Are You Also Seeing an Spike in Fraudulent Messages?

In light of so many scam messages riding on re-KYC, PAN update etc to dupe the customer, here is a lesson I learned while working for HDFC Bank.

I was responsible for ensuring migration of all the cards from CBoP systems to HDFC Bank systems.

After careful consideration I prepared 3 possible strategies and presented to senior management to get their approval on one of them to execute the migration.

The meeting was attended by Group Head of IT, Operations and Business teams along with representatives from both banks.

We all pushed by re-carding. It would have certainly meant significantly more efforts for operations team but they were supportive of me in pushing for this strategy.

I managed to convince almost everyone present except for one person.

While this would have meant the best outcome for the business team, Group Head Business vetoed and rejected re-carding off all CBoP customers with HDFC Bank branded new cards.

He gave a reason that stayed with me forever and I want most people making rules should know this.

He said, “whenever we do activities like this in bulk, it’s an opportunity for fraudsters.”

When customers are expecting this drive from bank side, it gets easier for fraudsters to convince customers of their frauds using this very public drive by bank/authorities.

Update PAN, Link Aadhaar, periodic re-KYC are just few examples of such public drives which make customers vulnerable to frauds. Authorities should always move with caution when proposing anything like this.

Before above conversation I was also convinced of my strategy. In fact I managed to convince everyone else and they actively supported me during the meeting but for one person.

After that I was convinced that I was wrong. We quietly chose the next best option and went ahead. Everything went smoothly.

You learn these things only through practical experiences. No classroom can prepare you for this.

Brahmāstra: Part One – Shiva Review

The movie starts with the backstory of Infinity Stones and how powerful they are. It explains how a society of sorcerers was appointed to protect these stones from falling into wrong hands. Oops, wrong movie. The backstory is about the various astra which can harness the powers of various elements and animals. The most powerful of these astras is Brahmastra. Which for safekeeping was divided into three pieces and given to three different guardians for protection. 

One of the guardians of these pieces is a scientist named Mohan Bhargava (SRK), who somehow keeps this very important thing on his work desk that he has set up on his balcony. (I would recommend you to watch this entire scene of goons confronting SRK in mute so that the silly dialogs do not distract you from the decent VFX work done here.) SRK also has a payal wearing that can make his channel the power of monkey, which can help him jump around a bit but it still is unable to make him fight these goons. He is then captured and tortured for information regarding the second piece of Brahmastra. 

Before the second guardian is introduced we are told about the DJ Shiva, who sees a girl Isha in a party. Shiva somehow convinces Isha to join him for a birthday party. There Isha discovers that Shiva takes care of a few orphan kids and instantly falls in love with him. Then Shiva starts getting the vision of SRK being tortured by Junoon (Mouni Roy) and runs away leaving Isha alone. 

Next day he goes to meet Isha and she agrees to go with this person on a life threatening adventure to save the second guardian of Brahmastra, who is an archaeologist played by Nagarjuna. Why does she decide to go with Shiva, because her name Isha means Parvati so she thinks she must follow Shiva everywhere. (If you had to keep this scene, it would have made more sense to name the hero Shiv, because Shiva also means Parvati. If only Isha knew a little better.) But maybe saving the life of Nagarjuna was not that important, they go on sightseeing singing and dancing, making love storiyan. 

When they see Junoon they realise the actual reason they came to Varanasi and rush to find Nagarjuna. Here we are revealed that Nagarjuna has a Kangan that enables him to harness the power of Nandi. These astras are not very effective though (as clear from SRK cameo) Nagarjuna is shot and all three decide to run away to the secret ashram somewhere in Himalaya. Looks like they type “Guruji’s Secret Ashram” on google maps for directions. 

On the way to the Ashram they are again confronted by Junoon and her two goons. Nagarjuna gives the piece of Brahmastra to Shiva, which he carries in his pocket wrapped in a newspaper like it was wada-paav and stays there to fight Junoon. Junoon invokes Kavacha-astra (really? Does no-one in team Brahmastra know the difference between a Kavacha and an Astra?) and is protected from Nandi-astra attack. But as established before these astras are useless, Nagarjuna also is easily killed by these goons. 

So far only two characters have died and both of them possessed some powerful astras. Why exactly did we need a secret society to guard them? They are more suitable for circus tricks than fighting. 

By the way Junoon wears a bajooband which gives her powers of some astra. There is no concept of being worthy or earning the right to use astras. Anyone wearing these jewellery can use these astras. 

Eventually, Ranbir and Alia reach a closed gate but they are followed by one of the goons wearing the Vanar-astra payal. When he attacks Alia, Ranbir is able to invoke Agni-astra and burn the goon. 

