Face recognition technology has always been a concept that lived in fictional worlds, whether it was a tool to solve a crime or open doors. Today, our technology in this field has developed significantly as we are seeing it become more common in our everyday lives. In the mission of building a truly digital trust system, we at Signzy use Facial recognition technology to identify and authenticate individuals. The technology is able to perform this task in three steps: detecting the face, extracting features from the target, and finally matching and verifying. As a visual search engine tool, this technology is able to identify key factors within the given image of the face.
To pioneer our facial recognition technology, we wanted an edge over the current deep learning-based facial recognition models. Our idea was to embed human crafted knowledge into state of art CNN architectures to improve their accuracy. For that, we needed to do an extensive survey of the best facial feature descriptors. In this blog, we have shared a part of our research that describes some of the features.
Local binary patterns
LBP looks at points surrounding a central point and tests whether the surrounding points are greater than or less than the central point (i.e., gives a binary result). This is one of the basic and simple feature descriptors.
Gabor wavelets
They are linear filters used for texture analysis, which means that it basically analyses whether there are any specific frequency content in the image in specific directions in a localized region around the point or region of analysis.
Gabor jet similarities
These are the collection of the (complex-valued) responses of all Gabor wavelets of the family at a certain point in the image. The Gabor jet is a local texture descriptor, that can be used for various applications. One of these applications is to locate the texture in a given image. E.g., one might locate the position of the eye by scanning over the whole image. At each position in the image, the similarity between the reference Gabor jet and the Gabor jet at this location is computed using a bob.ip.gabor.Similarity.
Local phase quantisation
The local phase quantization (LPQ) method is based on the blur invariance property of the Fourier phase spectrum. It uses the local phase information extracted using the 2-D DFT or, more precisely, a short-term Fourier transform (STFT) computed over a rectangular M-by-M neighborhood at each pixel position x of the image f(x) defined by:
where Wu is the basis vector of the 2-D Discrete Fourier Transforms (DFT) at frequency u, and fx is another vector containing all M2 image samples from Nx.
Difference of Gaussians
It is a feature enhancement algorithm that involves the subtraction of one blurred version of an original image from another, less blurred version of the original. In the simple case of grayscale images, the blurred images are obtained by convolving the original grayscale images with Gaussian kernels having differing standard deviations. Blurring an image using a Gaussiankernel suppresses only high-frequency spatial information. Subtracting one image from the other preserves spatial information that lies between the range of frequencies that are preserved in the two blurred images. Thus, the difference of Gaussians is a band-pass filter that discards all but a handful of spatial frequencies that are present in the original grayscale image. Below are few examples with varying sigma ( standard deviation ) of the Gaussian kernel with detected blobs.
Histogram of gradients
The technique counts occurrences of gradient orientation in localized portions of an image. The idea behind HOG is that local object appearance and shape within an image can be described by the distribution of intensity gradients or edge directions. The image is divided into small connected regions called cells, and for the pixels within each cell, a histogram of gradient directions is compiled. The descriptor is the concatenation of these histograms.
FFT
Fourier Transform is used to analyze the frequency characteristics of various filters. For images, 2D Discrete Fourier Transform (DFT) is used to find the frequency domain. For a sinusoidal signal,
we can say f is the frequency of signal, and if its frequency domain is taken, we can see a spike at f. If signal is sampled to form a discrete signal, we get the same frequency domain, but is periodic in the range
or
( or for N-point DFT ).
You can consider an image as a signal which is sampled in two directions. So taking Fourier transforms in both X and Y directions gives you the frequency representation of the image.
Blob features
These methods are aimed at detecting regions in a digital image that differ in properties, such as brightness or color, compared to surrounding regions. Informally, a blob is a region of an image in which some properties are constant or approximately constant; all the points in a blob can be considered in some sense to be similar to each other.
CenSurE features
This feature detector is a scale-invariant center-surround detector (CENSURE) that claims to outperform other detectors and gives results in real-time.
ORB features
This is a very fast binary descriptor based on BRIEF, which is rotation invariant and resistant to noise.
Dlib — 68 facial key points
This is one of the most widely used facial feature descriptors. The facial landmark detector included in the dlib library is an implementation of the One Millisecond Face Alignment with an Ensemble of Regression Trees paper by Kazemi and Sullivan (2014). This method starts by using:
A training set of labeled facial landmarks on an image. These images are manually labeled, specifying specific (x, y)-coordinates of regions surrounding each facial structure.
Priors, of more specifically, the probability of distance between pairs of input pixels.
Given this training data, an ensemble of regression trees is trained to estimate the facial landmark positions directly from the pixel intensities themselves (i.e., no “feature extraction” is taking place). The end result is a facial landmark detector that can be used to detect facial landmarks in real-time with high-quality predictions.
Thus in this blog, we compile different facial features along with its code snippet. Different algorithms explain different facial features. The selection of the descriptor which gives high performance is truly based on the dataset in hand. The dataset’s size, diversity, sparsity, complexity plays a critical role in the selection of the algorithm. These human engineered features when fed into the convolution networks improve their accuracy.
About Signzy
Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.
Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.
Keep up-to-date with Signzy’s newest events, blog posts, and industry initiatives. Plus, enrich your fintech understanding with our curated selection of must-read articles and reports from experts worldwide. Your comprehensive guide to staying ahead in the fintech landscape.
Updates from Signzy: Signzy’s Netra Team became runner-up at the IDRBT IBTIC
Signzy’s Netra Team became runner-up at the IDRBT Banking Application Contest, 2018. We competed with the worlds largest IT organisations and banks for technology implementations and were judged by CIOs of Indias largest banks. We’re so glad to have received this recognition. We’ll continue to work even harder towards our vision of transforming traditional banking processes into a fully digital experience. Read here.
Signzy listed amongst the 10 RegTech Companies Making Waves in the Industry
We’ve been included in the list of the 10 RegTech Companies Making Waves in the Industry by Disruptor Daily — a publication that reports on groundbreaking and innovative technologies, trends and companies. It feels great to be listed along with companies like AYASDI, Feedzai, Forcepoint, Provenir and others. We’ll strive to build innovative solutions using AI to transform current semi-manual processes in financial institutions into real-time digital systems. Thereby making regulatory processes simple, secure yet compliant for these institutions. Read here.
