Digital Payment Channels and Insuretech

Last year in November, I found myself standing at a 160m (over 500ft) ready to jump – one thought that crossed my mind quite a few times at that moment was that it would have been good had I got some insurance cover which unfortunately I didn’t have and it was too late to get one. For those curious to know if I was suicidal – no I was not, I was at a beautiful place in Nepal ready to bungee jump. I have been quite an adventurous traveler and having born and lived most of my life in a country where insurance mostly has been a luxury, I never paid much importance to having one during my travels until of course I had a look at the harness that my life pretty much depended on during bungee jumping and thoughts of having fractured skull or a dislocated spine felt quite real. While thankfully, I survived the bungee jump unhurt, it made me think if my smart payment channel ATM that I had used to purchase my flight ticket to Nepal could be smarter enough to suggest me a travel insurance at time of ticket purchase and I might actually have got one.

In this age, when all our systems are more integrated than ever and information could easily be shared across them, would it not be cool if we use this to our advantage and based on customer’s transactional data and trends could suggest him/her insurance covers? I would be a much happier person if my mobile banking app that I use to pay for my traffic fines in case of an accident or otherwise could suggest me of the vehicle insurance options available rather than me having to browse the web and get quotes to decide which vehicle insurance would suit me most. This is what I had to do to get my vehicle insurance renewed this year and at the end of the process, a call center agent from one of the insurance aggregation websites sent me a link via email asking me to enter my card details in order to purchase the insurance I had chosen. It took me a few close looks at the URL sent and a phone call to a friend who had used the same website to get his car insurance, to trust that payment gateway with my credit card details. It would have been much more convenient had I gotten a token number to pay against through any of my e-payment channels.

Years ago one of the banks I was banking with in Pakistan had a similar mechanism in place to inform customers if they would like to insure the amount withdrawn from ATM as ATM snatchings were quite common. We need to just use and extend the same idea to make insurance offerings for health, education, travel and more as Insuretech and Fintech hand-in-hand could do wonders!

Is debit card still a primary instrument for e-payments?

Payments and FinTech industry has always proved to be an exciting arena of innovation which is continuously evolving. When I graduated from university almost a decade ago, I did not hold a bank account but I was required to open one as soon as I took my first job so my salary could be transferred to that account. Alongside the account, I got a debit card as well so I could easily withdraw money from my account using an ATM or make purchases through POS. For years I used the account for the same reasons only, however, later with the convenience that internet banking brought, I started using my account for funds transfer to others as well and even today, I mainly use my bank account to get my salary and then withdraw cash or to transfer funds to others including bill payments.

Like many others, I barely use my debit card unless it is for withdrawal from ATM and that is what makes me question if debit card is still a primary instrument for e-banking as it used to be till few years ago?   I believe with introduction of alternative payment mechanisms that allow one do cardless transactions and practically almost everything with your mobile, debit cards and bank accounts will soon become supplementary.

A kid fresh out of school may no longer need to have a bank account to receive his/her salary when taking up a job. All companies may have to do is to integrate their ERP system with a mobile wallet system to disburse salary of all employees to theirs m-wallets at the end of each month. Employees could use their mobile phones as a primary instrument to withdraw cash from an ATM, make purchases, fund transfers or bill payments. While the world is moving towards hands-free payments (see Google’s Hand-free), m-wallets or perhaps virtual cards linked to m-wallets can certainly make debit cards a thing of past.This could help banks and financial institutions save all the cost of issuing, maintaining and securing debit cards while giving the customers freedom to do all their transactions with their mobile phones instead of a piece of plastic.

 

 

 

Could Omnichannel Experience be used for Customer Assistance?

Since last year, banks and financial institutions have actively been trying to implement and materialize on the concept of omni-channel banking so much so that it is being referred to as the “new normal” for banking.  Customers now have access to multiple cross-channels features for instance, having the ability to withdraw cash from ATM even when you forget to bring your card with you, as your mobile can act as an alternative instrument to authenticate you over ATM and get you access to your account. This could be done through NFC enabled transactions or through initiating cardless withdrawal request through a mobile banking channel.