Enter sorcerer supreme, Amitabh Bacchan. Sorry, Guruji. He tells Ranbir that he is agni-astra. Then they send Alia to recover a conch-shell from Ranbir’s house which belonged to his mother. Then Guruji reveals that his father was Anakin Skywalker, who after acquiring the knowledge of force became Darthwader. Sorry, Dev. 

Shiva’s mother helped defeat Dev and the third piece of Brahmastra is hidden in that conch-shell that Alia recovered. 

I forgot to mention that there are other kids also in the Ashram who are guardians of different astras like Nag-astra, Vayu-astra etc. Guruji himself is guardian of Prabhastra (basically he can convert a knife into a blue sword made of CGI. I told you not more than circus tricks)

In the meantime Junoon goes to Dev, who is made of stone right now and asks for help. Dev gives him a piece of coal, which Junoon converts into many pendants and puts them on some villagers. These villagers become surveillance drones controlled by her. 

Long story short Junoon ends up in the Ashram with her mind-controlled zombies and climactic CGI fight starts. Eventually Junoon is able to assemble all three pieces of the Brahmastra together and the power of Brahmastra starts destroying the world but then the world is saved by Prem-astra when Ranbir kisses Alia.

Us din Amithabh Bacchan ko ek baat pata chali ki Brahmastra se bhi shaktishali agar kuchh hai to wo hai prem. Aur hamein laga agar ye baat inko Mohabbatein ke time mein pata chal gayi hoti to hamein 3 ghanton ka torture nahin bardasht karna padta. 

Shamshera – Review

It’s been a while since I have written review for any movie but yesterday I watched a movie so atrocious that it compelled me to find time from my schedule to write about it.

I have seen many bad movies in the past but it is very rare that any movie has made me feel so angry. Yes. I felt many emotions while watching the movie but anger would be the foremost. Hence the decision to write about it.

I am sure that most people who were interested in watching this movie have already seen it. If you haven’t and you continue to read this post you may not feel like watching it anyway. Nevertheless, here is your spoiler warning.

The movie is set up in a fictional desert village in 1871 India and is about the Khameran people and how they faced discrimination at the hands of upper caste Hindus. Movie starts with the narrator giving us this background and then spends 30 minutes telling us the story of Shamshera, a character played by Ranbir Kapoor. So that there is no confusion what the movie is about the word caste is used in almost every dialog.

Because of the atrocities faced by them Khameran people become dacoits under the leadership of Shamshera and starts robbing upper caste people of the village. All these people then approach the helpful British guy and pay them a lot of gold to get rid of this menace called Shamshera. Enter Shuddh Singh, the character played by Sanjay Dutt, who is a Daroga in British Police and he cons Shamshera and his people into surrendering only to hold the entire tribe captive inside an abandoned fort.

Khameran people are tortured and Shamshera feels guilty of putting them in this position. So he strikes a bargain with the British guy to get his people freed in exchange for double the amount of gold they were paid to capture them. He tries to flee the captivity to secure the gold but is captured and killed. Evil Daroga Shuddh Singh makes everyone believe that he was a traitor to his tribe.

The movie then jumps 25 years in future and we are shown Balli. Shamshera’s son, who is also played by Ranbir Kapoor. Balli doesn’t like being called a Khameran and wants to join British police. Shuddh Singh asks Balli to torture a little boy if he wants to join the police and he refuses instead accepts being tortured himself. This changes him completely and now he wants to know the truth about his father’s death and wants to work for the Khameran cause. He manages to escape from the fort in his very first attempt and once outside a white horse is conveniently waiting for him. He rides the horse and conveniently bumps into the person who had been waiting for his father for last 25 years.

Then with the help of this person, played by Saurabh Shukla, Balli gathers a bunch of Khameran people who had been living in disguise for last 25 years and creates his gang. With the help of his girlfriend, who is a dancer, they start robbing rich people of the village so that they can gather enough gold to fulfil the condition agreed by his father.

At this point movie introduces the British Colonel who has come to stop this new Shamshera. He is a compassionate guy who is sympathetic to Shamshera’s cause. He even stops evil Shuddh Singh from committing atrocities multiple times. In this process Shuddh Singh even shoots him and many other compassionate British soldiers.

There are many problems in this movie but the biggest one according to me is that you are setting up a movie in British India and showing Britishers as good guys and upper class Indians as real villain. Please note that there is not a single non-Khameran (barring one guy whose role is so insignificant the you wont even remember him) Indian character who is a good guy. Even Winston Churchill could not have come up with such propaganda. The movie even ends with Balli killing Shuddh Singh showing glorious Union Jack flying atop the fort gate signifying the victory of good over evil. It is impossible for me to believe that this movie was made by an all Indian cast and crew, I so much wish that the cast and crew had revolted and disowned the movie. On the other hand I am glad that audience rejected this crap propaganda and sent a clear message to the makers that we are no longer fools to consume any stupid crap you feed us.