Events we attended
Innovation And Startup Connect Event For Global Capability Centers (GCCs): We attended the NASSCOM’s Product Conclave’s — Innovation and Startup Connect Event for Global Capability Centers at Bengaluru. The event brought together the best in the product ecosystem connecting GCCs and startups to accelerate innovation and digital transformation. Signzy’s Ankit explained top institutions like Sony India, Target, and Samsung about how Signzy is using the power of AI to transform traditional banking into a fully digital experience. (16th March)
Tech in Asia Blockchain meetup: We were at the Tech in Asia Blockchain meetup at Bengaluru. Tech enthusiasts, experts, and founders explored the key verticals of blockchain technology at the meetup. Signzy’s Ashish was a part of the panel and discussed about the potential, use cases and controversies surrounding blockchain. (28th March)
Oracle Industry Connect: We attended the Oracle Industry Connect at New York, Midtown Hilton. The event brought together thought leaders and top execs and offered thought-provoking ideas and insights to address industry-specific challenges. Signzy’s Ankit discussed the implications of user privacy and data ownership — the key themes that will drive digital customer onboarding journeys at the event. (10th-11th April)
Asian Development Bank Event: We presented at the Asian Development Bank’s Event in Vietnam. Honoured to be helping in bringing about the digital revolution in Vietnam. Signzy’s Arpit talked about digitising customer onboarding, doing e-kyc, and making banking more efficient at this event. (11th-12th April)
IDRBT Hyderabad Meeting: We were at the IDRBT meet at Hyderabad. RBI’s IDRBT initiative was about fast tracking the development of innovative fintech solutions solving complex regulatory, compliance, and other industry challenges. Signzy was among the few select fintech companies RBI/IDRBT sought inputs from. Arpit from Signzy shared his insights towards building a fast-moving fintech ecosystem (16th April)
Future of Business Conclave: We were a part of the panel at the Future of Business Conclave by Cisco and YourStory on innovation-driven digitisation at Mumbai. Signzy’s Arpit explained-although digitisation is the new norm, it can’t encompass everything — operations like customer support must remain humanised at the event. (28th April)
Tech Updates from Signzy: How we replaced legacy banking processes with AI-driven technology
From our blog:
How we replaced legacy banking processes with AI-driven technology — A detailed article on power of deep learning explaining how AI transforms banking operations. Read here.
An approach to data privacy for Indian banks and financial institutions
An approach to data privacy for Indian banks and financial institutions — A must read explaining how Indian banks and financial institutions can approach data privacy despite the lack of regulations. Read here.
Industry News Updates from Signzy: Store data locally, RBI directs payment facilitators
The RBI released a notification asking financial technology companies to store all the data related to payments and transactions within India alone. Read on to know the impact the current directive has on the fintech companies storing/processing data. Check out the full story here.
About Signzy
Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.
Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.
About 85 countries in the world have their data privacy policies in place. Sadly, India isn’t one of them. While the Information Technology Act, 2000 does touch upon privacy policies, it’s hardly sufficient. The countries that have data privacy regimes are also evolving their models to suit the BIG DATA wave. For example, in the US, where user data privacy is protected under a bunch of legislations like the Children’s Online Privacy Protection Act, the Gramm-Leach-Bliley Act for financial information, the California Online Privacy Protection Act in California, etc is still looking for more a better way to regulate.
Comparing the US, the framework with the one from EU, Michelle De Mooy, the director for privacy and data at the Center for Democracy & Technology, explains that Europe has a “people-first mentality” that’s ”more than we do here in our capitalist society, where innovation is sort of equated with letting businesses do whatever they need to grow. That has translated into pretty weak data protection.”
EU is tightening its laws further with the upcoming GDPR. It has already got companies hustling to making their privacy policies compliant with the new laws. As the world gears up for a more stringent GDPR, let’s look at how Indian banks and financial institutions can approach data privacy despite the lack of regulations.
Failing on the data privacy score
Most banks and financial companies are committed to maintaining their data integrity and protect it against breaches. However, the same isn’t true when it comes to ensuring security & privacy. You could say that there’s some degree of laxity. Blame it on the “largely self-regulated” privacy guidelines or the “depends-on-the-context” grounds, but banks and financial institutions offering both data security and privacy are few.
In a global survey of more than 180 senior data privacy and security professionals, Capgemini found that lesser than 29% of them “offered both strong data privacy practices and a sound security strategy.”
What makes the situation more serious is that today’s banks use a giant tech ecosystem with partners sharing data to build better digital experiences for the end users. As data exchanges hands and lives in multiple places, the risk of data privacy breaches increases. This calls for an even more robust and thorough data privacy regime applying to the entire banking and fintech ecosystem.
But without much legal guidance on approaching data privacy, banks and financial institutions too are forced to take the self-regulation route just like the cryptocurrency businesses. Here’s how banks can handle data privacy until the regime gets regulated.
Self-regulation
While the data privacy laws are ever-evolving, some best and practice data privacy practices can prepare banks and financial institutions for the time when the laws and policies are actually formulated. PwC offers 6 excellent action points for financial institutions to use when handling data privacy:
Define privacy as primarily a legal and compliance regulatory matter.
Create a privacy office that develops privacy guidelines and interfaces with other stakeholders. If the financial institution does not currently have a separate privacy office, we recommend for the institution to hold an internal “privacy summit” that convenes key stakeholders from the lines of business, technology, compliance, and legal.
Identify and understand what the data is, where it resides, how it is classified, and how it flows through various systems. For example, financial, medical, and PII are subject to different restrictions in different jurisdictions.
Develop appropriate global data-transfer agreements for PII and other data that falls under privacy requirements.
Recognize and adhere to requirements when developing core business processes and cross-border data flows.
Preserve customer trust as the primary goal.
McKinsey & Company recommend another great tactic for approaching data privacy that companies can adopt to become data stewards. This strategy is of creating a “golden record” of every personal-data processing activity in a company to ensure compliance and traceability that goes “beyond documenting the system inventory and involves maintaining a full record of where all personal data comes from, what is done with them, what the lawful grounds for processing are, and whom the data are shared with.“
This tactic applies seamlessly to banks and financial institutions. They can start off by building records of what data they collect from their users and how the sharing with their tech partners happens — all of this while ensuring users’ consent for all their operations using the data.
In fact, in addition to self-regulating the data collection, usage, and sharing regime, banks must also build a data privacy taskforce that’s committed to ensuring compliance with the internal data privacy framework.
With the right records, resources, banks, and financial institutions must also see how they can ensure data privacy into their services and offerings by design and by default.
At Signzy, we don’t just view user data privacy proactiveness as a risk management strategy, but we see it as a core building block of a digital trust system. It’s a competitive advantage. We believe that data privacy inspires trust. And when we build digital solutions to tackle challenging legacy financial processes, we make sure that our solutions are structured in a way that user data privacy isn’t compromised while balancing both user expectations and regulatory compliance.
Wrapping it up
Although privacy is a largely law-regulated — and we currently lack the laws — it’s still not optional. And it goes way beyond just seeking the users’ consent for collecting and storing the information. While banks and financial institutions can’t probably go so far as to give their users the “right to erasure” or the “right to be forgotten,” they can surely embrace data privacy as the norm. With stringent self-regulation measures, Indian banks and financial companies can contribute to building trust and transparency in the Indian digital banking scenario until the laws get formulated.
