Naavi.org

The Government of India is placing a huge reliance on Aadhaar for all forms of KYC. In the coming days, the Aadhaar Enabled Payment System (AEPS) will also be introduced where the biometric of the Aadhaar owner will be used to trigger a financial transaction like the UPI/BHIM application that may be used to send or receive money from another UPI account. It is said that this will be a “PIN Less” and “OTP Less System”.

What this means is that as soon as the application is triggered with a fund transfer request and the biometric of the aadhaar owner is provided to the UPI application, the payment will be completed without a second reference to the account holder. It will be like a “Single Click Payment System”.

There is no doubt that from the user perspective the AEPS will be a very convenient system and particularly for the less educated persons, it appears to be an excellent system. However, one should not forget that in the financial transactions, “Convenience” is only one of the aspects of the transactions and “Security” is another important aspect that needs to be taken care of in any digital payment system.

It is to be reiterated that the systems being introduced by the Government expose the public to risks that are being ignored by the Government and its advisors.

Presently, Aadhaar has introduced a system where by the “Biometric” can be “locked”.  When the biometric is locked, the system may generate an OTP for unlocking. Alternatively, the aadhaar holder has to go to the website and unlock the biometric which again can be done by an OTP. While this is touted to be a security feature that will prevent misuse of an aadhaar number, it must be recognized that the locking and unlocking is only linked to the OTP sent to the registered mobile and hence if a fraudster can get hold of a duplicate SIM, he can over come the locking security.

Thus in many ways, the OTP becomes the determining factor to secure a digital transaction. The security of OTP is directly related to the KYC system adopted by a mobile service provider particularly when a SIM is reported lost and a replacement is sought.

Recently, the Supreme Court has suggested that every Aadhaar number may be linked to a mobile again thinking that this would secure the system.

If for any reason this mobile OTP becomes the norm, then there is a need to ensure that this system is hardened by

a) Sending OTP by encrypted message

b) Increasing the complexity of OTP from a 4 digit numerical to atleast 6 digit numerical and if possible a combination of letters and numbers

c) Using voice based OTP delivery instead of a text based delivery

d) Return OTP also to be encrypted

e) OTP on either side to be sent and received with a digital signature which is both secure and also cyber law compliant.

While I donot expect many operators to become cyber law compliant and use digital signatures on mobile, encryption can be adopted without much of difficulty. However there needs to be a secure key management system to ensure that the security is difficult to be breached.

I hope the authorities including the implementers of the  Watal Committee recommendations will consider appropriate measures to take steps to harden the security of the OTP system which has already been degraded by NIST in USA but continue to be used in India.

I presume that the mobile operators also realize their responsibility in exercising care in obtaining KYC of their customers both when new SIM cards are issued and when lost SIM cards are replaced.

The irony of the current system is that the mobile operator may use an aadhaar as KYC for issue of SIM cards while the Aadhaar uses the OTP on the SIM card for issue locking and unlocking biomeric or for issue of e-aadhaar. This circular authentication is not the ideal security support and it becomes more or less a “Single Factor” authentication system. There is therefore a need to think of alternate measures to break this “Circular authentication system”.

Naavi

For the last few days, the fight for the CMs chair launched by Ms Sasikala Natarajan (VKS) against Mr O Panneerselvam (OPS) had reached a crescendo with the MLAs supposedly supporting her being held at a resort. The MLAs were not allowed any interaction with the outside world and had even been cut off from TV, News Paper and Internet. A few MLAs from this group ran out of captivity and joined Mr OPS camp confirming that they had been held against their will by VKS. This was a complaint of a cognizable offence which the Police ignored to take notice. Even when the Court asked for a report, Police were only able to report that 119 MLAs had confirmed that they were staying at their own will and not forcibly held captive. However there were at least about 124 MLAs at that time in the resort and why Police could not meet the other 5 MLAs was not known.

