with Aadhaar Id and name with amount and description in batch mode. For retail organization, a one time payer registration takes place with, the end user (payer) providing the bank id card along with biometric identity also a voice consent proof may be retained the retail organization, as described in transaction security section. If voice automation in regional language is not supported by the kiosk, then the BC (Business Correspondent) can read the transaction content along and get the recorded consent. The BC bio-metrically counter signs the transaction record. use-case: A financially included customer visits a rural center/mall/e-choupal produces her card and biometrics (fingerprint or Iris scan) and a voice message in her regional language asks for her confirmation, and her response is recorded and counter signed bio-metrically by a BC (Business Correspondent). The retail organization is now recorded as a payee against the financially included customer.

On Demand or Pull Based Micro-payments

Use-case: A person shops in a shared kiosk, online like e-choupal or the product catalog could be stored offline in a netbook/mobile or even a physical brochure. The person presents a bar-coded photo-card with hologram sticker. The number on the card is 16 digit number, like a credit/debit card. It can be scanned by a barcode scanner or manually entered by the operator. The person is assumed to have previously registered the retail organization as a registered payee as per the use-case above. The shop system, sends a pull payment message to the transaction switch. The person can now visit her trusted BC (Business Correspondent), who selects the pending pull request. The transaction is read out automatically and the account holder's verbal consent is also recorded along with a biometric signature like fingerprint or Iris scan. The digitized transaction along with the voice record is digitally signed by the CSP device along with date-time and GPS location, if available. Thus making the transaction IT ACT 2000 compliant.

Interbank Micro-Payment via Multilateral Financial Transaction Switch use-case: A person visits a Haat (Weekly Inter-village Bazaar) and wants to pay cashless for some ware bought from a vendor from a different village. Both the transacting parties have account with different banks. The seller takes the buyer's bank card number and name to her BC and requests for a pull payment. She first identifies herself through her own card

and fingerprint to the CSP equipment which has seller's biometrics id stored, but does not have buyer's id. The seller initiates a Pull transaction request by providing the buyer's card number and name. The buyer then goes to her BC and checks that a pull transaction request is pending against her account. The transaction is read aloud and her consent to pay is recorded along with her fingerprint. The seller checks the payment confirmation from her BC and hands over the goods to the buyer. use-case: The advantage of such an approach is that the transactions can be affected remotely over telephones and thus buyer and seller can transact without being face to face and the goods can be couriered. Also a local postman or a BC can double as a courier cum e-transaction enabler. Say a seller is a sweet-maker and sells it to local shops of nearby villages. That is buyer and seller negotiate a price over phone or when they meet weekly at the Haat. Every day, the buyer hands over the packets of his wares along with pull transaction demand to the local post-office which is also a CSP. The goods arrives at the buyers' village through the postal channel.The buyer's village postman, who is also the CSP of the buyer, hands over the goods after receiving the consent to pay from the buyer.

Receipts
Transaction receipts associated with an account can be read aloud automatically or printed at a CSP.

Balance Inquiry
The banking customer can visit CSP for balance inquiry or if she has a mobile phone, she may register it for accessing her bank account balance.

Financial Inclusion Transaction Switch: Technology Architecture

The backbone of the technical architecture is message level security and ESB (Enterprise Service Bus). The Business Processes are composed using BPMN (Business Process Modelling Notation) and then compiled to BPEL (Business Process Execution Language) for execution. Events are generated based on various transaction flows and these events are processed in near real-time for triggering alters, related to system health, business processes as well as flagging AML (Anti Money Laundering) and fraud detection. The messages are signed and encrypted whenever the external system support them. VPN, TLS/SSL security are applied to the message communication channels if the external interacting system does not support message level encryption.

The Building Blocks

Customer Card
IDRBT has issued a detailed open technical standard for Smart Card. It standardizes upon the Open Source Card OS (SCOSTA) based on ISO 7816. The IDRBT specifies a 19 digit card numbering scheme and also details the file formats and codes for storing bank accounts, transaction records and finger prints. The advantage of the Smart Card is that the biometrics are securely stored within the card and the customer can transact on any CSP device, and is not bound to a local BC (Business Correspondent). Also, Smart Card can get damaged in rough handling or can get lost, resulting in a penalty of Rs. 100 to the customer, for whom it may be a full day's earning. The disadvantage of a Smart Card is its relatively higher cost of Rs. 100, compared to Rs. 10 for a dumb plastic card. The plastic card can have a photo, name and account number printed along with bar-coding. The CSP device can store the frequently used card numbers along with the fingerprints. The disadvantage is that a customer is attached to a single CSP for low connectivity areas. However, with GPRS/CDMA coverage being improved most of the customers may not face this issue. Also, in limited connectivity areas the lag time for data

synchronization will be at the most 24 hours only. Thus the low cost out-weights its disadvantage.