About Signzy
Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.
Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.
Signzy — Building Global digital trust system using AI & Blockchain
One such interesting use case we encountered recently was about an id verification software. Given an image of an identity card the algorithm has to classify it to one of the following classes..
Aadhaar
PAN
Driving License
Passport
Voter Id
In this blog post we will take you to behind-the-scenes of our state-of-the-art system and how we tackled the problem, ultimately overpassing the targeted accuracy required for real world use.
Knowing the beast we are to fight
As soon as we began to dive deeper into understanding the problem and identifying techniques we would use to attack it, we realised the most important constraints of the id verification software that we had to work within and the aim we are striving to achieve.
The idea is to deploy the pipeline into financial institutions with all possibilities of input variation and yet it should surpass or at least be equivalent to accuracy of a human being. The solution is to work on data which arrives from the most rural parts with pics taken from even 0.3 MegaPixel cameras and travelling over a dramatically slow connectivity. We knew the toughest challenge was to cater to variations that could arrive in inputs.
Humans have evolved intelligence for thousands of years, and created the systems to be easily processed by themselves. Take for instance an identity card. It is designed in dimensions to sit in pocket wallet, color formats to be more soothing to human eyes, data format which could sit well read by humans. If the Identity cards were designed to be consumed by a computer vision software it would have been an easier game, but since that’s not the case it becomes especially challenging.
We talked with different on-ground stakeholders to identify variations in input to the id verification software. Collecting initial samples wasn’t that hard, since a lot of these variations were told by our end users, but we knew creating training data is not going to be easy. We realized this quickly and started creating exhaustive training data in heavily curated and precisely controlled laboratory settings. We were able to get desired training sets successfully, which was half the problem solved.
World is not the cozy laboratory, we know that!
Our target was to create an id verification software which could be more than 99% accurate and yet be fast enough to make an impact. This isn’t easy when you know your input is coming from the rural end of India and you won’t have high end GPUs to process on (As a matter of fact, our largest implementation of this solution runs without GPUs).
A gist of environment where our input is created
The id verification app is expected to perform well in different sorts of real world scenarios like varying viewpoints, illumination, deformation, occlusion, background clutter, less inter-class variation, high intra-class variation (eg. Driving License).
You can’t reject an application by an old rural lady, who has brought you a photocopy of printout which in turn is obtained from a scanned copy of a long faded PAN card. We took it as a challenge to create the system so that it can help even the rural Indian masses.
A few samples that we expect as input into our system are here:
Fig(1): Few samples our expected input data
The number of samples we have for training is a huge constraint, you only have so much time and resources to prepare your training data.
Creating the id verification software
Baby steps ahead
We tried out various online identity verification methods for solving the problem. Firstly we extracted features using Histogram of Oriented Gradients (HOG) feature extractor from OpenCV and then trained a Support Vector Machine (SVM) classifier on top of the extracted features. The results were further improved by choosing XGBoost classifier. We were able to reach about 72% accuracy. We were using Scikit learn machine learning framework for this.
Not enough, let’s try something else
In our second approach, we tried ‘Bag of words’ model where we had built a corpus containing unique words from each identity card. Then we feed the test identity cards to an inhouse developed OCR pipeline to extract text from the identity card. Finally we input the extracted text to a ‘Naive bayes’ classifier for the predictions. This method boosted the accuracy to 96% . But the drawback of this approach was that it can be easily fooled by hand written text.
Taking the deep learning leap
“The electric light did not come from the continuous improvement of candles.” — Oren Harari
In the next approach we trained a classical Convolutional Neural Network for this image classification task. We benchmarked various existing state of the art architectures to find out which works best for our dataset eg. Inception V4, VGG-16, ResNet, GooLeNet. We also tried on RMS prop and Stochastic Gradient Descent optimizers which did not turn out to be good. We finalized on ResNet 50 with Adam optimizer, learning rate of 0.001 & decay of 1e-5. But since we had less data our model could not converge. So we did a transfer learning from “Image net”, where we used the existing weights trained originally on 1 million images. We replaced the last layer with our identity labels and freezed the remaining layers and trained. We noted that still our validation error was high. Then we ran 5 epochs with all layers unfreezed. Finally we reached accuracy of around 91%. But still we were lagging by 9% from our target.
Hit the right nail kid, treat them as objects
The final approach is where the novelty of our algorithm lies. The idea is to use an image object detector ensemble model for image classification purpose. For eg. the Aadhaar identity has Indian Emblem, QR code objects in it. We train an object detector for detecting these objects in card and on presence with a certain level of confidence we classify it as a Aadhaar. Like this we found 8 objects which were unique to each identity. We trained on state of the art Faster Region Proposal CNN (FRCNN) architecture. The features maps are extracted by a CNN model and fed into a ROI proposal network and a classifier. The ROI network tries to predict the object bounding box and the classifier (Softmax) predicts the class labels. The errors are back propagated by ‘softmax L2 loss function’. We got good results on both precision and recall. But still the network was performing bad on rotated images. So we rotated those 8 objects in various angles and trained again on it. Finally we reached an accuracy of about 99.46% . We were using Tensorflow as the tool.
Fig(7): FRCNN architecture from original paper
But we were yet to solve one final problem i.e the execution time. It took FRCNN approximately 10 seconds to classify in a 4 core CPU. But the targeted time was 3 seconds. Because of the ROI pooling the model was slow. We explored and found out that Single shot multibox detector (SSD) architecture is much faster than FRCNN as it was end-to-end pipeline with no ROI layer. We re-trained the model in this architecture. We reached accuracy of about 99.15%. But our execution time was brought down to 2.8s.
Fig(12): SSD architecture from original paper
Good work lad! What next?
While the pipeline we had come up with till here has a very high accuracy and efficient processing time, it was yet far from the a productionised software. We conducted multiple rounds of quality checks and real world simulation on the entire pipeline. Fine-tuning the most impactful parameters and refining the stages, we have been recently been able to develop a production ready, world class classifier with an error rate less than human and at a much much lesser cost.
We are clearly seeing the impact deep learning can have on solving these problems which we once were unable to comprehend through technology. We were able to gauge the huge margin of enhancement that deep learning provides over traditional image processing algorithms. It’s truly the new technological wave. And that’s for good.
In the upcoming posts, we will share our story on how we tackled another very difficult problem — Optical Character Recognition (OCR). We are competing with global giants in this space including Google, Microsoft, IBM and Abby and clearly surpassing them in our use cases. We have a interesting story to tell over “How we became the global best in enterprise grade OCR“. Stay tuned.
Thank you.
Signzy AI team
Be part of our awesome journey
Do you believe that the modern world is driven by bits and bytes? And think you can take it on? We are looking for you. Drop us a note at careers@signzy.com.