Today, the Supreme Court judgement held that Ms VSK is guilty in the Disproportionate Asset (DA) Case and has to undergo 4 years of imprisonment. This effectively made her ineligible for being elected as CM. The VSK camp has now elected an alternate person and still claiming the CM’s post. However OPS who is the care taker CM continues to make his claim that majority of MLAs will support him if there is a proper test of strength.

It is creditable that the Supreme Court which took more than 8 months to come out with its judgement to reverse the previous judgement of Karnataka High Court (Judge: MR Kumaraswamy, since retired) came out with a massive 570 page judgement (Copy of Judgement available here) upholding the trial court judgement. The judgement of the Karantaka High Court was a blatantly erroneous judgement which said “Accused are guilty of disproportionate asset but if we add the value of all the assets, the excess of assets over known source of income is only Rs 2.82 crores which is less than 10% of the known sources and hence does not warrant punishment”.

In arriving at this total of Rs 2.82 crores, the Judge had made a totalling mistake which was in the same judgement copy and hence his conclusion was comical. The correct addition would increase the value of excess assets to over Rs 15 crores. Hence the judgement could have been over turned at a glance as something which prima facie was erroneous and in fact suggested some malafide inference on the part of the soon to retire Judge.

Now the Supreme Court has arrived at the disproportionate assets could be around 211% and that is the order of the error that the Karnataka High Court judge committed and based on which acquitted the accused.

However the erroneous judgement gave enough room for J Jayalalitha to spend her last days as the CM and the justice has now caught up with the co-accused.

At last the truth has prevailed.

Though this case has no relation to the Cyber Law issues that we normally discuss here, as a person who spent over 25 years in Tamil Nadu, the undersigned was unhappy with the state of affairs prevailing in the State and hence this judgement now comes as a great relief.

I now wish that Governance returns to Tamil Nadu and OPS would be allowed to run his Government without the VSK camp creating more hurdles. If however, VSK camp decides to continue its fight, DMK will become the largest party in the Assembly but in a situation where no body will be able to claim majority. Then we may see President Rule in the State.

I hope Mr OPS will not be content at getting back his CM chair but order a proper probe into the mystery around the death of Ms Jayalalitha. This will bring out the fraudulent use of the concept of “Privacy of Health Information” by Apollo Hospital authorities and peopel sorrounding Ms Sasikala. This is important from the point of view of defining the “Rights of the Kith and Kin as well as the general public” to know the health information of an individual in certain circumstances. Proper checks and balances will have to be codified into the new law on Health Care Data Security and Privacy which the Central Government is in the process of writing. (See www.hdpsa.in).

I also wish that the Supreme Court/Constitution will in future not allow a non member of a house to be appointed as a CM/PM and make it mandatory that a leader of legislatory party should also be a member. This will prevent some of the anomalies which we see in such circumstances. The present system of “I have the letter of support and therefore I am the CM” situation should go. The “Composite Confidence vote” could be made mandatory in all such cases rather than calling the person with the largest number of supporters to be sworn in immediately as it is being suggested now as a constitutional requirement.

Tamil Nadu should also ensure that its police force is not overtly political as it is at present where it some times appears to blindly support the ruling dispensation as was the case in the recent months.

I also wish that Supreme Court censures the high court judge who gave out the erroneous judgement which was not an error of judgement on any point of law or even facts. It was an error of arithmetic totalling of a few figures which should have been corrected much earlier and probably by a suo moto action by Karnataka High Court itself without a need for the appeal. If it was not for the persistence of Mr B.V. Acharya the public prosecutor, the Karnataka Government could have even failed to appeal the erroneous judgement in which case the truth would have been buried for ever.

Let’s wait and watch how things turn out.

Naavi

For a long time, Infosys has been a well respected corporate entity. Even when it faced business difficulties it never lost its respect amongst the Indian public. However, the recent controversy involving payment of a severance pay of $868250/- to Mr David Kennedy, former Chief Compliance official, (Refer article here) immediately after paying R 17.92 crores to another executive Rajiv Bansal who left recently as CFO (See article here) .

