Making UPI Safer

I recently came across NPCI PayAuth Challenge, seeking proposals to improve UPI authentication process to enhance user experience and improved security. I thought this is a good reason to write a new blogpost. I have been a big advocate of risk based authentication and believe that it clearly has the potential significantly improve the authentication process without compromising the security. In fact there is a possibility of even improving security by removing blanket authentication protocol for all transactions.

UPI as a transaction method requires you to register your mobile device as a trusted device after authentication from your bank before you are allowed to transact. Smartphones are capable of capturing a lot of data points at the background. These data points combined with user information and past behaviour data available with your PSP (and/or Bank) can be used to arrive at indicators/score to assess the risk associated with any particular transaction. Based on the risk scope UPI app can trigger authentication protocol. Low risk transactions can be processed without additional authentication while, moderate risk transactions can be approved with simple authentication and high risk transactions can ask for stricter authentication protocols (could be an IVR based referral even if the risk is high).

The idea behind this thought is that your PSP has assess to more behavioral data than your merchant or bank; this behavioral data if used wisely can be an effective tool to offer a seamless transaction authentication experience without compromising on security. PSPs can create a user profile around behavioral data based on things like, where, when, what, how etc. of a transactions. Any deviation from this profile can be triggered for additional authentication.

Nowadays we even have technologies available to create a behavioral biometric profile of a user based on how he normally interacts with his device. This behavioral biometric can be used a first level of authentication (your mobile device is already mapped, which serves as one level of authentication anyway in every transaction) to process the transaction without any Password or PIN. In case of enhanced risk, Password/PIN can be triggered to ensure triple factor of authentication in this case.

1. What you have? your mobile device.

2. Who you are? your behavioral biometric.

3. What you know? Password/PIN

One warning though, do not ever use a SMS OTP based authentication for transaction performed from a mobile device. An OTP is falsely attributed as “What you know?” factor, while it is actually a repeat of “What you have?” An SMS OTP is validating the possession of the mobile device, which is redundant if transaction is performed from pre-verified and tagged mobile device.

Let me illustrate with few examples.

1. Let’s assume a particular customer pays electricity bill to same electricity company every month, in the range of 2000-5000 Rs. How the step-up authentication would work in following scenario?

a. Customer trying to pay bill of 4000 Rs to same electricity company. – Transaction can be approved without additional PIN

b. Customer trying to pay bill of 6000 Rs to same electricity company. – Customer will have to authenticate using PIN

c. Customer trying to pay bill of 3000 Rs to different electricity company. – Transaction will require PIN

2. A customer living in Mumbai regularly transacts at shops in his region with transaction amount ranging between 50 Rs to 5000 Rs depending on merchant category.

a. A transaction with-in the location range on a merchant category-amount combination with-in typical behavior range will be approved without PIN

b. Transactions outside the location range or a different merchant category or value higher than typical behavior range will require PIN.

With machine learning we can create self learning algorithms to cater to more complex scenarios and let the algorithm decide when to step-up the authentication. With more usage, the algorithms will keep on improving making it more effective with time.

PS: I know some start-ups who are working on behavioral biometric and will be happy to do a POC.

PS 2: Happy to brainstorm with anyone whoever is interested, only condition is one will have to adjust to my availability

Decoding CRED : Part 2

There is nothing unique about acquiring customers by offering something extra for free, even our vegetable vendors have been doing this for ages. This is the reason he throws in those extra curry leaves in your bag whenever you buy vegetables from him. How often though have you seen a vegetable vendor giving away curry leaves for free but no vegetables to sell. Right now that is the situation of CRED. They have a customer acquisition strategy, but no core business model.

In my last post I talked about CRED transforming into a digital mall and offer their digital real estate for a fee to various D2C brands, however the unique part about these brands in D, they want to sell direct to the consumers by cutting the middlemen and pass on that value to the customers because internet has made it possible. Introducing CRED as a middle party defeats the whole D part of D2C. Also when the nearby shop with same footfalls in available for almost free, why would any brand pay high value for opening the shop in the Mall. This is the digital world. These brands when they are new might use CRED for few months of promotions and then divert the customers to their own digital shop (app or website) rather that sticking with CRED forever.

I think CRED team has also realized this and that is why they are now trying to pivot into becoming a fintech by offering services like rent payment and consumer loan. There have already been many rent payment options already existing in the market like Red Giraffe and No Broker, who even offer better deal than CRED in terms of transaction fee. Rent payment on Credit Card is something I would personally not recommend, however if you are a super premium card holder with superior reward program like more than 3% cashback or something similar then paying rent through CC may yet make some economic sense, however there are not many card holders that fall in that segment, and many who do are likely not living in a rented house.

Now on the consumer loan part, as of now as per my knowledge CRED is not an NBFC and offering this in partnership with some other lender. The problem with this option is that entire customer base of CRED is already eligible for a better deal offered by his/her bank. Some people say convenience may drive CRED users opt for the option offered through CRED than their bank, well in that case you do not understand the Indian consumer. First of all Indian consumer, no matter how rich prefers the option that gives him/her better value also CRED themselves don’t believe in that convenience hypothesis, that is why they sell themselves as “most rewarding way to pay your Credit Card bill” instead of “most convenient way to pay your Credit Card bill”.

Please also note that the customer base of CRED is the same customer base that banks also treasure. They typically get a dedicated relationship manager or personal banker. Banks will not let this customer get away, and even if by some odd chance CRED sees some traction in this regards banks may even try to block CRED something like what few banks did when they started seeing wallets as a threat.

So in the current situation they have nothing going for them in terms of a visible business plan hence they are spending all their energy on UI/UX, someone in the boardroom might be like “at least make it look premium so that the customer sticks around”.

Now question is what they could do, the only thing that comes to my mind is they can become a discovery platform for semi-luxury lifestyle goods, however with the economic slowdown caused by this pandemic, this semi-luxury consumption will see a steep downfall. My definition of semi-luxury is luxury items for upper middle class.

Decoding CRED

CRED is one start-up, which has been getting a lot of media attention since it was launched by its charismatic founder, who in his previous avatar founded a very interesting start-up and gave a massive exit to his investors, when that start-up got acquired by Snapdeal. VC world loves a successful exit, for very obvious reasons. What do they love more than that though? They love it even more when the same founder offers them another chance at yet another successful bet. This time the confidence is higher, the dreams are bigger hence the bets are also bigger. Thus starts the journey of CRED.

Now most of us reading this post know about the massive funding round raised before even the launch. They are also aware of subsequent massive funding rounds before the start-up has even made any revenue. However there is one question in everyone’s mind. What exactly is CRED? Some call it a Fintech, while its own founder used to call it a Lifestyle company; some are still clueless. Very recently I read someone calling it an status symbol also. To that I jokingly mentioned that now the investors must be dreaming about it becoming the Louis Vuitton of the digital world and how they are now looking at another spectacular exit. Some may have even started planning, what they would do with this massive windfall.

I, like every other curious minds in start-up and Fintech space, have paid attention to CRED. Despite having no use for the base service it is offering, I yet downloaded the app. I even referred it to my wife to check what exactly is happening with their coin offering. One thing is for sure. The app is good to look at. It is one app, that I check from time to time without ever needing to use it for any purpose. I am someone who likes to keep things clean around myself, meaning when I don’t find the need for an app for a prolonged period of time, I just delete it. This is one app, I still keep. It’s just that good to look at. Design team of CRED, take a bow.