Summary view
Real world is not your laboratory, training data needs to be diverse and needs better outlier handling
Deep learning requires you to be patient but once it starts getting effective it gives your exponential returns
In a narrow use case you can beat a global giant with all the computing power in the world.
So future of deep learning is not commoditized productsbut adoption of deep learning in use cases as a tool to bring intelligence across the board. Deep Learning has to be company culture and not just a ‘tool’.
About Signzy
Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.
Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.
Here are some updates from Signzy and a few useful reads from around the fintech world.
Signzy becomes the only fintech startup to make it to the TOP 6 at the Magnetic Maharashtra Convergence Startup Awards 2018
We made it to the TOP 6 finalists in the Startups under 30 competition at the Magnetic Maharashtra: Convergence 2018 Startup Awards organised by Maharashtra Industrial Development Corporation (MIDC). This award recognises young entrepreneurs who are trying to build a robust startup ecosystem in the state and thereby accelerating the nation’s economy. We’re so glad to have received this huge recognition. Acknowledgments like these drive us to work even harder towards cherishing our dream of transforming traditional banking into a fully digital experience. Read here.
Signzy wins NDIM’s ‘Business Excellence and Innovative Best Practices Academia Award — 2017’
We’ve been honoured with NDIM’s ‘Business Excellence and Innovative Best Practices Academia Award — 2017’. Every year the NDIM — a globally recognised premier management institute recognises professionals from different fields for their exemplary achievements strengthening India’s reputation nationally and internationally. Humbled to have been recognised for our work for helping financial institutions overcome their regulatory challenges and making them simple, secure yet compliant. It feels even more humbling to get the same recognition as top companies like Whirlpool, YourDOST, Bharat Financial Inclusion, Glenmark Pharmaceuticals, ART Capital, Blue Star and Premier Futsal.
Signzy listed amongst the 7 Most Innovative Companies In India
We’ve been included in the list of the 7 Most Innovative Companies In India. It feels great coming from Meltwater as it’s a leading brand management company serving top companies all over the world. We strive to build innovative solutions using AI to transform current semi-manual processes in financial institutions into real-time digital systems, thereby making regulatory processes simple, secure yet compliant for these institutions. Read here.
Events we attended
Magnetic Maharashtra : Convergence 2018:We participated in the “Start Ups under 30 competition” at the Magnetic Maharashtra : Convergence 2018 Start-up awards and made it to the TOP 6 finalists. The state’s first-ever Global Investment Summit was organised by Maharashtra Industrial Development Corporation (MIDC). Being a fintech startup we showcased our potential in the fintech domain and explained our vision of transforming banking to a fully digital experience which is inline with PM’s vision of Digital India. (18th-20th Feb Mumbai)
Fintegrate Zone 2018: We were at Fintegrate Zone 2018: India’s largest FinTech Conclave. The 3-Day conference saw more than 100 speakers, industry thought leaders, influencers, and founders sharing their insights on the key verticals of FinTech. Signzy’s Arpit shared his views on how RegTech is helping advance the Fintech ecosystem (27th-1st Mar Mumbai)
ENSPIRIT- 2.0: We were at ENSPIRIT- 2.0: IIM Raipur’s Management cum Cultural Festival. The Equinox flagship event brought together venture capitalists and founders who interacted with students encouraging their entrepreneurial spirit. We also participated and contributed to IIM Raipur’s vision of empowering Entrepreneurial excellence. Signzy’s Ankit spoke on the theme “Breaking Digital” at the mega event (9th Mar Raipur)
Cryptocurrency and Crypto Attacks (and How Regulation Can Help)
From our blog:
Cryptocurrency and Crypto Attacks (and How Regulation Can Help) — A quick read explaining the different types of crypto attacks and how introducing regulations can bring them down and pave the way for a safer and more secure cryptocurrency trading environment. Read here.
About Signzy
Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.
Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.
Crypto attacks have surged in tandem with the rising popularity of digital currencies, emphasizing the need for robust security measures. To safeguard against these threats, users must employ multi-factor authentication, maintain updated software and wallets, and be cautious of phishing attempts. Educating oneself on the latest types of attacks and remaining vigilant while conducting transactions is crucial.
We’re just two months into 2018 and $2,653,302,364+ of real money has already been spent to buy virtual money. Cryptocurrencies — whether regulated or not — have buyers all over the world, even in countries where their status lies in the limbo.
However, just like real money, virtual money is also being stolen. And just like real money investment scams, the virtual currency space, too, has its share of investment scams with cheats floating schemes promising lucrative returns and running away with all the money.
Let’s look at some of the most common crypto attacks and how regulation can bring them down.
ICOs (or Initial Coin Offerings) is a means of crowdfunding that allows new ventures/startups to raise capital without following the regulated processes and compliance needed by venture capitalists, stock exchanges, and banks.
While cryptocurrency ICOs intend to raise money for building the proposed ground-breaking blockchain solutions, scamsters only use them to loot. Their modus operandi is the same: Announce an ICO. Lure investors. Collect the cash and disappear.
The Benebit scam is one such recent ICO scam. In its whitepaper, Benebit had proposed a revolutionary customer loyalty blockchain solution. But it did a runner with about 4M USD when someone reported that Benebit’s website’s photos were stolen from some school’s website.
Phishing and Crypto Attacks & Thefts
When dealing with virtual currencies, customers face the same risks as they face when doing net banking. Cryptocurrency users are prone to all kinds of cyber attacks like phishing, password hacking, trojan software and others.
IBM’s X-Force research group states how cyber criminals have modified TrickBot, a banking trojan, to target cryptocurrency trading platforms by redirecting the virtual currency to their wallets during transactions.
Coincheck, a cryptocurrency exchange from Japan, was a victim of a cyber stealing attack and lost $530 million of its users money. Another Japan-based bitcoin exchange company, Mt. Gox, had in 2014 lost $400 million of its users’ funds. Although it promised to return the lost money, it ended up filing for bankruptcy.
Unlike traditional banks or card processing companies, cryptocurrency exchanges can’t do much to recover virtual currency.
Crypto Attack: ‘Cashing’ in on the Hype
When a technology is so new and disruptive as blockchain, it creates hype. A stream of scamsters use nothing but this hype and lure unsuspecting victims into investing their money.
The Suppoman scam is one such scam. A youtuber scammed hundreds of his viewers by promising information on a “secret ICO” if they bought one of his Udemy’s paid courses and joined his Facebook mastermind group. To join this group and get access to the password, the viewers were required to pay 10$.
Suppoman succeeded in creating such hype around the “secret ICO” that people started buying even his old Udemy courses so they could get the password. To the disappointment of the buyers, the secret ICO turned out to be: Seele, which is a very popular ICO everyone knows of.