In a discussion on TV, Mr Narayana Murthy who has raised a serious objection to the payment of high severance pay to senior executives leaving the company indicated that the reason why the Board seems to have made the payment of severance pay to a person who left voluntarily immediately after a good pay hike could be because he had access to valuable confidential information. It also means that if the money had not been paid, there was a risk of sensitive confidential information about the Company being made public to the detriment of the business interests of the Company.

This statement of Mr Narayana Murthy has opened a legal issue that there was apparently an ulterior reason why such large severance pay was paid. If there was any threat that the information would be leaked, then it would have amounted to “Black Mail” and criminal action could have been taken on the outgoing employees. If they had not demanded but the company was gracious enough to pay the large severance pay, it prima facie opens the possibility that this was “hush money” paid to ensure that these people keep their mouths shut. If so what they could have revealed could be considered as damaging to the members of the Board or to the CEO.

Shareholders of the Company now have a ground to urge action by Company Law Board to make an enquiry on the incident and try to get proper clarification from the management.

While the Company may justify its action as a “Contract” negotiated with the “Outgoing employee”, there is a serious doubt as to the motives behind the decision and it is likely to leave a severe dent on the share holder confidence on the Company and its management.

Even SEBI and Stock Exchanges may issue notices to the Company to disclose the details of the Board decision which approved the severance pay and the logic for determining the quantum.

Naavi

[P.S: The political developments since last night in Tamil Nadu has thrown up some interesting elements which surprisingly lead to ITA 2000/8 and operation of Section 65 of ITA 2000/8 in the records of Apollo Hospital.  Following discussion is for academic purpose only and based on current developments as reported in the media.]

Recently, a case decision was brought to my notice which triggered a need to discuss the Jurisprudence behind application of Section 65 of ITA 2000/8 which I have often held is wrongly applied by police in many cases. Some advocates also have a difference of opinion in this regard and hence there is a need to clarify the position as I read it from the Act.

This is a decision of the Andhra High Court dated 29th July 2005 and concerns the criminal petitions filed by Syed Asafuddin and Ors vs The State of Andhra Pradesh for quashing of FIR filed under Sections 409, 420 and 120 B of IPC and Section 65 of ITA 2000 as also Section 63 of Copyright Act.

The Complaint was registered in respect of an alleged action by employees of Tata Tele Services to re-set mobile handsets given by Reliance Infocomm to its customers under a special scheme with service provider binding for three years.

The Service provider (Reliance Infocomm) had embedded a code in the handset that it could connect only to the designated Reliance network. It was alleged that Tata Tele employees assisted the customers of Reliance (who had purchased the handsets at a heavily discounted price with a commitment to stay on the Reliance network for a minimum of 3 years), to remove the restrictive code so that they could be used on other networks such as Tata Telecom.

Obviously, this caused a loss to Reliance and was against the letter and spirit of its contract with the customers who had availed the benefits.

The judgement  has thrown enough insights into whether the sections applied were sustainable or not and is therefore illustrative.

The point of contention in the case for our focus was whether Section 65 of ITA 2000 was the right section to have been applied or should it have been Section 66?.

No doubt the Court came to the conclusion that Section 65 was appropriate and did not agree to quash the FIR but its argument in coming to this conclusion appears faulty. However the decision is a decision and may be looked at as a “Precedent” until overturned.

We need to also keep in mind the fact that this was not the final trial but a decision related only on the quashing of FIR. We should not therefore jump to a conclusion that Section 65 is applicable in such cases in future.

In order to debate this further, section 65 of ITA 2000/8 is reproduced here for immediate reference.

Section 65: Tampering with computer source documents.-

Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy, or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

Explanation.–For the purposes of this section, “computer source code” means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

As regards Section 65 of ITA 2000/8, the critical aspects are

a) Whether some computer source code was concealed, destroyed or altered?

b) Whether the deleted “Computer Source Code” was required to be kept or maintained under law for the time being in force?

In the instant case, there was a “Source Code” that was “Altered or deleted” and hence there is no dispute on this.

However, the dispute is on the fact whether the deleted source code was in fact required or maintained by law for the time being in force or not.

