Whereas the Aadhaar Enabled Cost System (AePS) has emerged because the foundational know-how enabling cash-in cash-out (CICO) throughout the nation, efforts by dangerous actors to defraud banking prospects by way of it proceed to be a urgent concern. The Reserve Financial institution of India (RBI), having taken notice, had issued (draft) instructions to all banks and the Nationwide Funds Company of India (NPCI) relating to the onboarding and ongoing due diligence of AePS touchpoint operators. Amongst different issues, the principles state that NPCI and buying banks should be certain that any AePS touchpoint operator is onboarded solely by one buying financial institution.
The idea for this was RBI’s 2010 pointers that didn’t allow customer support level operators (CSPs) to symbolize multiple financial institution on the level of buyer interface. This was vital for the context then, of restricted connectivity and monitoring capabilities of banks to supervise CSPs. Nevertheless, the banking surroundings has matured considerably. Whereas proactive motion in the direction of fraud prevention is welcome, our discipline analysis in 2022-23 signifies that mandating exclusivity for AePS operators could cut back the effectiveness of the system in serving the last-mile buyer.
Interviews with CSPs throughout three states point out that transaction failures on account of server downtime/failure are a quite common expertise. A Spice Cash research final 12 months discovered a 34% failure price in AePS transactions. Whereas NPCI publishes statistics on unscheduled downtime of AePS servers (situations the place greater than three lakh transactions are declined for over half-hour), a narrower definition and disaggregation of such incidents throughout geographies would assist to grasp the precise extent of server failure points.
Within the absence of strong knowledge, we’ve got established the affect of server failures/downtime on each CSPs and prospects anecdotally. When a transaction fails, the client can’t entry CICO providers. Prospects change into distressed when transactions fail after debit from their account, and there’s no certainty about when the reversal will take impact. CSPs lose earnings once they should flip prospects away on account of servers being down and could also be accused of fraud by prospects. Since CSPs make nice efforts to domesticate belief and good reputations inside their communities, as an example, by offering providers late into the evening to satisfy buyer wants, that is particularly worrying for them.
To keep away from these outcomes, CSPs recurrently purchase licenses from a number of suppliers. This apply has been noticed by our researchers for a few years now and corroborated by different stakeholders as nicely. Holding multiple licence permits CSPs to modify servers and entry the infrastructure of a second financial institution when the unique buying financial institution is experiencing downtime incidents. By doing so, CSPs guarantee steady availability of AePS withdrawal providers to prospects who strategy them.
We submit that the apply of CSPs “multi-homing” makes for a extra versatile AePS surroundings, offering person service continuity. Strictly requiring banks to ban this apply would stop the advantages of flexibility and comfort from accruing to prospects and CSPs. Along with limiting flexibility, this prohibition will not be very efficient in curbing fraudulent exercise, contemplating how some dangerous actors amongst CSPs cheat prospects of their cash utilizing the pretext of server failure or thumbprint mismatch. Equally, it might be ineffective to forestall fraud incidents that emerge upstream of the AePS surroundings, akin to mule KYCs.
It might be opportune to revisit and replace the regulatory and supervisory design of the BC mannequin, contemplating the technological developments and evolving wants of consumers and CSPs. Right this moment, the AePS generates copious quantities of knowledge that may be employed for fraud-monitoring functions. This knowledge may also be leveraged to undertake a graded, risk-based strategy in the direction of permitting CSPs to behave as non-exclusive operators that may leverage whichever financial institution’s servers present them with the very best chance of a profitable transaction. As an example, recurrently lively operators have a protracted historical past of endeavor CICO transactions in a single location, don’t seem within the NPCI blacklist, would not have a historical past of complaints from the company BC and will be assessed by buying banks and/or NPCI for this permission.
Brokers with the next danger rating could also be disallowed from accessing the AePS servers by way of banks aside from their unique acquirer. The rating may incorporate buyer suggestions obtained on the level of sale. Such a system would enhance fraud monitoring along with creating an general extra versatile and customer-friendly CICO surroundings.
Deepti George is the deputy govt director and head of technique, and Aishwarya Narayan is senior analysis affiliate, Dvara Analysis.The views expressed are private