Even if we keep the politics and misplaced social messaging aside the movie suffers from bad writing and direction throughout. Audience is supposed to feel for the Khameran people but the way it has been edited, you feel no emotional connect with them. (You are shown a mad-max style scene where all these Khameran captives are receiving water thrown from fort walls, only to be later shown that there is an easily accessible well inside the fort. The well plays an important role.) We should have felt invested in Balli’s quest but the movie completely fails into making you feel for the father-son bond. (How can you, when Balli himself is shown mocking his father being called a traitor and joking about it.) The love story between Ranbir and Vani’s character is sudden and fails to connect with the audience. (They are out-of-the blue shown dancing together and you are supposed to believe that they are in love.) We are supposed to believe that Shuddh Singh is this evil mastermind while he at times comes across as a comedic figure. (Shuddh Singh does not realize Balli is Shamshera’s son despite they having exact same face. He connect the dots only when he sees Shamshera’s old wife.) There is a significant role of crows, which is left completely unexplained. (Appearance of crows is sudden and out-of-the blue, without any explanation.)

Special effects are very low quality. There is a scene involving a train, which was done better by the Burning Train 45 years back. Watch out for the baby Vani Kapoor is supposed to be holding during the climax of the movie. The songs except for the title track are all misplaced and affect the pace of the movie. Ranbir and Sanjay have acted well in some scenes but that cannot be enough to tolerate a torture of a movie like this.

I wish the cast and crew involved with this atrocity of a movie repent and never again attempt making something like this. I pray to god that audience keeps on rejecting such movies and makes sure they suffer huge losses, because they deserve it.

Maybe someday in future if I find time and inclination, I would also write about how they could have done better; just to show how your misplaced politics can make a mess of a potential opportunity to create something great.

Why did I decide to build Sutradhar?

I started working on building my start-up Sutradhar almost a year back. Not a single day has passed when people have not asked me, “why I chose to create Sutradhar and not some fintech?” Not an unexpected question, considering I have been a part of banking and fintech ecosystem in varying capacity for good 15 years.

When I decided to start my entrepreneurial journey, building a fintech was the first thought that crossed my find. I brainstormed multiple Fintech ideas with potential co-founders and investors. I almost zeroed in on an idea, which had few supporters, but then something happened.

I always wanted to be a storyteller, having written my first play when I was 10 years old. I never stopped writing since then. Somewhere along the way I even wrote screenplays, hoping that some day movies will be made on my stories.

This was an opportunity to work on something that would bring real joy to me, something that I wanted to do and I decided to grab this opportunity. People who know me well enough can tell you about my love to History and Mythology. So somehow building Sutradhar started to look like a much better thing to do than building a Fintech.

As any entrepreneur would tell you, the first successful pitch you make for your start-up is usually to your co-founder. If you can manage to find someone else who believes in your idea so much that he is ready to take the same risks you are taking to make it work, you have won your first battle. So, I made a call to my friend for 18 years and told him what I wanted to build. It’s the same person who had passed on multiple pitches from my side in the past. This time it took around ten minutes and he was on board. In fact being someone who has been tracking consumer internet and commerce space for many years, he pointed out the massive business opportunity that can be captured by introducing community and commerce.

Thus, started the journey to build Sutradhar, first of its kind platform dedicated for stories from ancient Indian literature.

One of the most important thing that separates humans from other species and can be held responsible of our survival and dominance is our ability of construct stories. Stories are powerful and has been used to make or break civilizations across generations.

We are world’s oldest surviving civilization and by virtue of that, we also have an extremely rich repository of stories which have been passed on across many generations. These stories have defined every aspect of our lives right from the words we use to festivals we celebrate. Even things we do in our day-today lives can find their roots in these stories.

Do you know why earth is called Prithvi? Did you know that time taken to blink is called Nimish? Did you know that the red light in the sky just before sunrise is called Arunima? Why do we celebrate Dhanteras? What is the story behind Kumbh mela? Why Godavari river is called Ganga of the south?

There are millions of such questions with millions of stories. These stories are key to our cultural heritage and they must be told to everyone. That is the objective I had in mind when I decided to build Sutradhar instead of building a Fintech.

I hope with blessings from everyone we will succeed in our objective. You can download our app by clicking here. The app is currently for Android users only, iPhone user can watch some of our stories through our website or youtube channel.