If there was no need for the source code to be kept or maintained under law for the time being in force, then there is no offence made out under this section.  If so then an offence under Section 65 is made out.

(P.S: I am not ruling out the offence being recognized in this case  under Section 66 which  was not included in the FIR. I restrict my discussion only to the jurisprudence surrounding Section 65).

The accused here is Tata Tele. We need to ask “Was there any need under law for Tata Tele to keep the source code or maintain it for the time being”? . Obviously Tata Tele and Reliance had no privity of contract in this matter. If at all there was any obligation it would be in the contract between Reliance and the Customer. Tata Tele can also claim that they made the code alteration at the request of the Reliance customer.

Did the contract form between Reliance and its customer specify that the Customer was prohibited from making his handset compatible to other networks? and Was such a contract produced as evidence? …it appears that the answers to these questions are in the negative.

If you want to make the customer the “accused”, then “mens-rea” may need to be proved. It could be a civil wrong but would it be a criminal offence?…difficult to say.

Further this could be determined by the fact whether the customer was clearly informed (not through a standard form contract where a clause is buried in small print) that the handset which has been “Purchased” by the customer contains a “Hidden Code” and he is not to delete or alter the code. If he has not been informed , this could be a “Computer contaminant” introduced by Reliance as defined under Section 43 of ITA 2000/8 since this hidden code could be held as a code “that monitors whether the customer is using Reliance network or some other network”.

The interesting part of the judgement is in the interpretation of the section regarding the maintenance of the computer source code under law.

Firstly the judgement has tried to create an artificial wedge between “Kept” and “Maintained” and associating the words “under law” only with the word “Maintained” and not with the word “kept”. Accordingly, the judgement has considered that “When the computer source code is required to be kept” and “maintained by law for the time being in force” as two different situations.

Then, for no specific reason, the judgement continues stating  “going by the allegations in the complaint, it becomes clear that the second respondent (i.e: Reliance) is in fact maintaining the computer source code. If there is allegation against any person including the petitioners, certainly an offence under Section 65 of I.-T. Act is made out.”

Does the Judge mean that there was a need to maintain source code under law and it was deleted by the accused?. …it is unclear.

The Judge seems to have missed the point that what the section intends is that if any person including the petitioner or the respondent was required to keep the information for a certain period of time and it was deleted before such a time, then only the offence is made out and not otherwise. If the respondent is maintaining the code and the petitioner has deleted/altered it in another device, the offence cannot be imputed.

In our opinion there was no responsibility/obligation for Tata Tele, the accused under any “law” to maintain the source code. If such “law” could exist, it could be in the TRAI guidelines on use of ” Network bound handsets” which would bind all the licensed players under an obligation not to tamper with the codes of their competitors. There is no evidence of the existence of such a guideline nor was it quoted in the judgement.

In view of the above, without stating that what Tata Tele has done is correct and unpunishable, I would still consider that the view of the honourable Court that Section 65 was applicable in this particular case appears un-sustainable.

Also, from the facts of the case it appears that what might have happened could be that it is not a case of deletion of any data. It could be a case where a data piece was added to what was already present in the handset within the larger code set created by the handset manufacturer. Accordingly,  “An additional Code enabling acceptance of Tata Telecom network connection” might have been inserted without deleting the “Existing code enabling acceptance of Reliance network connection”. Hence whether this was a case of “Concealing, deletion or altering” of source code inserted by Reliance is itself doubtful.

The original source code on the handset was inserted by the handset manufacturer like Samsung and not Reliance. This was perhaps first modified by Reliance to delete acceptance by networks other than Reliance. Tata Tele might have then restored the handset to its original status. Hence there appears to have been lack of cause of action for Reliance to invoke Section 65 in this case. I would therefore not consider this judgement as a precedent to be followed.