Let me start with a small story. Recently I was invited by my alma mater to mentor their budding entrepreneurs in the campus and I met this team of very bright young men still in their 2nd year of B.Tech. They are working on building something focused on students living in various campuses, so that companies wanting to advertise to that specific group of people can use their app to run campaigns on their platform and they can earn from these advertisers, while offering all the services to their users for free. They had thought of a bunch of services they were planning to offer. These services were all needed by students but not correlated or complimenting to each other in anyway.

I asked the team,”who is your customer?” They answered,”students.” I told them,”well, your customer is who pays you. While students are your users, your customers are the advertisers.” Then I tried to explain it to them using obvious examples of Google and Facebook and how the service they offer to their users is a mean to acquire user base, because their service is not their product. Their user base is their product. Then they find creative ways to sell this product (user base) to their customers, who are the advertisers.

I told the team that their thought process is in the right direction, however they should not focus on building ten services from the beginning. They should pick one to begin with, that they find most appealing and engaging to their potential user base and use that service to acquire as many users as possible. They may end up building all those service in the long run, but they should find an organic path towards it.

At this point in the discussion I invoked CRED. I told them while Facebook, Google and many more have built useful services to acquire user base for selling them ads, Kunal Shah is one brilliant mind. He noticed that in today’s market scenario the easiest way to acquire customers is offering them rewards. So instead of putting too much efforts in creating a service offering, he just picked up the common attribute of his target customer base (credit card) and offer them rewards for the very reason of possessing a credit card.

Under normal situation, one would spend resources building a service, then spend further in marketing and customer acquisition. This entire exercise will require a lot of money. Why not use that very same money to offer rewards to people and acquire them. Sounds simple? Well; it is. Now you can acquire the customer with this strategy, how you keep them engaged? Two ways, make the reward recurring (earn points on paying your monthly bill) and introduce gamification (lottery).

How do you make money now? The big question. Now that CRED has acquired a large number of customers who like to spend on lifestyle expenses (credit card users), next step is to connect Lifestyle brands to these customers. Imagine I run a premium coffee chain, opening a new outlet in Powai. What is the best way to market it? Whatever your answer is, unless it is CRED, it’s wrong answer. All you do is create a campaign for users living/working in Powai and surrounding area (200 Rs discount on your first visit up on burning 50,000 CRED points). Maybe you are launching a new premium FMCG brand. Create a campaign on CRED (spin the wheel to get 10-70% discount on your first purchase).

Why all the earning and burning points then? Well as I said Kunal is one of the smartest brains we have around. His offerings are designed based on users’ psychological needs not your mundane obvious things like paying your bills and all (this is probably the reason some people have called it a status symbol). All this earning and burning completes the loop and you are the hamster keeping the loop moving. It also makes this customer acquisition loop an opt-in. CRED is not into the business of selling your data. You will have to opt-in for the offer.

Just in case you have still not understood, how the money will be made; let me state it clearly. Each brand spends on customer acquisition, today they may be utilizing all the money they would be getting from brands for creating the offers, but they can always increase their margin. If the coffee chain offers you 200 Rs per customer acquired, you can make the offer 100 Rs discount instead of 200 Rs. Or spin the wheel. It may even go Google Pay’s “better luck next time” direction if there is too much pressure to generate revenue. Right now it looks like they have enough cash to keep on burning.

Some people may have question on why then they recently started rent payment and lending offerings. COVID is expected to hit the non-essential lifestyle expenses the hardest. With this situation, people will be less interested in visiting a new coffee chain or trying out new expensive face cream. That means the whole “Lifestyle company” business will slow down. These two recent offerings are attempts at offering something that is related to essential needs to its customer base.

He has not done this for the first time. Even Freecharge was same thing, targeting a completely different customer base though. You can say CRED is affluent person’s Freecharge. I think Freecharge had potential. When Snapdeal acquired it, the deal made some sense to me but when Axis Bank acquired it from Snapdeal, I knew it was a mistake and I also knew Axis Bank did not have any clue what Freecharge was all about (Axis Bank thought it was a Fintech, probably). This made me conclude that a Kunal Shah business can only be run by a Kunal Shah and there are not many Kunal Shah out there. He has an amazing understanding of how human psychology works and he uses this knowledge beautifully when creating his offering. So as long as Kunal is at the helm of CRED, it has the potential to grow into something unique and extraordinary and if he decides to sell it; there is a big chance it will also end up like Freecharge i.e. people in-charge of it having no clue what to do with it.

PS: Last night I heard the episode of Cyrus Says podcast with Kunal Shah, that more or less confirmed what I have written above. He also mentioned about a Mall that opened in Mumbai many years ago, which allowed entry only to people possessing mobile phones, cars or credit cards. So maybe he is trying to create that mall digitally. He has got the customers in the Mall already, he is waiting for brands to open their stores in this Mall and pay him rent for using his digital real estate.

PS 2: While I agree with most of the point he made there is slight deviation on what he mentioned about India being a low trust society. It may be true for cities, for whom most of the techies are building offerings, but I when we move beyond cities to smaller towns and villages, India is an extremely high trust society. I may be wrong, but being born in a small village and growing up in smaller towns my experience has been such.

How Does FASTag Work?

FASTag is part of NETC (National Electronic Toll Collection) program by NPCI designed to provide an interoperable method of toll collection across the country irrespective of the acquirer, simple meaning that your FASTag device issued by any issuer will work on any toll plaza across the country irrespective of its acquirer. That is the benefit you get when working with NPCI.

Couple of days back a friend working in transit payments called me to understand how FASTag works. That call gave me impression to write this post. Here I will be explaining the transaction flow of a FASTag transaction in simple terms:

What is FASTag?

FASTag is a RFID tag that stores static information like TAG ID, which can be read by the receivers installed at toll plazas.

How it is issued?

FASTag can be issued by any NETC member banks and it is linked to either your Current or Savings account maintained with the bank or a prepaid account created by the bank for this specific purpose. My bank gave me a prepaid account with separate credentials for inquiry and other financial transactions. In my opinion it will be wise for fleet companies to link FASTag for their vehicles to current account maintained by the company.

At the time of issuance a TAG ID is created, which is then linked to a CASA Account or Prepaid Account, depending on the implementation at your bank and your vehicle details like vehicle type (car, truck etc.) and category (personal, commercial etc.). TAG ID along with Vehicle details and Bank ID are then added in NETC mapper maintained by NPCI. As soon as your details are updated in NETC mapper, your FASTag is ready to use.

How it works?

NETC Transaction Flow (Image Source: NPCI)

Step 1: As soon as RFID tag affixed to the windshield of your vehicle is in range of the acceptance terminal installed at toll gate, terminal read the TAG ID and Vehicle Details and send them to acquiring bank

Step 2: Acquiring bank sends the details received from the terminal to NETC mapper,

Step 3: NETC Mapper validates the details collected from the TAG and responds with TAG Status. If TAG Status is active, it proceeds to next step else driver needs to pay cash. Other possibilities could be TAG is not registered yet (new TAG), TAG is blacklisted etc.

Step 4: After successful validation of TAG details and status, Acquirer system calculates the toll amount to be collected and sends to NETC Mapper.

Step 5: NETC System sends the debit request to issuing bank, based on the issuer bank ID maintained in the Mapper.

Step 6: Issuer system processes the debit into customer’s account linked to FASTag and sends response back to NETC system. In case no response is received with-in the defined time-out period it is assumed to be approved automatically.