There are also instances where scamsters rebranded old cryptocurrencies and raised funds all over again, only to run away with the money.
Countries that accept (or the ones that haven’t banned) cryptocurrencies are working on creating regulations to protect the investors against such attacks.
Regulatory Red Tape on Cryptocurrencies
Treating cryptocurrency companies like any other financial institutions and forming regulations for the same will clamp down — if not eliminate — most of the different crypto attacks.
Regulating to avoid tax evasion and ensure the money isn’t used for sponsoring shady activities: Subjecting cryptocurrency trading companies to stringent KYC, AML, user data privacy and other financial norms will help monitor the flow of fiat currency to crypto and vice-versa. This will also impose checks on issues like tax evasion.
In US (where cryptocurrencies are undergoing rapid regulation), virtual currency trading companies are required to register as money services businesses with the Financial Crimes Enforcement Network, a part of the U.S. Treasury Department.
Regulating to avoid fraud ICOs from raising funds: Regulating how ICOs are released and what happens to the money in the case of a non-delivery will protect investors from ponzi virtual currency schemes.
Gibraltar is working on a law that will regulate Initial Coin Offerings (ICOs) in the British overseas territory. This law aims to regulate how ICO tokens are promoted, sold, and distributed. Sian Jones, a senior GFSC advisor, says the regulation will introduce the concept of “authorized sponsors,” who’d be “responsible for assuring compliance with disclosure and financial crime rules.”
Regulating to strengthen the security norms of cryptocurrency makers and trading companies: Regulating the security standards for companies that deal with cryptocurrencies will help prevent thefts.
When it comes to securing users’ money in banks, RBI has given as many as 24 best practices on user, software, asset, environment, and security management. It would be interesting to see if RBI could introduce comparable standards for the cryptocurrency companies as well.
Regulation can pave the way for a safer and more secure cryptocurrency trading environment. Regulation will also handle the government’s key concerns such as financing illegitimate activities, money laundering, and terrorist financing related to crypto trading.
About Signzy
Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.
Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.
Although the cryptocurrency market is largely unregulated in India, cryptocurrency remains an investment option of interest for young Indians. Just recently, the Indian Income Tax Department issued tax notices to thousands of cryptocurrency investors. BR Balakrishnan, Director General of Investigation (Karnataka and Goa), Income Tax Department, said that they couldn’t turn a blind eye to the whole cryptocurrency investment space and that “It would have been disastrous to wait until the final verdict was out on its legality.”
So legal or regulated or not, cryptocurrencies are selling in India.
But the lack of government regulations on cryptocurrencies like bitcoins makes them prone to frauds. Recently, India has witnessed several cases of cryptocurrency frauds right from the 84-crore Goregaon cryptocurrency investment scam to the 2,200-crore Mumbai fraud incident.
Although RBI has never supported the usage or trading of cryptocurrencies in India, it hasn’t imposed any bans either. But the rising fraud instances show that there’s an urgent need to regulate the market.
Recently while presenting the Union Budget 2018, finance minister Arun Jaitley said “The government does not consider cryptocurrencies as legal tender or coin and will take all measures to eliminate use of these cryptoassets in financing illegitimate activities, or as part of the payment system.” The Finance Minister’s speech has triggered lots of responses from the Indian Cryptocurrency exchanges.
Shivam Thakral, co-founder and CEO Delhi-based BuyUcoin, said “Nothing new was quoted by our Finance Minister in the budget announcement today. It was a repetition of the same old cohort whilst the industry was expecting clarity over taxation and it’s regulation from the Government.”
Another bitcoin exchange Unocoin also maintains that no new Legislature has been introduced and the legal status of Cryptocurrency remains unchanged. That it’s the same unregulated virtual currency now as it was earlier. The Chief executive and co-founder of Unocoin Sathvik Vishwanath said “There is no change in the government stance with respect to trading cryptocurrencies. Cryptocurrency holders need not panic and the business is as usual.”
But even with the ‘impending’ official regulations, cryptocurrency companies can (and some are) proactively following norms such as KYC and AML, which they could certainly be subject to if the regulation happens. These measures will also address the key concerns the Finance Ministry has with cryptocurrencies.
Regulatory processes some Indian Cryptocurrency Companies are already implementing
While Indian cryptocurrency companies wait for the official regulation to happen, some of them are going ahead and borrowing the guidelines that apply to other financial institutions. This is the way to go as the international law firm, Norton Rose Fulbright, notes: “As a general rule, where no specific steps have been taken to regulate cryptocurrencies in the relevant jurisdiction, it would be necessary to refer to the existing legal and regulatory frameworks to understand how they might apply to the new circumstances that the technology enables.”
Which brings us to norms such as KYC, AML, and Data Privacy among others.
Atulya Bhatt, Founder of India’s leading cryptocurrency marketplace, BuyUcoin, stresses on how with self-regulation cryptocurrency companies can counter the anonymity of transactions and tackle money laundering in cryptocurrency trade. He says:
“Indian exchanges counter the anonymity of transactions and money laundering issues via self-regulation.”
Bhatt also recommends using advanced technological solutions for digital identity verification processes.
Hemanth Kumar, CIO at Unocoin (India’s most popular bitcoin wallet company), also underlines the importance of following KYC and AML provisions for cryptocurrency companies to remain accountable. He says:
“Regulation of entry points through strict KYC norms and deploying AML policies for monitoring the flow of the funds is key for any crypto exchange to bring in accountability of its customers.”
As you can see, KYC and AML are recurring themes even as cryptocurrency companies are practicing proactive self-regulations.
South Korea, which has just recently legalised cryptocurrencies, has already released a regulatory framework focusing on AML measures and KYC. The official document states that these measure will “reduce room for cryptocurrency transactions to be exploited for illegal activities, such as crimes, money laundering, and tax evasion.”
Key points from South Korea’s KYC and AML measures in its cryptocurrency regulation policies:
Cryptocurrency companies need to share (with the banks) information about the purpose of the transactions, the sources of funds, details about services the exchanges provide, and whether the exchanges are using verified real-name accounts
Cryptocurrency companies need to monitor (and report any) suspicious transactions
Cryptocurrency companies can only get bank accounts for functioning IF the exchanges provide their users’ ID information
If India, too, issues a similar framework, AML measures and KYC will clearly be the central themes.
In addition to these, cryptocurrency companies will also have to look into user data protection. Because cryptocurrencies use blockchains, and because blockchains are decentralized, distributed, and public, protecting the information on a blockchain can be challenging.
Wrapping it up…
Given the current state of regulation on cryptocurrency trading in India, cryptocurrency companies already have a lot at stake. But if India does end up following the likes of Japan, US, and South Korea and make virtual currencies legal, then all these companies will be expected to face regulations similar to most financial institutions.