Making UPI Safer

I recently came across NPCI PayAuth Challenge, seeking proposals to improve UPI authentication process to enhance user experience and improved security. I thought this is a good reason to write a new blogpost. I have been a big advocate of risk based authentication and believe that it clearly has the potential significantly improve the authentication process without compromising the security. In fact there is a possibility of even improving security by removing blanket authentication protocol for all transactions.

UPI as a transaction method requires you to register your mobile device as a trusted device after authentication from your bank before you are allowed to transact. Smartphones are capable of capturing a lot of data points at the background. These data points combined with user information and past behaviour data available with your PSP (and/or Bank) can be used to arrive at indicators/score to assess the risk associated with any particular transaction. Based on the risk scope UPI app can trigger authentication protocol. Low risk transactions can be processed without additional authentication while, moderate risk transactions can be approved with simple authentication and high risk transactions can ask for stricter authentication protocols (could be an IVR based referral even if the risk is high).

The idea behind this thought is that your PSP has assess to more behavioral data than your merchant or bank; this behavioral data if used wisely can be an effective tool to offer a seamless transaction authentication experience without compromising on security. PSPs can create a user profile around behavioral data based on things like, where, when, what, how etc. of a transactions. Any deviation from this profile can be triggered for additional authentication.

Nowadays we even have technologies available to create a behavioral biometric profile of a user based on how he normally interacts with his device. This behavioral biometric can be used a first level of authentication (your mobile device is already mapped, which serves as one level of authentication anyway in every transaction) to process the transaction without any Password or PIN. In case of enhanced risk, Password/PIN can be triggered to ensure triple factor of authentication in this case.

1. What you have? your mobile device.

2. Who you are? your behavioral biometric.

3. What you know? Password/PIN

One warning though, do not ever use a SMS OTP based authentication for transaction performed from a mobile device. An OTP is falsely attributed as “What you know?” factor, while it is actually a repeat of “What you have?” An SMS OTP is validating the possession of the mobile device, which is redundant if transaction is performed from pre-verified and tagged mobile device.

Let me illustrate with few examples.

1. Let’s assume a particular customer pays electricity bill to same electricity company every month, in the range of 2000-5000 Rs. How the step-up authentication would work in following scenario?

a. Customer trying to pay bill of 4000 Rs to same electricity company. – Transaction can be approved without additional PIN

b. Customer trying to pay bill of 6000 Rs to same electricity company. – Customer will have to authenticate using PIN

c. Customer trying to pay bill of 3000 Rs to different electricity company. – Transaction will require PIN

2. A customer living in Mumbai regularly transacts at shops in his region with transaction amount ranging between 50 Rs to 5000 Rs depending on merchant category.

a. A transaction with-in the location range on a merchant category-amount combination with-in typical behavior range will be approved without PIN

b. Transactions outside the location range or a different merchant category or value higher than typical behavior range will require PIN.

With machine learning we can create self learning algorithms to cater to more complex scenarios and let the algorithm decide when to step-up the authentication. With more usage, the algorithms will keep on improving making it more effective with time.

PS: I know some start-ups who are working on behavioral biometric and will be happy to do a POC.

PS 2: Happy to brainstorm with anyone whoever is interested, only condition is one will have to adjust to my availability

Building Sutradhar

For last one year I have been busy building Sutradhar. It’s a platform for stories from Bhartiya Itihas and Mythology. Our ancient literature and oral folklore tradition is extremely rich and full of entertaining stories. At Sutradhar we are attempting to bring these stories to limelight by delivering them to your mobile phone.

I urge all of you to give it a try. Android users can download our app here.

We haven’t yet launched an iPhone app, but don’t feel disheartened; because you can subscribe to our youtube channel where we post some of our stories.

Here is one such story we did recently. Do check it out.

Conversation with a fraudster: Apparently I won an SUV on some Amazon Prime Lottery

Had the most amazing conversation just now. Brace yourself and read this:

Received a call from an unknown number telling me I have won lucky draw of Amazon company and have won a Tata Safari.

The generous caller gave me two options, either opt for the car or get the cash equivalent to the value of the car.

Since now I am in Gurgaon now, like any other person living here, I opted for the SUV.

The caller asks me to send my photograph and Aadhaar copy over WhatsApp and pay 8,000 Rs as processing charges.

At this point I asked the caller, “din me kitne logon ko aap aise bewakoof bana lete ho?”

The caller replied, “10-12.”

Me: Sahi hai boss, din ka 80K se 1L tak bana lete ho matlab.

Caller: Nahi. Dena bhi padta hai naa.