Step 7: NETC System sends a notification to the acquirer system

Step 8: Acquirer system sends notification to respective toll plaza system

This transaction is performed in offline mode with systems syncing every 10 minutes. This means that by the time Step 8 happens your car is already far away from the toll-plaza. Once the TAG ID is validated and its status is found to be active, it is assumed that there is enough balance maintained at the bank’s end to settle the transaction, which happens at every settlement cycle and facilitated by NPCI through a system called EGCS (ETC Global Clearing and Settlement).

Settlement flow for FASTag transactions. (Image Source: NPCI)

NPCI basically collects the money from issuer banks and distributes it among acquirer banks as per the transactions processed during the settlement cycle. Acquirer bank then settles the funds with respective toll plazas.

What happens if your account does not have money?

Since the value of toll is usually small and syncing cycle is ten minutes, the exposure due to lack of funds in account is very limited. Having said that banks have a provision of keeping a security deposit for safeguarding themselves in any such possibility. In case your account does not have necessary funds to pay for the toll, same is deducted from your security and your FASTag is blacklisted and updated in NETC mapper to stop further transactions on that TAG till balance is maintained again.

My bank has taken 500 Rs as security deposit. The assumption is that for a private vehicle to pass through so many toll plazas with-in 10 minutes is practically very remote. I am assuming for heavy/commercial vehicles this security deposit would be higher. In case of fleet companies having multiple tags linked to same current account there might be a special arrangement negotiated with the issuer bank.

How to reload a FASTag account?

In case it is linked to your savings or current account, there is no question of separately reloading the account. While my bank doesn’t offer me this option, I am assuming, whichever banks would be offering this option must be keeping some cap on the amount from safeguarding perspective.

In case of prepaid account set-up like my bank, I have been given multiple options to reload. Your bank may even offer an auto-reload option where, if your balance goes below a particular threshold bank can initiate a reload by debiting your linked account or card that you may have provided while setting up the FASTag account.

This is the simplest explanation I could come up with for FASTag transaction flow that is easy to understand by most and also explains how it can be achieved at the speed of traffic i.e. your car practically doesn’t need to stop at the plaza for deducting the toll. This is unlike the regular transit card solutions where balance is usually maintained at the chip inside the card and offline balance is updated at the time of transaction.

Even more thoughts on MDR debate

In my last post I had touched upon the entire authorization piece for card transactions and how it makes sense to have MDR for Credit Card transactions however it feels unreasonable when it come to Debit Card transactions. Today I will explain the settlement aspect of transaction and try to make sense of MDR charges based on settlement flow.

How settlement for a card transaction works?

After transaction is completed merchant claims money from the acquiring bank. Acquiring bank further sends a file to Interchange and Interchange gets the money from Issuer Bank. This entire cycle traditionally used to take days.

Acquiring bank is making a guarantee to the merchant and based on that guarantee, they process the transaction. Interchange is giving the guarantee to acquirers. Meaning in the event of an issuers inability to pay for a transaction done by its customer the interchange will ensure that the acquirer gets paid for the money they have paid to the merchant.

Above risk is high if you assume settlement cycle spread across many days. However in today’s fast paced world the settlement cycle is shrinking. We are practically settling the transaction with-in T+1 days. There are continuous attempts to shrink this cycle to make it even near real time. If that happens the risk by acquirers and interchange is going to be practically zero.

Many debit cards in the market even follow a single message settlement protocol similar to ATM transactions. In this case there is no need for merchant to process any batch settlement. The settlement is processed automatically by default.

This risk taken by acquirers and interchange on top of supporting the ecosystem with their technology and operations is additional justification for them getting a share of the transaction fee, however this still beats me, why the fee should be paid by the merchant and not by the issuer.

The merchant is the first one to go out of pocket (he has sold the goods without money in his/her account) hence contributes to zero risk in this entire ecosystem. Customer is using his debit card meaning he/she is using the money that he/she has parked in the his/her account already, hence not contributing to any risk. At the time of transaction the money is debited from customer’s account and parked in a payable account by the issuer bank. It is this account that is used to settle money with the interchange.

If a issuer bank has managed to get into a situation somehow (recent Yes Bank situation) that they are not able to settle with the interchange it is definitely not because of the customer and/or the merchant, hence in all fairness it is them who should fund the entire ecosystem from their income through deposits and not fleece the merchants.

If you want merchant to pay MDR, issue credit cards and give enough incentives to your customers to use them. If customer prefers to use his/her debit card instead, it is ideally his/her bank’s responsibility to offer necessary ecosystem to access his/her funds. Always remember the issuer banks are already making profits by investing this money parked by customers in their CASA.

Four years back RBI suggested some reforms in this consultation paper however no action has happened in that direction. What I am suggesting is not exactly the same but fundamentally both are using the base analogy that the benefits are currently unfairly tilted in favor of issuer banks and it is these issuer banks who should bear the most of the burden instead of expecting other players in the ecosystem to fund for the infrastructure needed for its customers to access funds parked in their accounts in these banks.

Recent growth in this ecosystem was fueled by VC/PE money, which may not be available in same proportion given the current global slowdown caused primarily by the Coronavirus pandemic. This means some key players will find it extremely difficult to survive and it will not be good for the overall digital payment ecosystem. It is in the interest of issuer banks to save this ecosystem by taking ownership of the costs involved. If that doesn’t happen, only players surviving will be the ones with deep pockets not the ones with better innovation. This will eventually kill the innovation in this space and steer entrepreneurs away from attempting new/innovative solutions in this space.

More Thoughts on MDR Debate

So much chatter going on in Indian market around MDR, short for Merchant Discount Rate, thanks to NPCI making MDR zero for RuPay debit card transaction based on instructions from Finance Ministry. I had touched upon this topic once before here. However now coronavirus pandemic putting extra pressure on most of the businesses including payment facilitators, this topic is again making rounds. I felt like I should put together one post explaining my views in other post where I have supported the move of zero MDR.

First thing let’s talk about what is MDR and why it has been there as a key source of revenue for payment providers. MDR is the money that is paid by the merchant to the payment ecosystem used in facilitating the transaction. All the parties involved in the value chain i.e. acquirer, interchange and issuer get their share from this MDR including the third party technology or operations service providers used by these parties. MDR is typically a small percentage of transaction value, somewhere between 0.8 percent to 3 percent. Essentially what it means is that when you pay a merchant 100 Rs using your American Express credit card, the merchant actually gets only 97 Rs, while the 3 Rs are used to pay everyone involved in facilitating this exchange.

Now why would a merchant agree to take a cut in his/her income to facilitate this after-all it’s the merchant who drives the mode of transaction and not other way round. How often have you refused to deal with a merchant because he did not accept your credit card? You find a way to pay that merchant accepts and move on with your purchase. Then what is the answer? In a credit card world card company is facilitating the purchase by offering an instant credit to the customer thus taking a risk on the transaction, this risk taken by the issuer enables the purchase to go through, which may not have happened in case the credit was not issued at the time of transaction. Now here is something for the merchant to gain, he is gaining a sale, which may not have happened otherwise. That is the reason merchant doesn’t mind paying that MDR. Now issuer alone cannot support this massive ecosystem, so parts of this MDR is distributed among other participants in the ecosystem.

If the MDR was for supporting the technology and operational cost for running the ecosystem, it would have been a flat fee and not a percentage of the transaction amount, because cost of processing a transaction remains more or less the same irrespective of the transaction amount. So primary reason a merchant agrees to pay an MDR is because issuer is taking a risk on the transaction by issuing an instant credit in order to facilitate the purchase. Bigger the amount, bigger the risk for the issuer.