ATMs are still used by a large majority because of easy access and this usage is only expected to grow as banks continue to transform their branches into digital branches where self-serv ATMs will play an integral role. However, in order to achieve increased customer satisfaction, banks and financial institutions have to make the usage of ATMs as hassle free for customers as possible and one way to make this possible is to use omni-channel approach even for customer assistance.

Imagine a customer mistakenly entering wrong pin a few times till his/her card gets blocked and is captured by the ATM. The customer then has to go through a long process of visiting the branch to authentic himself/herself and re-claim access to the card. S/He is then usually required to call a call-center to get the card re-activated. All this if s/he is lucky to be a customer of a bank that has policy to return the captured cards after some verification. If s/he happens to be customer of a bank that by its own policies or by those regulated by the country’s central bank does not return captured card then s/he will have to go through an arduous process of getting a new card issued which may take days to weeks.

In such scenarios, omni-channel approach could possibly bring some relief by building intelligence around card capture event raised by an ATM. The system monitoring ATMs and their events or the ATM itself could be enhanced to notify a CRM or IVR system in event of a card capture along with customer and terminal information. Upon receipt of such information, an automated call could be placed to a customer through IVR or a call-center operator could manually place a call to customer immediately and guide him/her through the process of getting the card back from same terminal following some authentication.  This authentication could be done through a biometric device or a NFC or mobile banking based authentication. Alternatively, an assisted mode could be enabled on the terminal in which case, a remote agent could establish a session with the customer via the same terminal on the spot, do some manual verification just as it is done in a branch and return the customer’s card instantly.

This could save customers as well as banks from a lot of hassle. However, for it to become a reality banks, regulatory authorities and fintech organizations providing ATM and other channel-banking solutions will need to work together to put in place a robust framework built around intelligent machines and processes that are secure, reliable and do not have any loop holes that could potentially be exploited.

 

 

 

Travel Bits: Tech Forum Central Asia 3 and Trip to Beautiful Kazakhstan

In June last year, I had a privilege to conduct a Digital Security training at Tech Forum Central Asia 3 organized by US Consulate Almaty. The conference was fun and it was a great experience meeting trainers from different parts of the world and trainees mostly from different parts of Central Asia. I was impressed by the enthusiasm and passion that each one of the participants was filled with, passion to learn, to grow and to make a difference. Here’s the coverage of event in Cosmopolitan Kazakhstan.

I found Almaty – Kazakhstan to be one of the most beautiful places that I have ever been to and one of the things I absolutely loved about Almaty were the CHOCOLATES. You get some delicious chocolates in Almaty fresh from the chocolate factory. At one point in time, I felt like Charlie in the Chocolate Factory. Moreover, I love the scenic city, lovely people who despite not being able to understand English would be willing to help you and guide you and oh they love bollywood songs and movies! 😀

It was my first experience to travel to a country where English was almost not understood and I had to rely on communicating using Google Translate and using signs but despite this, I managed to shop in one of the really crowded markets of Almaty all on my own. I did lose my way but luckily found someone who spoke pretty good English and turned out to be a English teacher at one of the schools so, I  managed to get back to my hotel just in time to leave for airport and catch my flight back home.

Here are some of the pictures from beautiful Almaty – I wish I could go there again someday specially for skiing 🙂

Photos Courtesy:  Ollie (https://www.flickr.com/photos/14763412@N00/)

 

How to be vulnerable and immune at the same time?

Been so long since I last blogged and so much has changed (for good Alhamdulilah) since then, however, if anything that has not changed at all for as long as I remember is my habit of making myself vulnerable (or so all say and I think they are not really wrong). I like being honest and I genuinely care about people so I can sleep peacefully at night without having to worry if I have wronged anyone. So, if I like you, you will find me go out of the way to do things that I feel could make you happy, if I do not like you, I may still meet you nicely if we come across each other but you may find me keeping some distance. If you ever need help, I’ll at least try to do whatever I can in my limited capacity to help you whether or not I like you. I feel glad to be of help to others and also if anyone seeks my advice I give a sincere one. This is where the problem begins. I love, I care, I empathize, I go out of the way to make life at least a tad bit easier for you, I feel your pain and sometimes if I feel I have also been through same, I open my heart to share my experiences with you to make you feel you are not alone, I try to share your burden and all I expect in return from you is a kind acknowledgement of all the effort I make. While I have been lucky to have some acknowledging my genuine love, care and respect for them, unfortunately there are many who either exploit me or refuse to acknowledge whatever little I have done for them and even that might not really matter but what hurts is how they’d rather say I have not helped them at all or have made things worse for them which is what hurts, yes it really hurts!  Some even go on to labeling me as arrogant, selfish and unhelpful if at times I really can’t be of help and I excuse. I excuse because I do not wish to give anyone false hopes. However, the reaction I receive makes me think if I should just stop genuinely caring for others? Should I just fake a “Oh I so feel for you” look and do not do my bit to help them even when I know I can? Should I just stop being sincere and say what others wish to hear rather what I feel they need to hear to make better decisions? Would that end my vulnerability to be hurt or is there any other way to be vulnerable yet immune to the hurt that follows when you care about others?