Me: Police ko? Kitna dete ho?

Caller: Din ka 10K.

Me: Matlab police bhi mili hui hai?

Caller: Police to 5 Rs me bik jaye, hum to 10K dete hain din ka.

Me: Aise gareebon ko lootna band karo. Nahi kisi din dande padenge.

Caller: Kaon marega dande. Police hi humare sath hai. Ab unse upar kaon hai?

Me: Police ke upar bhi hain log. Lootna acchi baat nahi hai.

Caller: Sir ab aap ek baat batao, abhi ek din ek vakeel ne hume 1L rupaye diye. Ab wo sabko lootta hoga. Humne usko loot liya to kya galat kiya.

Me: Hume to mat looto. Humari sab mehnat ki kamai hai.

Caller: Ab aapka number aaya to humne call kar diya. Aap aache admi lag rahe hain, warna loot to hum lete hi.

Me: Samjhdar aadmi ko aise lootna aasaan kaam nahi hai. Bewakoofon ko hi loot sakte ho. Ab tum Amazon bhi to dhang se bol nahi paate ho.

Caller: Aap manoge nahi kitne bewakoof hai. Vakeel se lakh rupaye loote hi nah humne.

This went on for some time and the caller kept justifying himself and was confident that he is doing nothing wrong and nobody can harm him. So I terminated the call wishing him all the best.

My only advice to anyone receiving such calls – Don’t Overestimate Your Luck.

ProTalks : Fireside Chat with Gaurav Tripathi

Join the Fireside Chat featuring Gaurav Tiwari, the founder of Sutradhar which is building an ecosystem to support storytellers focused on telling stories from Indian mythology and ancient history, legends and folklores.
Earlier he held senior roles at various banks with a focus on FinTech products and investments.

Protalks is a series hosted by Gaurav Tripathi to feature professionals who can inspire others.

Register here for FREE:

Save the date – 28th November 2020| Sunday| 06:00 pm

Protalks #firesidechat #superpro #entrepreneur #business #webinar #live #discussions #covid19 #technology

What Did I Learn in IIT?

I am often asked this question, specially in the context that my career choice has nothing do with my B.Tech. degree. I feel like recounting some of my experiences from my IIT life, which taught me a great deal and played a key role in shaping me as a person and have directly or indirectly helped me in my professional life as well.

Today I will recount a story from my 2nd year of IIT life, but before we get going, some background. People who are familiar with life in IIT Bombay or have seen Chhichhore know the competitive spirit between hostels when it comes to extracurricular activities. While Chhichhore talks about sports GC (General Championship), my story is more about Cult (cultural) GC.

I was in hostel 5 and at the end of my first year, when annual awards were being distributed, my hostel had won only one trophy. This trophy we won was in bridge, because we were fortunate to have one ace bridge player in our hostel. I was sitting in the crowd thinking why cannot our hostel win any awards. I told my friend sitting beside me that next year I will make sure our hostel wins at least one award.

With this conviction in my mind, I became dramatics secretary of my hostel and with the help of everyone in the hostel managed to win almost every inter-hostel dramatics event that year. Now coming back to the story.

The biggest inter-hostel creative event in IIT Bombay is called PAF, which is short for Performing Art Festival. In this event 2/3 hostels are paired together to put up a live play at the stage of Open Air Theater (OAT), witnessed by thousands of fellow students and other campus residents.

We design giant sets using crates, tables, newspaper and bamboos to facilitate the performance. I along with another senior from hostel was in-charge of set piece on center stage. The center stage was supposed to be the lair of a tantrik. The creative team gave us a design of a throne, which was supposed to be the main attraction of center stage. The design given to us looked something like this:

We had three days to design it, so we analyzed all the material we had and started working on it. We were having second thoughts about how the audience sitting in the OAT be able to appreciate the center piece like this and decided to be creative about it. At one point, I suggested checking with the creative team. To this my senior replied, “har kaam puchh-puchh ke nahi kiya jata.” (We need not ask permission for everything.)

So we kept working on our vision and kept learning and improvising at every step of the way. First we thought maybe we should make the skull bigger, if that was the main attraction. Then we decided that maybe instead of making a chair with skull on it, we should make a cave in the shape of a skull, where the character will sit inside its mouth.

While making it, we realized that mouth could not be made big enough for a person to fit. So, we decided to make nose of the skull big enough for a full size human to fit in it and designed steps for him to climb up and down. What we ended up creating was this.

Center stage for Shantimrigyam, PAF by hostel 5 and 6, IIT Bombay (2003)

We did not stop at that. We made the jaw of the skull movable, so when the villain laughed the jaw of the skull moved. (we made someone sit behind the skull to do this, since all our engineering efforts failed to produce results in time.)