Then industry launched debit cards in order for customers to access the funds parked in their savings and current accounts. Instead of reinventing the wheel, they decided to ride on the same infrastructure set-up for credit cards to facilitate debit card transactions as well but then they got too lazy and even copied the same MDR based business model. In case of debit cards customer has already parked funds in banks and banks are making more money from that money and it is responsibility of banks to facilitate access of funds in his/her bank account to its customer. Banks do not want customers to line up in the branches because that is the most expensive mode of transaction for banks, in order to save that cost banks have set up digital infrastructure to provide easy access to customers, this also includes POS/Payment Gateway infrastructure.

I am of the view that MDR model is fine for credit card universe however it does not make any logical sense for debit card transactions and issuer banks should bear the cost of these transactions instead of passing that cost to merchants or customers in anyway. Issuer banks should pay interchange and acquirers on fixed fees basis, then acquirers should compensate their technology and operations partners from their share. Interchanges as the bodies at the center of all this should facilitate working of a reasonable compensation mechanism for sustainable ecosystem growth.

Since the industry had been running on this illogical model for far too long everyone had gotten used to it; but zero MDR move by Government should work as a catalyst to drive this change and implement a more logical and sustainable business model, which is not designed to unreasonably favor the banks. Banks should not be allowed to only benefit from this entire ecosystem, while other partners share the entire burden of cost. I hope NPCI leads the way here with support from RBI and Finance Ministry to arrive at a agreeable solution that doesn’t ruin the payment facilitators and force them out of business. If that happens customer will be the biggest loser.

PS: This piece was originally published as my opinion piece on IBS Intelligence blog.

Google Debit Card

Recently I came across news stories covering Google’s plan to launch a Debit Card. It all started with this TechCrunch article comparing this move with Apple Card launch. First of all, to me that is not a fair comparison to begin with because Credit and Debit card are two fundamentally different products at their core. If you keenly analyse the brand positioning of Apple vs Android, you would realize that these offerings are very much in-sync with that. This also reflects the markets where each of them are dominant players. While Apple’s dominance is in markets where credit is primary mode of transaction, however Android is leader in markets with savings account as primary source of funds for day today expenses. All those jokes about one needing credit to buy an iPhone are based on some truth.

As the TechCrunch article also pointed out, it is not Google’s first attempt at launching a card, they tried it when they launched Google Wallet in 2012. (I keenly followed that project, because I was in process of building my own wallet before Google announced their pilot. This is story for another time though.) While there were many aspects of Google Wallet that I found fascinating, I was skeptical about the debit card bit because of the entire on-boarding experience. I had seen journey of multiple debit card variants physical, virtual, mobile launched by HDFC Bank to make that prediction.

Now however the times have changed. First of all, now Google has experienced massive success in India under UPI product, which inherently accesses the funds from CASA accounts only. This must have given massive confidence boost to Google Pay team to make another attempt at launching an instrument accessing funds from CASA accounts. Since UPI is as of now an India specific phenomenon, Google is trying to rely on Debit Card variant one more time, now riding on the newfound confidence. What will be the on-boarding experience is not yet known, but if they can use the learning from earlier experience, they might be able to do it better. We managed to issue a very efficient mobile variant of debit card in 2006-07, as part of m-Chek project I did for HDFC Bank in partnership with then m-Chek and Airtel. It was for not so smart phones popular back then, now the world has moved much ahead in technology adoption.

Why Google would want to do this? My answer to this question is still the same as it was in 2013. Google’s primary source of revenue is ads. Currently Google can very efficiently track the efficiency of their ads right up to the point of click, however it is not so efficient when it comes to tracking the last mile of purchase. Being able to know the effectiveness of their ads right up to the point of purchase is equivalent of digital gold for Google, a company that has built the biggest empire on user data.

This data will be the key to unlocking an effective way for selling Financial Products like Insurance, Investment Products etc, which are essentially push products and no digital company has so far been able to crack the code for selling such push products (I was planning to go on this journey but then fate had other plans for me). If Google can crack this piece of the puzzle with access to this additional data, it will completely revolutionize the way products are sold digitally and I am not talking about Financial products only here.

In addition to above it would be very easy for Google to push transactions happening with-in their ecosystem on these cards. This is what the partnering banks gain, an easy distribution channel and almost certain activation, with massive transaction value flowing through these cards.

In summary, if done right, I believe it is going to be a game-changing move completely different from Apple Pay’s journey. This not only has the potential to impact Fintech world in a big way but also how entire digital commerce is done today.

PS: This also has the potential to make Google first truly effective neo-bank for retail customers, however I am not sure if Google would have those aspirations.

Fintech in the time of Coronavirus

We are now living in the time of highly contagious COVID19 caused by novel Coronavirus infection. Since there is still no vaccine or cure for this the only way being recommended to control the spread of this disease is social distancing. This means everyone is requested to stay at home unless absolutely necessary and avoid social contact as much as possible, leading to most of the businesses requesting their employees to work from home also shutting down all the avenues facilitating any form of social gathering like pubs, nightclubs, theaters etc. Any form of travel is restricted affecting entire travel and hospitality industry. Airports are deserted, Airbnbs are getting cancelled, airlines are under pressure to let go of cancellation fees, Ola and Uber are also seeing significant declines in their daily rides. Schools are colleges have shut down their campuses, with critical courses being run on google hangouts or zoom. Many Edtech platforms have made their courses free so as to reach a wider audience and benefit them. Personal hygiene and cleanliness is at all time high with people washing their hands for at least 20 seconds with soap multiple times a day. Many social media influencers are making videos teaching everyone how to wash their hands properly. I was wandering if they ever make a movie about this pandemic Akshay Kumar may play the role of Dettol Handwash. Kids making fun of Bunty for washing his hands for too long are now following his lead. Bunty is the new hero.

He is my new hero. Sab marenge, sirf Bunty bachega.

Some of these behavior changes maybe temporary like people may start going on holiday again once the dust settles, however some of these changes will be here to stay. In this post I will be talking about some very obvious and some not so obvious impacts of long term changes in Fintech industry. So brace yourself and pay attention for this post might reveal some key opportunities in time to come.


In long term I don’t see this impacting digital payment industry very significantly, however this could be a good opportunity to promote contactless payment options like QR Code, NFC, RFID, Tone etc. If your new hygiene conscious self is now worried about touching the cash that may have exchanged unknown number of hands before you, same logic should be extended for exchanging of plastic and entering the PIN on the keypad touched by so many people before you. While many of us may not go to that extent, if one can appeal to the Maya Sarabhai inside the consumer, they can utilize it to gain traction on these payment modes.

This situation of social isolation will also increase online shopping specially daily use perishable items, thus shifting the transactions from offline brick and mortar stores to mobile apps like Grofers, Big Basket, Prime Now etc.


While travel insurance might be taking a temporary hit a situation like this reminding whole world of their mortality is a perfect opportunity to sell protection products like health and life. I would be expecting to see a significant boost in sale of insurance products in next few months specially life and health variants. This situation is not only making us sensitive about our personal health but also of the people around us that includes our household staff. We may see the premium go up slightly though.

A marketing mailer from Religare Insurance

I would not be surprised if we see some interesting products coming from the industry with affordable premium. We should see insurance companies creating special policies for household staff and promote them through housing societies. Many organizations relying on gig workers like Ola, Uber, Zomato, Swiggy, Dunzo etc may now be more willing to buy insurance cover for their contract workers. It may even be recommended to them as part of their business continuity and disaster planning.