Payments Industry Frauds – are you really prepared?

Note: My this article originally published in Business Recorder March 12, 2015.

Banks, Telcos and other Financial Institutions in Pakistan and globally are innovating and launching new electronic payment services at a promising pace, however, fraudsters on the other hand are also coming up with inventive tactics at a steady pace, to compromise these digital payments. Be it J.P. Morgan Hack leading to information leak of close to 80 million accounts or Target’s security breach in United States that lead to theft of at least 40 million credit cards’ information, for past two years the payments industry world-wide has been witnessing some of the biggest third party frauds of history. Having no similar statistics available on security breaches from within Pakistan does not indicate that the local industry has managed to secure itself, rather it just indicates the lack of reporting from this aspect as well as the need of heightened security scrutiny.
The recent Carbanak attack that targeted ATMs world-wide including Pakistan and resulted in losses of millions of dollars should be enough to raise alarms for Pakistan being on the target list of international gangs. Compliance to international security standards hence becomes a necessity to avoid financial and reputational risks by enabling customers to carry out safe and secure payments.

While there is no single standard that could act as a silver bullet, following are some of the security practices that are essentially needed for a multi-layered security strategy to thwart attacks:

PCI-DSS Compliance PCI-DSS known as the Payment Card Industry Data Security Standard is a widely used standard that applies to different entities involved in processing of card-based and cash-based transactions. It requires networks involved in exchange and processing of transaction information to be secure using Firewalls and other network level security measures. Similarly, all the servers, systems and applications involved in processing of financial transactions also need to be hardened with all necessary anti-malware installed. At the network and OS level, all latest security patches should be regularly installed. Stringent access control parameters also need to be in place to stop any un-authorised access to systems and/or applications.

All the software applications and solutions being used in payment processing play a critical role in enabling financial institutions to achieve PCI DSS Compliance as this standard has laid out specific rules for management of card, customer and transactional data. Any card holder information such as Track 2 or PIN data etc is to be transmitted in an encrypted format. Similarly, not all transactional data is not to be revealed completely for all application users and instead data masking technique is to be used. Several other rules respect to password policy and overall information security are also provided by PCI DSS.

In order to encourage development of applications that comply with these standards, the PCI Security Standards has also introduced a set of best practices for software application providers and vendors under the banner of PA-DSS compliance. For instance, TPS flagship product IRIS Enterprise Switch happens to be the only the Pakistani fintech product which has officially been awarded PA-DSS Compliance Certificate by the PCI Council.

EMV Compliance Pakistani card market is hugely dominated by Magstripe based cards whereas the increasing skimming and counterfeit based frauds highlight the need to switch to EMV complaint chip and pin based cards. While some of the local banks and financial institutions have started launching EMV based cased, there is need to migrate the existing card base to EMV complaint cards. For this issuer banks need card personalization systems that are capable of producing chip based cards according to EMV/Co standards. Additionally, the acquiring terminals be it ATMs or Point-of-Sale machines also need to be EMV compliant. This would help the local customers benefit from the cryptographic card authentication mechanisms.

Encryption and Tokenization Encryption enables merchants, acquirers and issuer banks to encrypt the tunnel carrying card holder/customer data or the data itself that is being transmitted. Encryption could be E2EE (End-to-End Encryption) or P2PE (Point-to-Point Encryption).