Card Security All transactions are bio-metrically authenticated and counter signed by the CSP device. Hologram may be used for card authenticity for simple plastic card, whereas, the Smart Card is secured by PKI (Public Key Infrastructure) based digital signature. Smart Card is more secured than simple plastic cards.

CSP Device
CSP (Customer Service Point) device is the primary point of contact with the Financial Inclusion services for the BPL (Below the Poverty Line) account holder. The CSP device is owned by the bank and operated by the BC's (Business Correspondent) agent, who also handles cash. The CSP device should be capable of operating in offline mode and should synchronize transactions, when connectivity is established. There are two different specifications for CSP devices. The MicroATM specification IBA and UIDAI . Also, The Open Standards specification for Financial Inclusion Terminal by IBA IDRBT specification. The main difference between the two standards are that the Micro-ATM specification does not make the smart card reader mandatory whereas, the IBA-IDRBY Terminal specification makes the Indian open standard smart card SCOSTA support mandatory.

The author, with a Linux based CSP device from visiontek.co.in. It is Fingerprint enabled and uses GPRS communication module. This device can read magnetic card, RFID and Smart Card.

Secured Mobile Gateway

The secured Mobile Gateway is the mobile (CDMA/EDGE/GPRS/EVDO) network gateway to Internet. The mobile operator provides the gateway service, like GGSN (GPRS Gateway Service Node) for GPRS that maps the mobile protocol stack to the Internet Protocol stack. Though, WAP gateways were employed previously, but now-a-days any Web Application Server supporting SSL/TLS security, like Glassfish or WebLogic Server can be deployed. Since SSL/TLS are point-to-point security protocols; As per RBI guidelines on Internet & Mobile banking, the gateway application server must be in the same data center as the other core components. Also, the gateway control should be in control of the transaction switch provider.

Secured Messaging Layer

Internationally, there are multiple Finnacial Messaging standards like IFX for retail banking, TWIST standard for bank to Bank and Bank to Corporate messaging, ISO8583 for card based transactions lead by Base24 , EDIFACT for business banking and card settlement, old SWIFT (ISO15022) , new XML based SWIFT (ISO20022). While the older messaging systems like EDIFACT, ISO8583 and ISO15022 were non-XML, the newer IFX, TWIST and ISO20022 are XML based. ISO20022 is also called UNIFI as all the diverse standards are converging towards UNIFI. Based on RBI report on security and messaging layer for banking, IDRBT has formulated SFMS (Structured Financial Messaging System), which is based on an old SWIFT messaging structure (ISO15022) and employs PKI as message level security. MPFI (Mobile Payment Forum of India) also recommends SFMS for mobile based banking transactions. Thus the secured messaging layer must have PKI based message encryption/decryption and digital signature and verification capability. It should also have the ability handle different messaging formats, at the least it must support ISO8583 and SFMS formats.

Transaction Core
Transaction core is the most critical and complex part of the system. At its heart being a high performance OLTP database engine. Its primary function is to affect STP (Straight Through Processing) as much as possible and with least human intervention requirement. Also, it needs to conform with the RBI's procedural requirements of Prevention of Money Laundering Act 2009, as well as fraud detection. One can adopt the Payment Cannon architecture for the Transaction Core.

Here is an abstract from the Sun whitepaper on The Payment Cannon: " The payment cannon is a high-velocity infrastructure, designed to process payments as fast as possible, with critical checks and balances. The payment cannon architecture relies on the interaction of several elements: The PaymentManager controls the flow of a payment Status Agents assess the payments status quickly and thoroughly The Outbound Channels process the outbound payment in the most cost-effective way The ExceptionManager processes erroneous payments, using the services of Automated Repair,which enriches the payment data so that it can be processed correctly and Manual Repair which requests permissions and manual changes from the end user The Dead Payment Queue is the place where staff can access payments when they are erroneous beyond repair, or when the checks reveal that it is better not to process the payment The Payment FlowMonitor provides key performance indicators, and status information about individual payments" "

External Channel Gateway

The external channel gateway handles B2B gateways, third party payment gateways like m-chek, VISA and MASTER networks . ATM networks like INFINET and FSS based on ISO8583. And, RTGS and NEFT gateways. Both NEFT and RTGS use SFMS for messaging and IBM MQ for transport. Also, SMS and e-mail channels must be supported for transaction alerts. Use of an ESB (Enterprise Service Bus) for implementing the External Channels will significantly reduce the technical complexity while increasing process flexibility and business agility.