I along with another friend sat behind the black curtain inside the two giant eyes and when the tantrik got killed we dropped red color, making it look like tears of blood.

That year along with winning the dramatics trophy, we also won the best PAF. The effort we had put in resulted into us winning best prop trophy.

Someone has uploaded a video of the PAF on Youtube (quality is very bad though), if you wish, you can watch the entire performance there.

If it is still not clear, what I learned from this experience, let me state it explicitly. I learned that if you are clear about the objective and are ready to learn and adopt, with belief in your own ability, you can end up achieving more than what you imagined to begin with. Don’t lose sight of the end goal. As long as you are clear of the bigger objective, finer details are not rules cast in stone but general guidelines.

Supporting Offline Transactions

In a recent communication RBI has pointed out the need for supporting digital transactions in offline mode in order to overcome the handicap of “lack of stable connectivity” as a hindrance to digital adoption. I thought it is a good time to talk about offline authorization, when it comes to processing payment transactions.

Some definitions first:

Authentication: Every payment transaction goes through two steps, authentication and authorization. Authentication is the step that validated the card user. Historically for transactions done using card plastic, this step was performed by taking signature of the customer on the merchant copy of the transaction slip. Then in order to ensure better security, RBI mandated the use of PIN inputted at the encrypted PIN-pad of the point of sale (POS) terminal.

For transactions performed without the plastic, i.e. used on a website, mobile app etc. this step is taken care of by asking the user to input a transaction password or OTP on the authentication page.

Authorization: Authorization is the step that validates the availability of funds. It is this step that is responsible for posting the transaction in your account.

Settlement: Settlement is the step that is responsible for movement of funds from Issuer Bank to Acquirer Bank. As part of this step the merchant claims the money from the acquirer bank and acquirer bank sends this claim to Visa/MasterCard/RuPay, which they then share with respective issuers for processing.

In online transaction scenario authentication and authorization are performed in real time, while the settlement is an offline step, that happens by exchanging the transaction data through the network and does not depend on connectivity at merchant location.

Offline Transaction: When a transaction is processed without connecting to issuer bank’s system in real time. This means the debit in your account will not appear immediately at the time of transaction.

There are two possible ways they will appear in your account, first is at the time of processing settlement, the issuer bank as part of their reconciliation process identify all the transactions where authorization was not performed online, but a settlement was received and post these transactions in customer’s account after reconciliation.

Second possibility is by syncing the offline transactions stored at the card/app next time the card interacts with another POS terminal that has connectivity or app finds the network connectivity. Don’t worry, will try to explain it in more details below.

This offline method of processing payment transactions has been in use in many countries but not in India. There are two primary reasons we did not see such transactions in India, (Transit cards and FasTag are two cases, where India does use offline method). First is low risk appetite. These transactions are riskier and there is possibility of more disputes and even possibility of loss to banks. Second is India is primarily a market driven by savings account and not credit cards. In savings accounts banks pay interest that means if a transaction is processed offline and is posted at a gap of few days to customer’s account (traditionally the gap between authorizations and settlement could be few days in many cases) the bank would in effect be paying interest to customer on money that she has already spent.

Floor Limit: Many countries have this concept called floor limit. What a floor limit means is at certain merchant categories payment transaction can be processed without online authorization provided transaction amount is below a certain amount. This amount in card terminology is referred as floor limit. So far floor limit in India has been Zero. Now from what I understand RBI is planning to make this floor limit as 200 Rs. That would mean any transaction below 200 Rs, processed at specific merchant categories will not require authorization from issuer bank. This transaction will be approved and stored at the terminal level and will be sent to acquirer at the time of settlement.

In this case no authentication or authorization is performed, just the details of the card are captured so that the claim can be prepared for settlement.

Now imagine if this was done few months back, would we have even needed FasTag. One of the very popular use case for this floor limit globally is toll payment.

EMV Cards: I am not sure how many of you know this but besides EMV being more secure, one of the reasons EMV was introduced was because of its capability to process transactions in offline mode, thus avoiding the need of sending every transaction through network and save on cost of communication. For countries where telecom cost is high, this could mean significant savings.

EMV protocol supports offline mode of transaction processing by provisioning for offline PIN, something that can be validated at card itself, thus taking care of the authentication step. There are various other parameters like last known balance (i.e. the balance at the time of last online transaction), cap on number of transaction (total number of transaction that can be approved at card chip level before it will force the transaction to go online. For example if this parameter is set up as 4, the chip will force every 5th transaction to be online. This 5th transaction will carry with it all the other past offline transactions thus syncing the issuer systems in the process.) and amount (cumulative amount up to which the chip on the card can process transaction in offline mode. Similar to the cap on number of transaction the moment this threshold is hit the chip forces the transaction to be processed online). From what I have read, it looks like RBI is proposing to set this amount limit at 2,000 Rs.