To further secure data, the technique of Tokenization is now being used to translate card holder data into randomly generated irreversible data after transaction is authorised and also codes against sensitive data in processing at the backend. In addition to these security techniques, Card-less transactions through bio-metric signature and other technologies such as NFC also seem to bring in secure payment mechanisms, however, it all largely depends on how long it takes for vulnerabilities in these systems to be exposed too. For any organisation, the key to prevent and mitigate frauds is to continuously invest in implementing latest security measures, create awareness in all stakeholders (merchants, customers and employees) about taking appropriate actions for secure transactions and complying with global security standards.

TPS Pakistan TPS was established in 1996 to provide bespoke payment systems and top notch customer services to banks. Focused since its inception to bring efficiency and convenience in banking and payments through use of right technology, TPS offers a combination of technical and business expertise in the area of card management, multi-channel issuing and acquiring, payment processing, alternate delivery channel management, bills payment, remittances, payment gateways and internet and mobile banking.

Today TPS serves over 120 customers across 32 countries in multiple industry verticals such as banks, telecoms, payment processors, central banks, exchange houses, issuers, acquirer and other financial institutions, across 32 countries in MEA, Europe, and Asia. Our prestigious clients for enterprise payment solution in the region include Central Bank of UAE, 1LINK (Pakistan), Network Int’l (UAE), EasyPaisa (Pakistan) and Omnibus (Bangladesh). Fariha Akhtar is currently serving as a technical solutions specialist in TPS. She is a technologist with strong passion for payments domain. She has been associated with TPS for over 7 years.

Celebrating Sindh Cultural and Ekta Day

I have always felt proud to have my roots in what is known as the ‘Land of Sufis and Mystics’ and that’s the primary reason why people of Sindh have always welcomed people from other parts of Pakistan and the World with open arms. It is because these Sufis and Saints that compassion and harmony comes as a second nature to natives of Sindh. Originally started in 2009 as a peaceful protest to the derogatory comments of a local anchor person, the Sindh Cultural and Ekta (Unity) Day is celebrated on first Sunday of every December. Over the years it has become a sign of solidarity among the inhabitants of Sindh and celebration of the thousands year old beautiful culture of this region.

Being a native, I also make a point to celebrate this day in any little way I could be it through spreading awareness about the culture of Sindh, wearing a nice cultural outfit or cooking any traditional Sindhi dish. This year, however, I was invited to be part of the Sindh Cultural Day celebration at US Consul General’s residence in Karachi. Since the event was also part of the showcase events of The All Pakistan Music Conference and had great line up of traditional sindhi music artists and also a US pianist Kimball Gallagher whom I would refer to as a pianist with a cause.

Despite being a huge fan of lazy Sundays, I decided to go out and attend this event and I am glad I did so as I got to listen some great piano performance LIVE and that too for the first time in life. Kimbal I can vouch is an amazing pianist. Learnt from him how even piano melodies could have characters carrying different personalities and how through his work Kimbal is helping budding pianists across the world. For instance, he played a melody that a young Afghani boy Elham orchestrated in a week after meeting Kimbal. As a tribute to this young boy, Kim often plays this in his solo performances and as he did so during one of his performances in Dubai, a woman contacted Kim and showed interest in helping Elham in any way she could. Kim knew that Elham did not have a piano of his own so he let that woman know about it and viola, some time after a piano arrive at Elham’s home in Kabul. See for yourself. Amazing isn’t it? and you must be thinking what does all that have to do with Sindh Cultural Day – my friends for me it’s the shared value of humanity and compassion that I saw in Kim and that I wish to see in all of us one day for inherently all humans are ONE! No matter, how different our cultures are, we could thrive only if we respect these differences and help each other in any way we could.

Anyway, so the second performance of the evening was by Mehmood Ali who played tabla with such perfection that all I could say in the end was WOW! It’s amazing to see so much talent in this country and what’s great is a lot of us take pride in what is traditionally ours.

The next performances were by Ustad Abdullah Khan who is country’s prime shehnai-nawaz and the all-time favorite of a lot of youngsters include me Saif Samejo from The Sketches who came up with a brilliant fusion of Sufi Sindhi Folk music and rock. Even though I had really wanted to stay till the end of this event, I couldn’t but I am sure all these performances that I missed would been equally mesmerizing. Good job US Consulate Karachi!