Starting to work on deploying stronger KYC, user data privacy, and AML policies look like a great way to prepare for a time for when the regulation does happen. These measures also reinforce the government’s key concerns such as financing illegitimate activities, money laundering, and terrorist financing.
Signzy disclosure:The above content is an opinion and is for informational purposes only. Please don’t consider this as legal advice. It’s best to seek a legal consultant’s opinion before framing your policies.
About Signzy
Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.
Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.
Here are some updates from Signzy and a few useful reads from around the fintech world.
Signzy amongst top 9 finalists of the ABS Global Fintech Awards, 2017
We were among the top 9 finalists of the the ABS Global Fintech Award at the Singapore Fintech Fest 2017! We‘re so glad to have gotten the opportunity to showcase India’s fintech potential at the global stage.The fintech festival saw an incredible turnout with 25,000 amazing folks from 100+ countries. Ankit — who represented Signzy — also interacted with the Deputy Prime Minister of Singapore, Mr. Tharman Shanmugaratnam. We’ll continue striving towards our vision of transforming traditional banking processes into digital and more optimized ones.
Signzy shortlisted for the “Start-Up of the Year Award” category at the Express I.T. Awards
We competed with top startups like FlexiLoans.com, Razorpay Software, Lendingkart Group and others at the prestigious Express IT Awards. IT Awards honours the finest talents/companies driving innovation and leading professionals across the I.T. industry. It feels great to be recognized for our work for making financial institutions’ regulatory processes simple, secure, and compliant using advanced AI and cryptography. Read here.
Mastercard, Mswipe to use Signzy’s digital KYC solution to develop Asia’s first digital merchant onboarding experience
Mastercard in collaboration with Mswipe has developed Asia’s first digital merchant onboarding experience. This pioneering initiative is built upon Signzy’s digital KYC solution. Our KYC solution enables companies offer slick digital onboarding with real-time KYC. In this case, the merchants’ KYC processes will be completed within 30 minutes (as opposed to the standard 3-day period). Read here.
Events we attended
Global Conference on Cyber Space (GCCS) 2017 — We were at GCCS — one of the biggest cyberspace conferences in the world — at New Delhi. GCCS focuses on promoting policies and frameworks that aim to uphold digital democracy, maximize collaboration, and strengthen security, safety, technology, partnerships, and freedom. Arpit from Signzy attended the global event and demonstrated Signzy’s solution being used by SBI to Shri. Ajay Prakash Sawhney, Secretary Ministry of Electronics & Information Technology. (23rd Nov New Delhi)
GES 2017 — We were invited by NITI Aayog for the world’s biggest entrepreneurship summit that brings together entrepreneurs, investors, and business representatives from around the world. Signzy was among the selected startups whose solution were showcased at the event.(28th-30 Nov Hyderabad)
SCB Banking Digitisation Event — We were a part of the panel at the ‘Banking on Digitization’ event at the Taj Lands End, Mumbai. Ankit Ratan from Signzy presented our views on,”Competition vs partnership between fintechs and banks/regulators.” We also discussed why KYC is a constant source of complains, what are the hassles financial institutions face in adopting KYC, and how DLT and AI technologies can be used to transform current semi-manual processes into real-time digital systems. (28th Nov Mumbai)
Meeting with delegation of Banks in the ASEAN region — We presented our views on how fintechs can work with banks to a delegation of Banks in the ASEAN region. With IFC (International Finance Corporation) — a member of the World Bank Group, and MAS’s(Monetary Authority Of Singapore) support, fintechs and banks can collaborate to usher in rapid digitization of the entire Banking infrastructure. (17th Nov)
Smart Contracts — An Indian Perspective
From our blog:
Smart Contracts — An Indian Perspective: A must read explaining the emergence of smart contract technology, its legality, and feasibility from an Indian perspective. Read here.
About Signzy
Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.
Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.
Here are some updates from Signzy and a few useful reads from around the fintech world.
Signzy Becomes the Only Indian company to Make it to the 30 Finalists of the MAS Fintech Awards, 2017
We’ll compete with 29 of the world’s large and innovative financial institutions like Citibank, Firstdata, UOB and others at the prestigious MAS Global FinTech Awards 2017. We’re honoured to be recognised for our SME onboarding solution and can’t wait to showcase the Indian fintech potential at the global stage. Read here.
Signzy awarded with Nasscom Emerge 50 Awards 2017
Signzy received a special award in the fintech category at the Nasscom Emerge 50 Awards 2017. Over 400 companies participated and went through tough screening and scrutiny across parameters like value proposition, market differentiators, customers, market visibility, scalability, financials, growth and most importantly, innovation impact. Read here.
Product Update: Helping Users Onboard and Verify Identity Easily
Signzy has launched a new product — VideoComply. This allows remote users to onboard fully digitally and still complying with In person verification (IPV) norms. It uses cutting-edge video analytics to eliminate identity fraud. This advanced technology ensures your digital journey is secure and compliant.
Events we attended
DCB Innovation Carnival — DCB Bank Innovation Carnival at Mumbai and Bengaluru, brought Fintech enthusiasts, students, startups, designers and developers together to share their ideas, innovations, and solutions in the fintech space. Signzy was among its big Technology Partners like Redhat, Infosys, Microsoft and others at this mega carnival.
India Fix Conference — At the India Fix Conference (Mumbai) — India’s leading trading event — market participants, policy makers, regulators, solution providers, industry peers and colleagues discussed the most pressing problems in the trading world. Ankit Ratan from the Signzy team spoke on AI’s application in trading and finance.
The Economic Times Cards and Payments Summit — The Economic Times Cards and Payments Summit at Mumbai was a big tech event that discussed the emerging technologies in the cards and payments industry. Signzy’s Arpit Ratan presented a great pitch session at the Economic Times Cards and Payment Summit where he addressed some of the most pressing problems of the cards and payments industry industry.
OICV-IOSCO event — The OICV-IOSCO event focussed on the key issues about maintaining safety regulations worldwide. Signzy’s Ankit Ratan shared his views on artificial Intelligence’s transformative nature on the financial industry and what it means for the security regulators at the event. (IOSCO is the global body of securities regulators).
YESFINTECH Event — Fintech experts, entrepreneurs, investors, and mentors shared insightful discussions about collaboration between fintech startups and banks at the YESFINTECH event held at Mumbai and Bengaluru. Ankit Ratan, founder of Signzy explained how such partnerships benefit both parties as they allow sharing of assets, resources, and expertise to bring more value to the customers.
Anti-Money Laundering — 7th Annual Summit 2017, Fintelekt– The AML conference held at Mumbai gave a platform to regulators, financial industry practitioners, and consultants to have interesting interactions on current AML trends and issues, CFT, Trade Based Money Laundering, Money Laundering Threats from Virtual Currencies and more. Signzy cofounder Arpit Ratan was a part of the panel and spoke on Digital Payment Products, AML Risk Management, and P2P.