Most of the systems at banks these days are capable of the methods described above and should be able to implement without making much changes, thus can be rolled out fast.

Similar principles can be used in order to build the capability for other modes, which do not follow card protocol. In fact in case of modes like UPI, where a mobile device is involved this can be done in much better way considering unlike card a mobile device in capable of connecting to the issuer directly as soon as it finds network.

My IIT JEE Preparation Story

How a sixteen year old me navigated through coaching classes in Kanpur with almost no money to prepare for IIT JEE and managed to sail through in my first attempt.

I prepared this on request of my friends from ExtraClass to help their students in these uncertain times. Hopefully this will motivate kids preparing themselves for competitive exams in particular and life in general.

Decoding CRED : Part 2

There is nothing unique about acquiring customers by offering something extra for free, even our vegetable vendors have been doing this for ages. This is the reason he throws in those extra curry leaves in your bag whenever you buy vegetables from him. How often though have you seen a vegetable vendor giving away curry leaves for free but no vegetables to sell. Right now that is the situation of CRED. They have a customer acquisition strategy, but no core business model.

In my last post I talked about CRED transforming into a digital mall and offer their digital real estate for a fee to various D2C brands, however the unique part about these brands in D, they want to sell direct to the consumers by cutting the middlemen and pass on that value to the customers because internet has made it possible. Introducing CRED as a middle party defeats the whole D part of D2C. Also when the nearby shop with same footfalls in available for almost free, why would any brand pay high value for opening the shop in the Mall. This is the digital world. These brands when they are new might use CRED for few months of promotions and then divert the customers to their own digital shop (app or website) rather that sticking with CRED forever.

I think CRED team has also realized this and that is why they are now trying to pivot into becoming a fintech by offering services like rent payment and consumer loan. There have already been many rent payment options already existing in the market like Red Giraffe and No Broker, who even offer better deal than CRED in terms of transaction fee. Rent payment on Credit Card is something I would personally not recommend, however if you are a super premium card holder with superior reward program like more than 3% cashback or something similar then paying rent through CC may yet make some economic sense, however there are not many card holders that fall in that segment, and many who do are likely not living in a rented house.

Now on the consumer loan part, as of now as per my knowledge CRED is not an NBFC and offering this in partnership with some other lender. The problem with this option is that entire customer base of CRED is already eligible for a better deal offered by his/her bank. Some people say convenience may drive CRED users opt for the option offered through CRED than their bank, well in that case you do not understand the Indian consumer. First of all Indian consumer, no matter how rich prefers the option that gives him/her better value also CRED themselves don’t believe in that convenience hypothesis, that is why they sell themselves as “most rewarding way to pay your Credit Card bill” instead of “most convenient way to pay your Credit Card bill”.

Please also note that the customer base of CRED is the same customer base that banks also treasure. They typically get a dedicated relationship manager or personal banker. Banks will not let this customer get away, and even if by some odd chance CRED sees some traction in this regards banks may even try to block CRED something like what few banks did when they started seeing wallets as a threat.

So in the current situation they have nothing going for them in terms of a visible business plan hence they are spending all their energy on UI/UX, someone in the boardroom might be like “at least make it look premium so that the customer sticks around”.

Now question is what they could do, the only thing that comes to my mind is they can become a discovery platform for semi-luxury lifestyle goods, however with the economic slowdown caused by this pandemic, this semi-luxury consumption will see a steep downfall. My definition of semi-luxury is luxury items for upper middle class.

Thoughts on Product Management

While I rarely held the title of Product Manager, I spent most of my career as one. During my stints as part of Business Solutions Group in Banks, my role usually was to design solutions for the concepts raised by product or operations teams. I still took it upon myself to launch various initiatives on my own, throughout my career. In simple words I was the solutions guy who didn’t wait for someone else to identify the problems to work on them. When I look back, these initiatives were the best part of my job, specially when I see some of them have become industry standards now. In this post I am trying to look back and analyse, what worked for me. Hopefully this will help people who are working on Product roles or aspire to become one.

Spend considerable time with your users: Spending as little time as possible at my desk was one of the key features of my work-day. I would rarely be sitting at my desk, instead I would go to operations floor and spend time with teams there. I would sit with them, talk to them, watch them work and observe their day. One obvious benefit of this was knowing my users and his work-day. What my users appreciates and what irritates them. This also helped me empathize with my users. When a user would complain about some problem in the system I would take it seriously instead of trivialize it because I would know how much it affected her/his daily routine.