Oracle Technology Stack

Database
The OLTP database engine is the heart of the core transaction engine.

Business Process Manager (BPM)

Oracle supports BPMN 2.0 (Business Process Management Notation) in its BPM Suite 11g. A common process engine supports both BPEL as well as BPMN executions. Thus making BPMN directly executable. Oracle BPEL (Business Process Execution Language) Process Manager is a tool for designing and running technical processes and service orchestration. It provides a comprehensive, standards-based solution for creating, deploying and managing cross-application business processes with both automated and human workflow steps in a service-oriented architecture. Thus providing an ability to integrate existing off-the-shelf or inhouse applications, or integrating to specialized applications like AML (Anti-Money Laundering) . It supports open-standrads such as BPEL, XML, XSLT, XPATH, JMS, JCA and Web Services. BPM can be used in implementing the Payment Cannon as well as in the External Gateway modules.

Business Rules Engine

Oracle Business Rules Engine allows non-programmers to define business rules without programming. This allows flexibility to fine-tune and change process rules as per the ongoing process and rule change notifications from RBI as well as tuning business logic for

fraud detection and Anti Money Laundering.

Weblogic Application Server (WLS)

WLS is an enterprise class, standards based JavaEE server. It has a sturdy Java EE security implementation and thus is an ideal choice for the Mobile Gateway as well as for infrastructure host for the SOA stack.

Oracle Service Bus

Oracle Service Bus (OSB) is a scalable and enterprise class ESB (Enterprise Service Bus). It connects, mediates and manages heterogeneous services and adapters. Thus it provides the glue (connectivity) for the BPEL processes and the physical channels like RTGS, NEFT Message Queues, ATM ISO8583 Channels.

Complex Event Processing

Oracle CEP (Complex Event Processing) provides an ability to filter and analyse financial transaction events in real-time, using CQL (Continuous Query Language). Thus unrelated transactional events from across the channels can be analysed in real-time for AML (Anti Money Laundering) surveillance and fraud detection.

Single Sign On and Federation

SAML2 based federation can be employed for standards based authentication and authorization with third party gateway providers and other banking systems.

Implementing a High Velocity Payment Infrastructure

A high speed payment infrastructure is required for providing a STP (Straight Through Processing) in a multi channel Financial Supply chain ecosystem. The payments needs to be processed at a high speed without compromising checks & balances like AML (Anti Money Laundering) regulatory compliance and Fraud detection. A blueprint of a high velocity payment infrastructure is outlined in this document, that manages straight through processing, throttling and controlling for meeting customer specific SLA (Service Level Agreement) and QoS (Quality of Service) requirements. A balance needs to be maintained between the need for high speed processing and regulatory compliance and risk management. A high volume of transaction with low latency and lower risk is attained by scrutinizing the transactions early in the processing cycle, and bifurcating them into different speed lanes. The transaction speed lane is chosen by a dynamic rules based routing engine, implemented using Oracle Rules Engine.

The protocol layer can be easily implemented using Financial Message Designer, which is a part of the Oracle SOA Suite. The diagram below, is a screen-shot of the message designer. The message designer wizard generates a jar file, which is deployed on the Oracle Service Bus.

The Financial Services Bus architecture overview diagram is given below:

The Oracle Service Bus and Mediator can be used for implementing the Multi Channel Gateway, Multi Channel Input, UNIFI Transformer, Speed Selector, STP, UNIFI Transformer and Muti Channel Output. While BPM can be used for implementing the Workflow and Dead Message Queue.

Conclusion
Technology is the key driver in the current Financial Inclusion initiative. The Financial Inclusion Transaction Switch is a critical component for interoperability between banking systems, e-governance systems, third-party channels like Micro-ATM networks and echoupal, MFI and intermediaries like micro-insurance providers. Oracle is best technology provider for the Financial Inclusion Transaction Switch, as its App-2-Disk strategy provides end-to-end reliable, secure and open standards based seamless single vendor technology stack.