An interesting variant of insurance cover would be to cover for loss of income during such lock-downs offering protection to gig workers and other daily wage operators to protect themselves in case of another such disaster. Even small businesses will be interested in such kind of protection. This needs to be done now and fast when the memory of the disaster is fresh in everyone’s mind. Few years down the line this product may again not find many takers.

Investing and Wealth Management

With markets correcting 30%-40% primarily due to the pandemic we might see entry of new investors. While old investors would be licking their wounds and crying over the loss of wealth, new investors who were sitting on cash will find this an opportunity of cheap entry. As is evident by the following graph shared by Nithin Kamath of Zerodha, new account opening on their platform has seen a significant spike.

New account opening on Zerodha platform have shown a significant spike. Source twitter @Nithin0dha

Market at so low coupled with Yes Bank disaster customer might be feeling, if his bank FD is also at risk then why not take bigger risk and aim for better returns by investing in Equity rather than sitting on Cash. However the investors who would have lost significant wealth due to this crash may decide to sit quietly for few months in future.

*Please note that I am only talking about retail investors here and not traders or institutions.

Mutual funds may also observe a spike in new to investing customers. Some customers who were relying on their own for equity investment may now be open to seeking an advisor or moving to actively managed funds after this sudden crash.


One of the most commonly used financial service will continue pushing in the direction they have been for years now i.e. to avoid footfalls in the branches specially for service needs. Social distancing should help their cause further. While Banks have been working on creation single man branches (I personally worked on one project in HDFC Bank called Ultra Small Branch years ago) in rural areas, we may even see banks go for branches with fewer staff in future even in urban centers.

Ghar se banking Corona.

Bank branches have the potential to become the most effective center for selling other financial services products like Insurance, Mutual Funds etc. While many banks have been doing this for years and commission from sales of third party products form a significant part of their revenues, however they have not been exploiting their full potential. With sales of third party products becoming their primary responsibility they may end up becoming more effective. This would require banks to carefully re-brand and re-position their branch network. Most of the Financial Services products are push products, what better way to sell them through a bank branch. This means the composition of a bank branch is going to look considerably different with fewer tellers and more insurance and investing experts.

In my opinion if banks play it right the new stream of wealth management start-ups will find their biggest competition from large banks. The “if” in the beginning of previous sentence is a very big if though. Are banks ready to transform their entire way of working. If they are not, then they should only focus on holding the money and managing the treasury, outsourcing entire sales and services to third parties, wherever digital mode doesn’t work well.


Short term lenders like SmartCoin, Early Salary may see temporary spike in their loan book with new customers seeking temporary respite from loss of income relying on these short term lenders to fill the gap. On the other hand POS lenders like Bajaj Finance, Home Credit etc may find a significant drop in their transactions due to customers shopping less because of lock-down. Similar drop is expected in Credit Card transactions as well.

So if we refer to the other post on this blog, “phone pe loan” will spike while “loan pe phone” will see temporary drop.

SME lending is another area that will observe spike because most of the small businesses will need loan to support themselves for temporary loss of business due to significant drop in overall commerce.

In the end my theory is that India will emerge stronger once this crisis is over. We are much better placed to tackle this situation because of 1. median age ~26, 2. older population largely socially isolated because of cultural reasons and 3. our hygiene practices like washing our hands often, keeping out of the kitchen unless washed and things like these. Financial power center globally will incline further towards India. So cross your fingers and hope for the best.

Sahamati and Account Aggregator Ecosystem

First time I became aware of the consent layer iSPIRT was working on was sometime around late 2016, when my then boss (who happened to meet Nandan during some event they both attended and heard about it from him), asked my keep my eyes on it because this is going to be something really big for Indian digital ecosystem. I scanned to through my contacts and found out that it was work in progress and I will get to know when they are ready. After that conversation I put it in the back-burner.

Then sometime during July 2019, I came across this article and I was eager to find more about the next big thing happening in Indian digital ecosystem so I attended a workshop on Sahamati conducted by iSPIRT in Aug, 2019. In this post I will attempt to explain what all the noise is about, what excites me and my disappointments with this entire venture based on what I know about it through various sources and what I learned in the workshop I attended.

What is an Account Aggregator?

Around the time when I had joined HDFC Bank in 2005, HDFC Bank used to have a product called Oneview. If you happened to have multiple accounts in different banks, you could register for Oneview and provide Netbanking credentials for all the bank accounts and we will do something called “screenscaping” through all those bank’s netbanking sites, use the credential provided by you to show the information available across all these places as a single view.

Then few years later I heard about Yodlee and then Perfios, who were offering similar services to customers or businesses, who needed to access data across multiple bank relationships. Later came multiple other businesses with similar offering and most of them were dependent on screenscaping.

The problem with screenscaping is that every time a bank made any changes to their netbanking pages, it needed changes at aggregator’s end as well. In short if was not a very efficient way of managing access and data and to top it all they were all self regulated. Considering the sensitive information they were accessing RBI decided to come up with guidelines governing these “Account Aggregators”. After these guidelines everyone was confused how to approach this. Nobody knew what to do, not even RBI (based on my conversations with some of the players in the space, who happened to seek clarifications from RBI on this subject matter). Some of these players applied for the license from RBI under AA-NBFC category but there was still confusion, till came Sahamati.

As per the information shared at the time of workshop there were total eight entities who had received in principle approval from RBI to set up AA-NBFC. The names I remember from those 8 are, FinServ (CAMS), FinVu (Cookiejar Technologies), OneMoney (FinSec AA Solutions), Jio Information Solutions, Yodlee Finsoft and National E-governance Services (NeSL).

What is Sahamati?

As their website says: DigiSahamati Foundation is a Collective of Account Aggregator ecosystem set up as a non-Government, private limited company (With the new Companies Act of India, not for profit companies are governed under Section 8).

What Sahamati has built is a consent protocol that is approved by government and a way for customers to legally provide their smart and informed consent to the information user (FIU) for then to use one of the Account Aggregators (AA) to access your data from information providers (FIP).

Representation of flow of consent and information in AA ecosystem (Image Credit: Sahamati)

How it works?

Step 1: Account aggregator will be establishing connectivity with various FIPs like Banks, Mutual Fund AMCs, Insurance Companies, Government Portals like Tax/GST etc (the scope might be extended to non-financial data sources as well, depending on the adoption of the platform). Once that connectivity is established AA will be ready to access the customer information from these institutes.

Step 2: Customers will have to register with one or more of these AAs and link his/her various financial relationships with his profile created on the AA platform. AA will seek one time authentication as prescribed by FIPs from the customer and link the details, upon successful validation.

Step 3: When customer visits the FIU for any service (could be Financial Advisor or Loan Application etc) that requires them to access his/her financial information they will ask the customer to select their AA and provide their consent to access the information to the AA.

Key attributes of consent (Image Source: Sahamati)

Key Attributes of the Consent: The consent given by user will clearly state the duration for which the data is to be pulled, the time period for which the data can be accessed, frequency, revocation allowed or not, access type along with the purpose of the consent. This is to make sure the user is clearly aware of the access being granted and tag the usage of this information along. Use of this information for any other purpose than what is stated in the consent artifact is not allowed.

Step 4: After validating the consent AA will access all the information requested from respective FIPs and transfer it to the FIU in encrypted form. AA will have no access to this information and they will just act as a pass-through.

Why is this the next big thing in Indian Digital Eco-system?