Security in a Digital World — Passwords, Biometrics, and OTPs (and Why Secrets Are Core to Safety)
From our blog:
Security in a digital world — Passwords, Biometrics and OTPs (and why secrets are core to safety) A must read explaining the different authentication factors that can help protect online security of financial institutions. Here’s the full story.
Full KYC Compliance Deadline, Interoperability, a Min 5 Crore Net Value and More — All You Need to Know About RBI’s New PPI Guidelines
Full KYC Compliance Deadline, Interoperability, a Min 5 Crore Net Value and More — All You Need to Know About RBI’s New PPI Guidelines — an informative article about the changes RBI has brought for all prepaid payment licence and wallet holders to enhance safety, security, and flexibility of online transactions. Read here.
Industry News: RBI Announces Guidelines for P2P NBFCs platforms
RBI has released new guidelines for P2P lending (NBFC-P2P). P2P lending is a form of crowdfunding that raises unsecured loans. This update will prove impactful for all P2P players. Read on to know more about the current RBI P2P regulations and their scope. Check out the full story here.
About Signzy
Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.
Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.
The RBI has recently released a revised set of directions in the PPI regulator framework. In its 20-point notification, RBI has asked all the PPIs (Prepaid Payment Instruments) to improve how they operate. With the latest regulations, in effect already, RBI will treat PPIs more or less like banks subjecting them to full compliance in the provisions like Know Your Customer (KYC), Anti-Money Laundering (AML), Combating Financing of Terrorism (CFT), and more.
In this article, we’ll look at the most significant changes that the RBI has introduced to the PPI framework.
But before that, we’ll see how the world has fought money laundering with a powerful tool called “KYC” because the biggest change that the updated RBI regulations bring to the PPI players is a mandatory full KYC.
Fighting money laundering with KYC
The UN General Assembly declaration in 1990 (precursor to the PMLA) — which was the first constructive global step against money laundering — focused on prevention of financing to illicit drug trade. Today the objective of the legislation is to stop money earned through illegal means from coming into traditional financial system and getting converted into legitimate money. Also, the same being used to fund such illegal activities including terrorism.
In pursuance of this noble objective, regulators have defined a KYC regime for financial institutions to follow. The Financial Action Task Force (FATF) is an intergovernmental body which recommends to countries regulatory regime for prevention of money laundering. Very recently FATF has defined a more risk based approach to counter money laundering.
One of the most important functions of financial regulators is to manage the risk within the financial system. This function manifests into a massive regulatory regime of KYC, which quite literally means know your customer and in essence know if he is a fraud, a money launderer or a terrorist.
Adopting KYCs as an AML measure in India
With a view to curb money laundering, terrorist financing, and fraudulent activities, RBI introduced KYC norms for banking institutions in 2002. These norms directed banking authorities to carry out tests and audits and freeze any accounts with suspicious activities (transactions).
RBI has always stressed on strict compliance of these guidelines and several big banks like Bank of Maharashtra, Dena Bank and the Oriental Bank of Commerce faced heavy penalties (1.5 crore each) for violation and non-compliance of certain KYC regulations and Anti Money Laundering (AML) norms.
Until now, October 2017, the RBI’s KYC guidelines were only applicable to banks. However, the latest regulation brings PPI players into its ambit.
A quick note about PPIs
In 2009, RBI paved the way for a new payment instrument which would not require the two factor authentication for small payments and will help in easier acceptance of payments by merchants. These pre-paid instrument (“PPI”) could be recharged with money and then used upto the recharged amount.
The initial PPI had allowed PPI to be issued for upto Rs. 1000 by accepting any customer identity document and upto Rs. 5000 by accepting an Officially Valid Document (OVD). This went through a transformation and in 2014 was relaxed by allowing PPI upto Rs. 10,000/- (total usage in a month) by accepting “minimum details of the customer”. Which transformed the PPI industry into what it is today and led to opening of wallets through mobiles and emails. Somehow though this was a boon for the industry, it did not go down well with the regulator.
In October 2016, an RBI senior official Nanda Dave stated that PPIs have been very lax in following KYC norms: “The customer is being identified by his or her mobile number, period. And such wallets have been used for routing money which has been fraudulently taken from bank accounts,” said Dave. “When we have no details of customers with us, it is very difficult to even trace where that money has gone,” she said.
The framework for regulation, authorisation, and supervision of the PPIs are governed by RBI’s “Issuance and Operation of PPIs”. These were issued in April 2009 and thereafter amended from time to time.
Since regulations on PPIs have been very light with low entry barriers, it was necessary for RBI to impose stiff and stringent norms on them.
To address the same, RBI released a Draft Circular called the “Master Directions on Issuance and Operation of Pre-paid Payment Instruments (PPIs) in India” in March last year. The circular was issued following the growing usage of PPIs for buying goods/services and for transferring money. In the circular, RBI recognized requests from stakeholders for relaxations in certain areas and also considered aspects that would strengthen the security and safety norms, mitigate risk, and protect customers using PPIs.
RBI took inputs from the different stakeholders on the provisions of the circular, following which, in a major step forward in this direction, RBI passed fresh rules for all prepaid payment licence and wallet companies. These include improved standards for safety, security, and flexibility of online transactions, interoperability of PPIs (and banks), full KYC, and more.
Let’s now take a look at a brief summary of these regulations.
The Updated Regulation Summary
Mandatory full KYC: As per the new directions, PPIs have to become full KYC compliant within 12 months. “The amount loaded in such PPIs during any month shall not exceed Rs 10,000 and the total amount loaded during the financial year shall not exceed Rs 100,000,” RBI said. If the compliance is not made further credit will be disallowed.
Interoperability: Interoperability can be enabled in only Full KYC (banking and non-banking) PPIs. This time-consuming process will be applied in phases with the first phase (spanning across the first 6 months) bringing interoperability between wallets, and the subsequent phases working on the interoperability between wallets and bank accounts, followed by the enabling of interoperability in PPI cards.
New capital requirements of Rs 15 crore for non-banks: For non-banking PPIs, new capital requirement is of Rs 15 crore (5 crore at the time of application and 15 crores within the next 3 financial years).
Cross border inward and outward remittances: Fully KYC complaint Wallets will now be able to undertake cross-border inward remittances. However, transaction limit can’t exceed Rs 5000 per cross-border transaction and the maximum wallet limit shouldn’t exceed Rs 50,000.
PPI issuers need to maintain records of transactions: PPI Issuers to maintain a record of all the transactions undertaken using the PPIs issued by them. They should also file Suspicious Transaction Report (STR) to Financial Intelligence Unit — India (FIU-IND).