Another benefit of this was that I became the go-to person for them whenever they faced any issues. They trusted me and saw me as their representative inside the IT team.

The result of this was that with time I managed to automate most of their operational activities. The reconciliation system that I worked on with the help of our direct banking operations team is being sold internationally by that vendor and controls almost 85% of Indian market.

Talk to customer service team and study customer complaints: I was not only responsible for building solutions for operations team but also direct banking channels products used by bank customers. The first thing I did after joining bank was to find out the customer service head and set-up with a meeting with his team. I made sure they knew me and found me approachable. With-in months I managed to train them enough to address most of the customer complaints at their level itself.

The biggest advantage I got out of this was, whenever they got a tricky customer complaint, I was usually getting copied on them. I would try to analyse the complaint and sometimes these complaints resulted into redesigning our CX or a new feature.

I got the idea of introducing most of the debit card related support functions via net-banking through this. Now every bank is doing it because it is the most obvious thing to do. Sometimes obvious things are hardest to get attention though.

Spend time with your vendor/development team: If I was spending 30% of my work-day at my desk, rest of the time I was distributing between my operations teams and vendors/tech team. I would sit with my vendor, ask them questions about how a particular setting affected the system behavior. Sometimes, if I got a chance, I would even sit with them analyzing the code. This last part usually would happen on holidays, when I would call them to office with promise of drinks and pizza afterwards.

This made me aware of what the systems we were using were capable of and the speed of introducing any change in the system. If you have worked for any large organization, you would know that introducing any change in core systems is frowned up on, specially for smaller impact items. Hence my objective used to be to get thing done with zero to minimum changes in the core systems/processes. Knowing the systems capabilities and good equation with vendor teams helped.

When we decided to launch mobile payments in partnership with mChek way back in 2006/07, I could do it with zero code changes in our core systems. By the way this solution was designed for basic phones and I used mobile device as a factor of authentication.

Testing: During my early days one of my key responsibilities was testing and I used to hate it. I used to think that have I graduated from IIT to do this but with time I understood how important it was for my learning and growth as a product person. Testing gave me the opportunity to be the user. It would help me play around with the system to explore the capabilities of the system. It also helped me plug any process changes that need to be introduced or any user training required before we launch the product/feature more efficiently.

Once I understood the benefits of it I started spending time on our test systems voluntarily also. When my bank decided to have separated dedicated team for testing and also worked on testing automation, I insisted on my team still participating in the testing process. There is no better way to learn and experience actual user interaction.

Once when I was in a senior position in my organization and didn’t have to do testing myself, I decided to test the launch of new version of mobile app. I downloaded the app, log-in was with mobile number and OTP. OTP was being automatically read by the app, so no input from user. Yet I got error “Invalid OTP”. I tried again and this time it went through. I tried to probe further and noticed that the OTP in first attempt was 0431. I understood, what the problem was. I got the development team to check the field classification and got it changed accordingly. This was such a trivial and accidental discovery, with potentially huge impact. It also made me realize that even after 12 years, testing can throw these kind of surprises.

Be friends with Security, Risk and Audit guys: This is specially important because I was building products for one the most highly regulated industry prone to frauds resulting into real financial losses. This made me take regulatory aspects into account while designing a solution. This also made me appreciate and keep in mind fraud trends and how to control them at design level itself.

Things like KYC-AML, PCI-DSS and their impact on your product/feature are very important in your journey. There were projects where we had to factor regulatory reporting as key aspect of design process.

When I was working on GreenPIN project, this came in very handy. Things like you can/should not send a PIN over SMS, a card PIN should always be inputted on an encrypted key pad, J & K customers could not receive SMS etc were important aspects.

Be curious and keep experimenting and analyzing: Always analyze the data that is available. Data will tell you how your customer is interacting with your product/feature. Which features are loved by your customers and which are ignored. Data can often show you very interesting positive/negative ways your product/feature is being used and you may have to take some actions accordingly.

Get access to that test system and keep experimenting. Play around with parameters and observe how it affects the behavior.

Once I was observing data of one of innovative products launched by our bank and I observed that few of our customers were accessing that feature everyday doing a part of the action and leave it halfway. On further investigation I realized that they were trying to game the system into gaining unfair rewards. I immediately initiated a change in the system to plug this gap.

I am sure many of you would have already known most of these and were doing these things. Some of you probably knew and didn’t do, for them I have thrown examples of how exactly these things have helped me in actually real life situations. Hopefully people who want to become product managers or become proactive solutions guys may find this useful.