In order to enhance the digital eco-system ownership, access and sharing of data is very important. AAs coupled with consent architecture proposed by Sahamati is a great first step in that direction because it enables seamless transfer of data from FIPs to FIUs, with informed consent of the user, while restricting the use of data thus shared with-in the stated purpose. This is a certain upgrade over sharing photocopies of various statements and other documents at the time of application.

Why am I disappointed?

Imagine you buy a SIM card from Airtel and you are told that with this SIM card you will be able to call only Airtel numbers and not Jio or Vodafone numbers, in order to do that you will have to buy Jio and Vodafone SIM cards. Would you like this scenario.

In the current way it is structured there is no interoperability among these AAs, meaning an FIU or FIP will have to partner with all the AAs to ensure full coverage. It may even mean that customer may end up registering with multiple AAs. Forcing organizations or users to maintain multiple relationships for the same service seems like a very inefficient way of doing something. Imagine multiplication of resources needed to run this kind of set-up, setting aside the inconvenience it would be for all the parties involved. This one problem can prove to be the biggest reason this entire exercise will fail to reach its full potential.

What disappoints me even more is that this comes from same set of people, who proposed UPI, where one of the key strengths of the protocol is the interoperability it offers. This is one of the key aspects, why it could be even called a wallet-killer. If wallets were interoperable, a user would have found lesser motivation to switch to UPI (I am not saying this is the only point of comparison, but in the context of this post I am sticking to this one.) After working of so many years and coming from an independent body, I would have expected this construct to provision for interoperability. We may need to create a new central body for this purpose or assign this responsibility to one of the existing and capable organizations like IDRBT or CERSAI. We may even explore to build this entire thing on blockchain to eliminate the need of having a trusted central body.

In fact I would really be happy to see this entire thing was built on blockchain based trustless architecture and I am sure we have enough capable minds among us to give this a shot and come up with something genuinely innovative and superior than what has been proposed.

EDIT: An error was pointed out by one of our readers regarding the interoperability bit. While what I meant with interoperability was AAs connecting among themselves, there is no need for all FIU and FIP to tie up with all AAs. I am copying below the relevant section from Sahamati website that highlights how it can be achieved.

As an AA, does an AA have to seek out, build partnerships with, and integrate with each new FIP or FIU separately?

No. The AA ecosystem is designed so that each FIP and FIU is enabled to work with every AA in the ecosystem network, rather than only with those with whom they have a bilateral situation. Once any FIP/FIU is certified and added to the Central Registry, any approved AA can connect with them. This Central Registry is akin the DNS server of the internet world.

For any queries regarding Sahamati, one can check out their FAQ page. They also have a very rich blog where they keep publishing about various aspects of AA ecosystem and interesting use cases.

Thoughts on RBI Draft Paper on NUE for Retail Payment Systems

On 10th Feb, 2020 Reserve Bank of India released a paper on ‘draft framework for authorisation of a pan-India New Umbrella Entity (NUE) for Retail Payment Systems’ for public comments. RBI has invited comments from all stakeholders by February 25th, 2020.

In 2005, when I had started my career from HDFC Bank, there were multiple ATM networks active in the country. Apart from Visa and MasterCard, there was one ATM network run by Euronet, where (I think) 16 banks were participating, and there was another operated by FSS (The entity was walled FSS Net), where (I don’t remember the number of banks) were participating. Apart from these some banks were having bilateral arrangements with other banks for sharing of ATM infrastructure. Around the same time another ATM network by the name of NFS was getting active, which was run by IDRBT. Most of the banks slowly started joining NFS network and with time it became the largest domestic ATM network in India. It was about this time, two things happened; control of NFS network was transferred from IDRBT to a newly formed entity called NPCI and RBI had put a stop to all the bilateral ATM sharing arrangements. From this point onward NPCI became the source of almost all the innovations in retail payments starting with RuPay, IMPS, AEPS, APBS to more recent UPI, BHIM, BBPS, eNACH, NCMC and NETC etc. I had been very fortunate to have balcony seat to many of these stories by virtue of being a part of HDFC Bank and then Kotak Bank and Jio Payments Bank.

The journey of NPCI from NFS ATM network to today controlling almost 60% of retail electronic payment transactions by volume (please note that RuPay Credit Card is a very recent phenomenon and numbers there are still dominated by Visa and MasterCard followed by American Express and Diners) has been really exciting and in many ways the best thing to happen to Indian digital payments ecosystem. Having said that the amount of influence NPCI today commands is really dangerous and while NPCI claims to be very open to suggestion and ideas, I have personally seen on many occasions that best idea didn’t win due to various factors.

With introduction of NUE there is a possibility of many more innovative payment solutions to be envisioned and implemented, which are more suitable for Indian audience. This will also make NPCI work even harder to continue doing the good work they have been doing and not become complacent. Few key areas I can clearly see new NUEs to focus on would be building specialized and low cost solutions for business correspondent network, which is the back bone of entire Financial Inclusion story in India and still does not command the attention that it deserves from various larger players in the ecosystem. Another very important area that has been demanding attention and has clearly been mentioned in RBIs paper is remittances. There are so many migrant workers, who earn in Cash and need to send money to their families in their native places. Cash is still the biggest mode of transaction today in India and there is clearly scope to do more.

I will be looking at organizations like Euronet, FSS, AGS, TATA PSL, NSDL on one hand and PineLabs, Innoviti, mSwipe etc to be eager to go for this. One organization that has been at the center of many innovations happening in India iSPIRT to play a key role in all this. My only advice to anyone considering becoming NUE would be to let go of the traditional card protocols (think beyond iso 8583) and go back to drawing board before designing their solutions. In the end payment is all about debiting one account and crediting another, sounds like simple stuff. The key to any solution would be how simple the final offering remains.

This could also be a move in the direction of having specialized entities enabling interoperability for different modes of payments or use cases. For example Billdesk can attempt to become the go to entity for all things bill-payment. Another NUE can appear specializing the interoperability of mobile wallets. As I have mentioned above, there is a clear scope of specialized offering the business correspondent and self help group area, which has been the key to Financial inclusion in India so far. Hell, why cannot even bank branches be interoperable? Can a Kotak customer walk into and SBI branch and get his passbook updated, earning additional revenue for SBI in the process? The possibilities are endless, if we decide to think outside the box.

Few questions, will NUE as private entities be allowed to user Aadhaar authentication? What will be the exact role of NPCI in all this? Will NUEs be allowed to perform other business activities, for example can NSDL continue to offer e-Sign services as part of same business or have to set-up a separate entity, if they decide to go for it? More clarity should emerge after RBI releases final framework after reviewing everyone’s feedback post 25th Feb, 2020.

Financial Inclusion: Past, Present and Future A Technology View

The biggest challenge to financial inclusion situation is that most of the people attempting a solution don’t even have a clear view of the problem. When you solve the problem with clarity of vision, you end up creating an institution like Bandhan Bank and in other cases you end up installing ATM machines in villages, only to realize very soon that cost of operating an ATM in a rural location can never be justified by the value it offers even at 100 percent capacity utilization. During my stint at HDFC Bank, I was leading the solutions for retail payments space, I was also responsible for financial inclusion initiatives. We did many things like Bank on Wheels, installing an entire bank branch including an ATM with biometric (finger print) capability in a bus specially modified for this purpose. Another version of Bank of Wheels was Ultra Small Branch, where we created solution for single man branches operated entirely through a handheld device. The manager would basically carry the entire branch on a bike and travel to dedicated service locations.