Now coming back to what attracted my attention immediately to Section 65, is the fact that within all the political turmoil caused by the recent developments in Chennai, there has been an allegation by the TN Chief Minister (Present) that the medical records of J Jayalalitha might have been tampered with by the doctors who attended on her before and after her admission to Appollo Hospital. With this allegation, there is a public notice of a potential cognizable crime. Hence any and  all evidence  that could have a bearing on the offence becomes “Evidence” that needs to be preserved for the time being under IPC.

Since it is expected that Appollo Hospital has all records in electronic form and there should be several e-mail and video conference records at Apollo including the interaction with the London based doctor, all these evidence will be “Electronic Evidence” and if they are deleted because they may be incriminating to the interests of either the accused persons or even Appollo Hospital itself, we will have a possibility of a Section 65 offence being committed by Appollo Hospital and others. 

If there is any Commission of enquiry appointed for the investigation there is a possibility that the hospital may refuse to provide any evidence since they would have been deleted. It is therefore imperative for Mr Panneer Selvam or any Court in TN to immediately order for securing the evidence that may be present in connection with this suspected offence and also give a notice to the hospital that Section 65 would be invoked if the information is wrongfully deleted.

Naavi

Today, people swear by the term “Innovation”. Whether it is the Budget Speech or a Chairman’s speech in AGM, the buzz word is “Innovation”.

However people who actually innovate often wonder why some thoughts get the tag of innovation and some fail to.

Today, I saw a report in Times of India that in Bangalore the BBMP may issue “Property ID Cards” for every property. (See Report here).

This reminded me of the exact proposal I had made to BBMP long long time back which was then not appreciated.

I was also reminded of an article titled “The National ID Card Challenge for Nandan Nilekani.. Part I : Part II : This should have been a sensational news when presented but did not attract the attention of any.

As of today, people need to appreciate the idea of property ID as presented by BBMP as “innovative” and welcome it.

But it is necessary to point out that more than 10 years back, this proposal was made by the undersigned as part of the implementation of the “DVIIS” or the “Digital Value Imprinted Instrument System” (Refer this 2003 post). The concept was subsequently put to suggested harnessing in the name of “ZeMo” cards or “Zero Memory Smart Cards”

The concept was a universal concept with use cases in “Citizen Identity”, “Digital Stamps”, “Prepaid Cards”, “Air and Bus Tickets”, “Digital Cheques”, and several other instances including “Property IDs”.  The idea was discussed with several Government agencies including the BBMP officials and Banks. Several of the IT companies some of whom are today MNCs and claiming to be “Innovators” could not appreciate the worth of the suggestions despite explaining of the entire concept in clear terms. If I check my e-mails, many of the “Who Is Who leaders” of today are people who could not see the potential of the innovative idea which today is seen in every IT project including the Aadhaar Card and Digital Payment Systems.

I still remember that Stock Holding Corporation was in the verge of implementing their Digital Stamps system at that time and when our solution was presented to them (see here the basic concept) we were told, “We would have taken up your solution but one of our executives has given a promise to another vendor”. The Karnataka Government of that time had also been approached and did not perhaps understand the benefits.

Companies like Cognizant considered the ideas in the Banking product area for some time but again was unwilling to pick it up as a product and wanted to consider it only if some Bank could give them the project. Banks of course were not capable of themselves taking a decision on a disruptive idea unless it is presented to them by a large IT company. Neither the Government agencies nor the senior IT executives of that time had the ability to understand and appreciate the thought and convert it into a commercial products though the undersigned had not placed any IPR barriers.

It is amusing that 13 years after the idea was first published, we are seeing that one by one all the use case instances of Digital Value Imprinted Instrument System and the “ZeMo Cards”.

Probably some of the suggestions I am discussing now will be considered “Innovative” 10 years down the lane.

I wonder if a 10 year old idea is “Innovative today” what was it 10 years back?.

……………Probably we should call it “Futuristic”? or “Innovation too early for the time?”

It is therefore necessary for Innovators looking for success to understand that even if an innovation is considered a “Disruptive Innovation”, it will only get recognized if the society is mature enough to understand the disruptive nature of the idea.

Otherwise it is necessary to wait until the society matures to a level when your “Too early to understand idea” is recognizable as “Disruptive and Innovative”.