Along with the new guidelines, RBI has also released a new Security Framework for PPI Issuers to prevent fraudulent activities and ensure user security.
The Newly Introduced Security Framework for PPI Issuers
Separate login for the PPI account: PPI issuers should maintain a separate login for PPI accounts and it should not be used to access any other services offered by the PPI Issuer or its associate/parent/group company etc.
Timeout features: PPI issuers should prevent invalid sign-in attempts and add inactivity timeout features.
Capping: PPI issuers should implement customer-enforced transaction caps on their users’ wallet transactions. The users should however be allowed to increase/exceed the caps with additional authentication and validation.
Cooling period for funds transfer: While opening an account/ loading funds/ adding a beneficiary, PPI issuers should place a cooling period for transfer of funds to prevent the fraudulent use of PPIs.
Other mechanisms: Issuers should place internal and external escalation mechanisms to prevent suspicious operations, loading and reloading of funds into the PPI and also alert the customer in case of such transactions.
Reporting frauds: PPI issuers should report frauds on a monthly/quarterly basis to the concerned Regional Office as per the directions. They should also monitor, handle, and follow-up on cyber security incidents and breaches immediately with the concerned authorities.
These updated regulations have raised a number of challenges for the wallet companies. Here’s a quick look into the most challenging aspects of the new norms.
The Key Challenges Wallet Companies Face Because of the New Norms
1. Full KYC compliance within 60 days
Complete KYC compliance will increase acquisition costs for wallet companies as it introduces tons of documentations and the paperwork. Cost of KYC per customer is estimated at nearly 150–200 Rs per customer by the industry.
2. Mobile wallet companies are required to have a minimum net worth of Rs 5 crore, hence will need fresh funding.
As per earlier guidelines, a minimum net worth of Rs 2 crore was required for mobile wallets. This net worth is now raised to Rs 5 crore at the time of application and Rs 15 Cr within 3 financial years after getting the authorization. This means, smaller wallet companies will need fundings to comply with the directions of RBI.
3. A one-year validity of the wallets. Also, auto-closing of wallets with zero balance.
Users’ wallets will be closed automatically if they continue to have zero balance for a year. A notice, however, will be issued to all such users before closure of their wallets.
“There are a large number of inactive wallets with no money in them,” said Gupta. “By enforcing this rule, RBI is all set to weed out those numbers and bring out actual figures around how many wallets are there in the system.
4. Implementing interoperability.
At present interoperability is limited to only UPI-based banks. However, with the new requirement of interoperability, PPIs will have to deal with a lot of technical and operational requirements of safety, security, and risk mitigation. The implementation is very complicated.
How the industry is gearing up to comply with the new PPI Guidelines
From the reactions that are coming in from the different payment players, it’s clear that they’ve already begun working on their KYC.
“ Interoperability with KYC is a great leveller and catalyst towards Collaborative Innovation for the ecosystem. We commend the RBI for its proactive stride and look forward to ongoing progressive regulations also for micro-payments use-cases with minimum or risk-based compliances. Especially if we need to transition to less-cash the digital alternatives need to be as seamless, frictionless and at par with other sectors like gold purchases which are completely anonymous up to Rs. 2 Lacs. Additionally the Finance Ministry and RBI have commissioned noteworthy committees like the Watal Committee on Digital Payments and Ramadorai Panel on Household Finance with apt findings and recommendations that as they get incorporated into regulations would fast forward in achieving the India FinTech potential.”
MobiKwik, another popular digital payments company, is also planning to increase its agent strength for the same and also trying for Aadhaar-based KYC through a one-time password.
“We have set a target of achieving 20 million full KYC wallets within the next one year and we are expecting an expenditure of around Rs 50 per customer,“ said Bipin Preet Singh, founder of MobiKwik wallet. “Though we have 65 million users, KYC formalities cannot be done with all of them.”
Oxigen Services, will give incentives to it’s retailers to look after the KYC process of the customers.
The long-term approach payment wallets must take (as RBI expects bank-level preparedness from them when dealing with money laundering)
Bringing at Par with Banks
The updated KYC norms for PPIs have made their KYC regime at par with banks. Therefore, there needs to be greater focus on compliance and audit. This move by RBI also indicates that wallet companies will now face KYC and AML audits like banks and may have to face heavy fines and penalties in case of non-compliance, thus necessitating more investment toward customer KYC.
The current wallet onboarding only includes email and mobile number verification. This will now have to upgrade to systems that can capture KYC documentation and data. Not only that, it will also need to have a risk and compliance check inbuilt for AML/CFT risk of the customer as well as a backend operations team to process these applications. The cost of customer onboarding for wallets will also raise as a result of this full KYC process.
The way forward for wallet providers is to find and use modern KYC solutions that will not only help them overcome this challenge but also ensure that they are able to scale operations without incurring heavy costs. Failing to do so would mean even these wallets will face the same challenges as banks face when scaling their KYC operations.
Investing in security and laundering protocols
In the long run, wallet companies, too, should aim for the same degree of security that banks offer. This includes:
Performing due diligence. Due diligence should be performed on the initiator and recipient who make/receive payments to ensure compliance of transactions with the anti-money laundering (AML) and counter-terrorism financing checks. Frequent screening that identifies accounts with unauthorised and unusual transactions should also be conducted and such accounts should be freezed.
Implementing transaction monitoring. To view transaction patterns of the customer base, machine learning models should be used. With the help of such AI, shady transactions can be detected. Moreover, transaction monitoring should be combined with AML and KYC screening to alert against suspicious financial activities of the customers. Transaction profiles should be maintained with all the account details of the customers such as cash deposits, withdrawals, transfers and payments.
Wallet apps have become a mainstream payment method as they offer convenience and value (by offering several coupons, membership cards, event passes, loyalty points, cashback and more) Customers can indeed save a lot of time and resources by using these wallet apps. However, instead of signing up for 10s of e-wallets with nil balances in each, users must use just one or two that support maximum apps/payments and keep them active. Also, the money transfer feature these wallets offer must also be used responsibly.
Wrapping it up…
Thanks to the growing government initiatives to push toward a cashless economy and the acceptance from the masses, the PPI space has grown exponentially in India. So there’s no doubt we need better regulation over PPIs. This update in the regulation — however strict it may seem — is needed, because even PPIs wouldn’t want their users to engage in money laundering or terror funding activities.
By bringing the PPI market tightly under the ambit of the more serious financial regulations, RBI has taken a big step toward a safer, cashless economy. So while the updated PPI norms do challenge several smaller companies in the short term, they will pave way for a safer, more user-friendly wallet experience eventually. Also, the security framework laid out by RBI is a big step toward ensuring the security of crores of Indians who are now actively opening up to the possibilities of a cashless economy.
About Signzy
Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.
Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