Once Wincor-Nixdorf senior management representatives were visiting India to showcase their new hardware to Indian prospects and during the evening meet and greet one of the Germans got into a conversation with me. During the conversation he mentioned that he is really interested in building something for financial inclusion specially for rural India. My answer to him, “Stop selling them ATMs.” The income and spending patterns are very different for rural and urban markets. ATMs are required for a customer base that receives bulk of its income in its bank account and then withdraws what it needs to spend, while when someone earns primarily in cash, they spend in case and then deposit whatever is left of it as savings in their accounts. By the way, this conversation was back in 2011 and a lot would have changed in last 8 years (QR code and UPI were non-existent then for example) still fundamental principal remains the same.

One more point I used to hear often about rural customers that biometric authentication (finger print) is a must have for building any solution for rural customers. Although most of the time their point of view prevailed and we ended up building solutions with biometric authentication however my counter argument to this always has been that a numeric PIN will work as fine. Even if the customer is illiterate he can identify his PIN as combination of symbols, besides if a customer can count money, he can manage his PIN. Who remembers her/his PIN as Five Thousand Three Hundred Ninety One? You always remember it as Five, Three, Nine, One. Introduction of biometric pre-aadhaar meant any solution built for rural was costlier and not viable. Has anyone in any bank ever verified their hypothesis, I doubt. Nobody ever shared any field research in this regard with me.

A lot has changed in last decade. APBS (Aadhaar Payments Bridge) is extensively being used to transfer subsidy directly into beneficiary’s account using Aadhaar mapper. Only credit in my father’s account is cooking gas subsidy. NREGA payments are being credited directly to the account. AePS (Aadhaar enabled Payments System) makes it easy to authenticate customer using Aadhaar. Jio has given mobile data connectivity to anyone who they can get their hands on. Internet in India is cheapest in the world and the connectivity has reach even small villages. PayTM has spend billions to teach people how to transact using mobile phones. G-Pay and PhonePe have used the UPI to create user friendly payment experience for anyone with a bank account (PMJDY gave everyone a bank account, even the ones who were never interested in having one). BharatPe and PayTM are reaching out to smallest of the merchants and on-boarding them on digital payments using QR codes. The people who were not even expected to handle a 4 digit PIN are now scanning QR codes through their mobile phones.

Next big game changer in financial inclusion space according to me will be from mass adoption of speech recognition and voice biometric. Together they have the power to make payments completely invisible thus removing any friction in the process. Imagine an illiterate person in some remote village calls up a designated number of her/his bank and speaks the instructions in her/his native language e.g. “humara phone recharge kar do do sau rupai ka (please recharge my mobile number for 200 rs).” and the bank “identifies” the customer through her/his “mobile number”, “authenticates” the customer through the combination of two factors “what he has?” i.e. his “mobile device” and “who he is?” i.e. his “voice biometric” and reads the instructions from his speech. This simple a transaction experience can really transform the way payment is happening today. Behavioral biometric is another area that can use customer’s way of interaction with the device as password and make authentication experience completely seamless and yet sticking to the two factor authentication process. There are companies working towards making this a reality and this experience is very much possible with the technology available today. There are start-ups like Uniphore and Gnani working on speech and voice biometric and start-up like NeoEyed on the area of behavioral biometric. (In my opinion OTP delivered on my mobile device for a transaction I am performing on the same device is not two factor authentication in true sense, it is “what I have?” i.e. my “mobile device” performed twice.)

BharatQR: Untapped Potential or Lost Opportunity

Officially launched on Feb,2017; BharatQR is world’s first interoperable and low cost acceptance solution, developed by National Payments Corporation of India (NPCI), Mastercard, and Visa.

BharatQR was devised based on the direction set by the Reserve Bank of India (RBI) in September 2016 and its Payments Vision 2018, which outlines innovation, interoperability, and security as the three pillars to facilitate India’s transition to a less–cash society.

BharatQR has two very important benefits. First, consumers will not need to scan different QR codes at the same merchant provided by the different payment networks. Second, merchants will only need to display one QR code at the storefront or through the acquiring bank’s mobile application via UPI, IMPS or Visa/MasterCard/RuPay Cards.

With this one would assume that by now BharatQR must have become the default for on-boarding small merchants specially considering unlike PoS terminals, the cost of acquiring is practically zero for QR case based payments since there is no device to be purchased and managed, no key management, no stationary, not even the cost of telephone line/SIM. With BHIM, PhonePe, Google Pay and PayTM being so popular among consumers for small payments it’s obvious that on paper BharatQR has everything going in its favour to become the leading payment mode. Still the ground reality says another story. Adoption of BharatQR is nowhere even close to BHIM QR (UPI).

To be honest I have so far not come across a single merchant, who is actively using BharatQR as a major payment acceptance method. When BharatPe decided to get into the business, why they chose BHIM QR over BharatQR, given than BharatQR clearly gives them access to much larger number of payment instruments on consumer side, while keeping the merchant side efforts the same?

In my opinion, the reason BHIM is everywhere, while BharatQR is nowhere to be seen is in the way different custodians (NPCI, Visa and MasterCard) have approached the problem. UPI is an open platform where the baseline is defined, improved and maintained by NPCI, while PSPs are free to innovate on top of that layer to create suitable user experience depending on their target consumer base. (By the way, this is where Banks fail miserably, because they don’t clearly know who their target persona is for their digital products. This is a discussion for another post.) NPCI is fine whether customer chooses to use UPI or his RuPay debit card for any payment, in the end an NPCI product is used and customer savings account is debited either way. On the other hand everything about Visa and MasterCard has to follow the card framework, even when it is not the best way in a particular situation.

Based on my many years of interactions with NPCI, Visa and MasterCard, I can clearly say one thing, NPCI is not too hung up on card world. They are ready to explore beyond cards and in fact now RuPay card would be a smaller component of their overall portfolio. In fact even when it comes to cards they are not treating traditional benchmarks and standards as cast in stone and are not afraid of colouring outside the lines. While Visa and MasterCard are always insisting on not touching the core, which restricts the innovators to a large extent because of the constraints of the core offering. BharatQR from Visa perspective is a variation of mVisa, which is built on Visa direct (formerly known as VMT or Visa Money Transfer) primarily built for Card to Card money transfer. Same goes for MasterCard leveraging MMS or MasterCard Money Send. Another handicap for Visa and MasterCard is that unlike UPI, they do not have someone called PSP (the role played by Google Pay, PhonePe, BharatPe etc) and are completely dependent on acquiring banks to push the product. As I have mentioned again and again banks are not the innovators.

How many of you know that your Visa, MasterCard and even American Express card would work at BharatQR? Have any of you received any communication from your banks regarding how to go about it? Two of the banks I have worked for in the past and am their customer HDFC Bank offers BharatQR scanning through their PayZapp app and Kotak Mahindra Bank offers it through their mobile banking app. Most of the banks participate in this program however none of them seem to have put in any significant effort to make sure it is adopted at a scale.

I tried to find BharatQR numbers through various sources however I couldn’t find any credible source reporting these numbers separately. While everyone talks about UPI success story in my opinion a large part of that story is because of BHIM QR. It wouldn’t be an exaggeration to say that entire P2M story of UPI is heavily dependent on BHIM QR. This also shows how much of a missed opportunity it is for the card schemes like Visa and MasterCard. NPCI is fine whether it’s UPI or RuPay card being used for payments. Visa and MasterCard are clearly missing out on this new wave of digital payments. During my research I found that NPCI and Visa websites at least have dedicated space to talk about BharatQR, however I could not find anything regarding same on MasterCard website. Looks like Visa is at least still trying, while MasterCard has already given up.