Resources:
RBI : Approach papers & presentations on Financial Inclusion.
rbidocs.rbi.org.in/rdocs/Speeches/PDFs/IFFG091209.pdf rbidocs.rbi.org.in/rdocs/Publications/PDFs/78923.pdf Presentation on Financial Inclusion Initiative, on June 2009, by Dr. K.C.Chakrabarty, Deputy Governor, Reserve Bank of India rbidocs.rbi.org.in/rdocs/content/docs/IRDGCS170709.ppt

RBI Guidelines and Policy Documents

IDRBT Open Standards On Smart Card Based Solution For Financial Inclusion http://www.idrbt.ac.in/newsroom/news/openstandard.html RBI BC guidelines http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=2718&Mode=0 NBFC barred as BC except for section 25 companies http://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=2787&Mode=0 Appendix-IV of RBI notification for payment of fees to BC http://rbidocs.rbi.org.in/rdocs/Notification/PDFs/64061.pdf RBI guidelines for outsourcing agreements with Banks and BC http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=2655&Mode=0

Mobile payment guidelines http://www.rbi.org.in/Scripts/bs_viewcontent.aspx?Id=1365

"Risks and Controls in Computers and Telecommunications vide circular DBS.CO.ITC.BC. 10/ 31.09.001/ 97-98 dated 4th February 1998 will equally apply to Mobile payments," "The RBI guidelines on Know Your Customer (KYC) and Anti Money Laundering (AML) as prescribed by RBI from time to time would be would be applicable to customers opting for mobile based banking service."

UIDAI
http://uidai.gov.in/ UIDAI numbering scheme. 12 digit number with last number being checksum and first number 0 & 1 being reserved. http://uidai.gov.in/documents/A_UID_Numbering_Scheme.pdf UIDAI Biometrics http://uidai.gov.in/documents/UID_and_iris_paper_final.pdf UIDAI-MicroATM : http://uidai.gov.in/documents/MicroATM_Standards_v1.0_(Draft).pdf

Others
National Payment Corporation of India. NPCI provides a multi-lateral 24x7 mobile payment gateway. In the first phase 10 large banks are participating. http://www.npci.org.in ICICI Insta pay is based on NPCI Inter-bank Mobile Payment Service (IMPS) http://www.icicibank.com/Personal-Banking/onlineservice/mobile-banking/imobile/instamoneytransfer.html MPFI : Mobile Payment Forum of India (IDRBT & RTIB , IIT-Madras) Institute for Development and Research in Banking Technology (IDRBT) & Rural Technology and Business Incubator (RTBI), IIT Madras http://www.mpf.org.in/ OECD IDBI paper on Financial Inclusion. www.oecd.org/dataoecd/16/55/40339652.pdf E-CHOUPAL : ITC rural distribution and e-commerce portal. http://www.echoupal.com/ Harvard study on Micro-finance default rate. www.hks.harvard.edu/fs/rpande/papers/repayfreqjeea_1107.pdf ISB paper on Micro loan pricing www.isb.edu/caf/htmls/ResearchPaper_05.pdf

Master Visa Cards

PCI (Payment Card Industry) DSS (Data Security Standard) https://www.pcisecuritystandards.org/index.shtml

Cyber Cash Protocol http://www.faqs.org/rfcs/rfc1898.html 3-D secure http://en.wikipedia.org/wiki/3-D_Secure

Biometrics Technologies
Fingerprint
Fingerprint standard http://www.fbi.gov/hq/cjisd/iafis.htm https://www.fbibiospecs.org/ Reference implementation of fingerprint standard. http://www.itl.nist.gov/iad/894.03/nigos/nigos.html http://www.biometrics.org/research.php http://fingerprint.nist.gov/NBIS/index.html fingerprint interchange standard document ftp://sequoyah.nist.gov/pub/nist_internal_reports/sp500-245-a16.pdf

IRIS Scan
IRIS Biometrics Standard http://www.biometrics.gov/Documents/IrisRec.pdf http://www.biometrics.gov/Standards/Biometric_Standards_Registry_v2.pdf Algo/paper/patent (UIDAI uses this system) http://www.cl.cam.ac.uk/~jgd1000/iris_recognition.html original paper http://www.cl.cam.ac.uk/~jgd1000/PAMI93.pdf open source IRIS recognition http://projectiris.co.uk/ Cross Match Iris scanner used by UIDAI pilot project. http://www.crossmatch.com/i-scan-2.php

Oracle SOA Suite 11g.

SOA Suite 11g Complex Event Processing Service Bus for Financial Services