But the thought lingers on….

If an innovative disruptive thought of today is a potential winner backed by venture capitalists and policy makers, should they not be mature enough to understand that a “Futuristic idea” which may become disruptive and innovative over a time is also a “Potential Winner” probably at a higher scale?

Even if they are not mature today, I hope they will mature in time when they reflect, “How Did I miss to recognize and back this innovation when this was presented  10 years back?”

With this positive thought, I urge “Futuristic innovators ”  to continue to do what they know best…

“Ignore the current appreciation or lack of it, continue to innovate even if it takes another decade for the society to understand and appreciate”

Naavi

This is a continuation of the discussions on the Watal Committee Report

Encouraging increased use of electronic modes of transactions was one of the objectives pursued by the Watal Committee. In this direction the committee considered the transaction cost structure  involved in the use of cards where the acquiring Bank collects MDR, (Merchant Discount Fee/Rate) pays interchange fee to the card issuing bank and the scheme fee to the scheme owner such as Master or Visa. In the present scheme MDR is 0.75% for transactions less than Rs 2000 and 1% for transactions above Rs 2000.

There is no MDR cap in Credit Cards where the charges made by the industry may be around 1.5% to 2.%

In high margin transactions,  it is possible for the merchants to absorb this cost though many donot. In some transactions where the margin in the business is low, say less than 5%, this MDR becomes a substantial part of the business margin and it would be unfair to expect it to be borne by the Merchant.

It was one of the recommendations of the Watal Committee that  there has to be a parity between cash and digital payments (R6-to be implemented within 3 months).

This rules out the possibility of the consumer being charged the MDR fee separately by the merchant. The consumer makes payment for the services in a legal tender which is cash or an alternate method which is digital payment using a Card or a Mobile Wallet or an UPI type system.

In the case of UPI or USSD system, the only intermediary involved is the NPCI apart from the two Banks. In such transactions the transaction cost can be fully absorbed by the system without being passed on either to the Merchant or the consumer.

In the event a Debit/Prepaid Card is involved, the card issuing Bank should waive its charges since use of cards in preference to cash is a direct benefit which they enjoy with a lowering of the footfalls in the Bank/ATM and the avoidance of the cash inventory cost.

The “Debit Card” is a part of the account opening and represents the balance in the account. The debit card issuing Banks therefore should not charge separately for transactions with the use of debit cards. RBI should strictly mandate that no such transaction charges should be levied on the acquiring Bank or the customer.

The involvement of scheme managers should also be eliminated here with the substitution of NPCI as the gateway as in the RuPay cards.

The cost of the card itself is a one time cost and most banks are charging it to the customer. As long as this is reasonable, this may continue.

The ATM withdrawal charges are a “Disincentive” for cash withdrawal and as long as the Debit/Prepaid card transactions are waived off, the present system of a reasonable charge for the number of ATM transaction exceeding a minimum number of say one per week, may be tolerated.

Banks s do incur a cost for authentication of transaction for which they may engage the services of outsource agents. However this is part of the “Cost of Banking” and just as a Bank cannot separately charge  extra fees because one ledger clerk enters the debit entry, one officer verifies your signature and a cashier makes the payment of cash, they should not be allowed to charge the authentication services such as OTP verification or VBA authentication to the customer.

The bottom line is that the “Interchange charges” should be eliminated in the case of Debit or Prepaid Cards.

Further, ensuring “Safe Transactions” is part of the Banker’s obligations and hence all transactions through the debit/prepaid cards should be insured against frauds and transaction failures at the cost of the Bank.

As regards Credit Cards, it is a separate contract where the Bank agrees to provide a credit line to the customer and once a credit line is approved, there should be no difference between a debit card/Prepaid card and the Credit Card.

Banks may therefore charge a Credit Approval Charge and Basic card cost. As regards the transaction cost, in the event the credit line is utilized, the card holder pays interest charges which are always usurious. Hence the issuing bank gets adequate reward by way of interest. Probably they could charge a “Commitment Charge” for those who use the card but does not avail the credit line. This commitment cost can replace the transaction cost so that the “Interchange charge”.