What needs to be done? From long term perspective, the answer is very clear. May be it is right time for Visa and MasterCard to reinvent the wheel. Think beyond traditional card framework and build something suitable for mobile first world from scratch. (I am hoping there are teams already working on this mandate internally in both these organizations). For short term, Visa and MasterCard need to put extra effort to handhold organizations like BharatPe, Khata Book and OK Credit etc to ensure they adopt to BharatQR standards for their merchant base. Visa and MasterCard both have their payment gateway business Cyber Source and MPGS respectively, integrate BharatQR there even if it is to create sample cases to showcase how easy it is to adopt BharatQR for payment providers. Lastly instead of telling merchants to get in touch with their acquirers if they want to adopt BharatQR, do it for them (at least in the beginning).

State of Fintech in India


First thing first, “what is Fintech?” Well, my definition is very simple, “a financial services organization that runs their builds and manages their own technology stack. Specially the components that are mission critical for their business.”

Why is this an advantage? Almost all the incumbents rely on outsourcing or licensing technology from various technology companies who had built their flagship products 20–30 years back and their latest iterations of these products are modifications on those age old products thus not abreast with contemporary needs. Having control over the technology stack gives Fintechs the advantage to move at a much faster pace to the changing needs of the market.

One might come across many start-ups claiming to be Fintech without even having an in-house technology team. In my opinion they are not Fintech and in long run they will not be able to deliver to their promise in long run.

In simple words, “Only advantage an start-up has over any incumbents is speed.” Rest everything can be matched by bigger competitors by virtue of having access to more resources than you.

Having established above, let me spend some time on the biggest flaw with the current situation. Manufacturers of Financial services products create a product and then go out in the market hunting for customers who fit their product. No wonder except for savings account and payments, no other FS product touches more than 15% of Indian population. The credit for payments services being used by larger populace goes to the fact that it is essential, even then still 80% of transactions happen in Cash.


The most used and talked about financial service is Payments. Without getting into too much dissection of the market let me directly rush into my vision for the future of Payments. RBI is contemplating regulating payment processors, once such regulation is implemented it will pave way for opening up the payment market from the clutches of banks. Banks do not deserve to be at the center of Payments for they have done very little in last so many years and they still seem clueless in terms of how to approach this.

Considering how every new business puts so much emphasis on UX, it is inevitable when every big merchant will want to create and the payment experience in their ecosystem, and the signs of same are already visible in the form of Amazon Pay, Ola Money etc. With increasing adoption of APIs it is going to be easier to do so even for medium sized merchants as well. UPI has already made it clear, what happens when you democratize innovation by opening up core functions in the form of APIs.

In my opinion in coming years, most of the bigger merchants will replace their payment processors with in-house offering, leaving these players to work with small and medium merchant base, thus invariably forcing them to look for alternate sources of revenues. While most of the payment processors are already exploring lending as an option, they need to think beyond. So far none of the payment processors have explored exploiting the network effect, for example turning their platform into a B2B marketplace or a value discovery platform.

UPI has also made another thing very clear, while merchants have clear focus on UX, banks on the other hand do not care. Compare the UPI experiences built by any consumer tech company vs what is offered by banks and you will know the answer.

I recently was talking to a very senior person in one of the top private sector banks regarding the sub-standard UPI experience offered by their app and his reply was but we do not get too many UPI transaction through that app anyway. Well, you may have gotten more transactions had you cared even tiny bit about the user experience.

To be honest, I am certain that most of the banks do not have dedicated functions focused on UX and even if they realize its importance and decide to set up such functions they would be scratching their heads on where exactly in their overall hierarchy they should position this team.


India so far has been dominated by savings product with really small part of population having access to credit, due to strict qualification criteria of banks and large NBFCs. Entire credit card industry caters to same ~20 million customers. All the new pay later players like Zest Money, Lazy Pay, Ola Postpaid etc are working towards curating the future credit card customer base. I believe restricting only banks to issue credit cards is not right. While many NBFCs have started issuing credit cards (in partnership with Banks) or CC equivalent products to customers, I believe RBI should start allowing NBFCs also to issue credit cards. In short, I think credit card story is yet to play out in India and this is the right time for it to pick up pace.

Most of the users of postpaid/pay later I know use it because of the convenience it offers than anything else, meaning the moment same convenience is matched by other methods (risk based authentication, are you listening RBI?). Besides this can only be a good tool for customer acquisition while all these players have to come up with alternate business model.

The start-ups I will be keeping a close eye on are the likes of Khata Book and OK Credit. The only right way to lend is to have a first hand clear view of the finances of the borrowers and have a recovery strategy as per the income schedule rather than trying to standardize the same. Non-standard products with non-standard schedules are very much possible with technology available today. Just one suggestion, build your own LMS.

P2P lending is still at very nascent stage and has to find cost efficient ways to grow lender base and distribution at scale.


Insurance is very low contact business. Customers hear from their insurers only once a year under normal circumstances, i.e. to collect payments from the customers when renewal is due. On the other occasions when a customer needs to get in touch with the insurer is when the customer is going through extreme, high stress situation. Under that situation even the smallest miss-up from the insurer’s side can prove to be fatal not only for that one specific relationship but also for the reputation of entire industry.

While most of the efforts in insurance sector is focused on solving the sales problem, the only way to address the above critical problem is to innovate on the service side and considering the nature of this business it cannot the manufactures in their current form. The only ways to address this service problem is to either change the entire DNA of manufacturers (Start-ups like Acko and Toffee are trying the same) or leave it to third parties, who have a higher engagement relationship with the customer. I have few thoughts around this, which I would keep for a more focused and detailed analysis maybe for a later post or discussion.

Just to give you an example of how much insurers care about their customers, my health insurer, whom I have been with for 3 years now, has a free annual health check up as part of the policy however so far in no ways they have communicated with me regarding the same. If only they cared to make the customer feel cared for, since that is the hook entire insurance industry uses to sell their products. I mean SMS code for a leading insurer used to be PAPA. There is a reason entire insurance industry relies on invoking extreme human emotions to sell their products.

Wealth Management

There are many start-ups that can be clubbed under this category. Personal Finance Managers, Expense Managers, Brokerages etc can all be filed under this category. However most of the start-ups in this category are focusing on selling direct mutual funds. PayTM entering in this business with PayTM money is a reason for worry for all the other start-ups. With PayTM’s deep pockets they can continue to offer this for free for a long period of time, while others doing the same have to soon find out a way to make money, with no commission income and customers skeptical to pay for the advice it’s very difficult to generate revenue. The one company in this space I am keenly observing is ET Money, they have all the necessary elements in place, if they connect the dots in the right way they can really become the breakout performers in this space. With this space I mean, a low cost automated personal financial adviser for Indian middle class.

One clear trend I see emerging in the sector is Banks, who by virtue of being custodians of customer’s money used to have significant control over other financial decisions thus sale of third party products contributing to a significant source of their revenue. Banks in last so many years have done such bad job in selling other financial products to customers by prioritizing their interests over customer’s that large customer base is now losing faith on their banks. The direct result of this will be a clear reduction in size of customer’s relationship with their respective banks. The funny part in all this is that with the kind of resources and customer data banks have access to they should have been the first to figure out a way to serve their customers better but they continue to fail miserably.