In view of the above, the “Interchange charges” can be eliminated even in the case of Credit cards so that at the merchant level, he could be neutral as to whether the consumer presents a Credit Card or a Debit Card or a Prepaid Card in lieu of currency.

The acquiring Bank and the scheme provider may be entitled to some reward for their services, depending on the services rendered.

Some acquirers provide POS machines free of charge and they are entitled to recover their cost either as one time fee or per transaction fee. However, since the cost they incur is fixed, there is no reason why they should be allowed to make unreasonable profits by endlessly collecting transaction fee.

There can therefore be a cap on the MDR charges payable to the acquiring Bank.

Today since the interchange charges are a substantial part of the MDR, elimination of this should bring down the MDR charges from the current levels of 0.75% or 1% to around 0.4 to 0.5%.  If a cap is placed on the MDR fee of the acquiring Bank, then the total MDR can be brought down further based on the turnover of the merchant in terms of number and volume of transactions to even around 0.1% at which every merchant including the petrol bunks should have no problem in accepting cards of any type.

Again there could be a transaction based insurance cost which can be a reasonable load at around o.05% .

This leaves the scheme owners like the VISA or Master who are an overhead on the system.  VISA and Master do not take any credit risk and except for providing international acceptability which is required only for those who need to use their cards on international channels (which may include online transactions), they are not of much value for other transactions except as a transaction gateway.

If NPCI can take over issue of RuPay credit cards, then the need for VISA and Master or AMEX can be further reduced and hence their cost can also be eliminated. Those who need to use their cards for foreign merchants who donot recognize NPCI as the scheme owner,  may use”Virtual/Prepaid cards” with VISA/Master branding.

There is therefore a good scope for

a) Elimination of Interchange charges of the card issuing Bank for Debit and Prepaid Cards

b) Elimination of Interchange charges for Credit Cards which may be substituted by a “Credit Approval Charge” and “Monthly/Annual Commitment charge” for those who use a credit card only for the free credit it provides within a billing cycle.

c) Elimination of the Scheme Charges by NPCI stepping in to replace VISA/Master/AMEX

d) Reduction or elimination of the acquiring Bank charges by replacing it with one time instrument cost

e) Introduction of Cyber Insurance for all transactions for which Banks should bear the major responsibility.

Following the Committee’s report, RBI has reduced the MDR for Debit Cards to 0.25% for transactions upto Rs 1000 and 0.5% between Rs 1000-2000.

There is however a lot more that RBI can do and whatever is discussed above is within the powers of RBI and NPCI. However it would be resisted by the Banks since it may hurt their revenue potential. Presently Banks are used to counting their profits without assuming responsibility even for frauds and using their clout to prevent RBI from introducing consumer safety measures. It is time to put an end to such unfair business practice in Banking by RBI asserting its regulatory role and powers.

Banks may submit a cost benefit analysis to RBI to justify the charges if they think that the suggestions for complete elimination of the interchange charges and the reduction of the acquiring bank cost is unreasonable.

The arguments presented above for elimination of charges for card transactions equally apply to the other mobile apps such as wallets and UPI and there should be no reason for any charges to be applied for such transactions whether the services are privately owned or not.

These suggestions are important since it is in the interest of the Government that Cash usage is reduced in the economy and it is in a way forcing the Citizens to adopt tot his new Digital payment ecosystem. Government cannot force their citizens to adopt to currency replacement without protecting them from additional cost and fraud risk.  Hence we believe that Government would be interested in pushing such suggestions.

In the above suggestions, it has been assumed that NPCI does not become greedy on its own and try to introduce its own charges. It should be considered as an “Infrastructure”  created by the Government for the efficient administration of the “Cash Less or less Cash” society for the larger good of the country.

NPCI should therefore be funded by the Government. At no point of time in the future also, NPCI should turn into a commercial organization like many other infrastructure organizations such as BSE.

Naavi