The Punjab National Bank is already using biometric devices in branches for users’ authentication and it is also evaluating options for extending the reach of eKYC requirements to the doorstep of the prospect / customer through suitable biometric solutions, says Rakesh Kumar, General Manager – IT, Punjab National Bank, in conversation with Poulami Chakraborty of Elets News Network (ENN)
What role does a CTO play for business development of a financial institution?
As a Chief Technology Officer, we act as a catalyst for business development of the financial institution by aligning technology in line with the business goals in multiple ways. A CTO brings in operational efficiency through automation of various manual processes and thereby improving customer convenience and satisfaction, which leads to business development.
He ensures business development by introducing digital products through innovative solutions and by ensuring cost-effectiveness in technology. They act as a guide to the various business heads in adapting changes brought about by technology.
How do you perceive tech implementation in the Indian financial institutions?
The technology implementation that started with Partial Branch Automation has now moved on to usage of centralised banking solutions in almost all banks. It was followed by aligning the alternate delivery channels like ATMs, internet banking, mobile banking, etc., with the CBS allowing banks to reap benefits of core banking. The next wave of tech implementation brought about the usage of concepts like automation of backups, putting in place cyber security operations centre, cloud services etc.
Currently, many of the Indian financial institutions are on the top end of the technology curve and looking to implement new-age solutions, like aligning their systems with Service Oriented Architecture, publishing API’s for faster delivery, going in for completely digital branches with minimal human support, etc.
Technology adoption in the Indian financial institutions is evolving and with latest concepts like block-chain already on the Indian tech horizon, the technology implementation in this sector is poised to take a leap to the next level and be on par with the international peers.
What technologies have been adopted for internal operations within your institution?
We’ve adopted a centralised architecture for the core banking and related applications, which is accessible over the Wide Area Network. To mitigate network and security-related vulnerabilities, all the applications are installed in three-tier architecture, i.e. web server, application server and database server. These servers are behind firewalls and Intrusion Prevention Systems, and access lists are configured on routers. The traffic is encrypted between the data centre and the branch users. A mix of RISC (Reduced Instruction Set Computer) and X86 make-servers are being used. The development platform is both Java and Net Bank, having Security Operation Centre (SOC) and Network operation Centre (NOC). Also, the Bank is following change management process and having real-time network and application monitoring system.
What sort of challenges does convergence of social media, mobile banking and cloud pose for the banking sector?
These include the security, turnaround time for response, the impact of negative comments and analysis of unstructured data/information. Applications across different mobile devices are working on different platforms, data management, etc. Mobile applications pose greater challenges associated with application security, governance and version management. Challenges in the cloud include building appropriate Service Level Agreements, increase in recurring cost, challenges in using the surplus manpower on migration to cloud, audit, and availability of suitable professionals on the rolls of the outsourced service providers to manage the cloud.
How are you addressing those challenges?
The challenges are addressed through structured processes for outsourcing, vendor selection, technical evaluations, peer communications, inputs from advisors/ consultants and vendor interactions, evaluating responses and evaluation based on a structured process, price discovery, through reverse auction or otherwise, site visits and third party audits, among others.
With various payment applications becoming trendy, is mobile-based transactions under threat?
Non-banking mobile/payment, service providers and customer service points are also offering payments services like bill payments, recharge, funds transfers, etc. These types of transactions are allowed up to a certain limit without insisting on KYC facilities.
However, the untapped market is very huge and that’s why NPCI has started the implementation of Unified Pay-ment Interface. This will ultimately lead to reduction in usage of cash /cheque for transactions.
Is PNB mulling adapting technologies, such as biometrics, to authenticate users’ identity? PNB is already using biometric devices in branches for users’ authentication for the Core Banking Solutions. We are also evaluating options for extending the reach of the eKYC requirements to the doorstep of prospect / customer through suitable biometric solutions. For this, the mobile devices used by the prospect / customer also need to be biometric enabled. PNB is using Aadhar-based eKYC services and further integration with e-Sign, to be utilised from the customer locations for providing various services. What kind of security mechanism is required to make mobile banking applications foolproof?
Security policy for end-point devices, device binding, mobile device management, password controls, log on procedures, anti-malware protection, Risk Based Adaptive Authentication Systems with OTPs are some of the security mechanisms to make mobile banking applications relatively foolproof.
Technology adoption in the Indian financial institutions is evolving and with latest concepts like block-chain already on the Indian tech horizon, the technology implementation is set take a leap
Please share your thoughts on the Unified Payment Interface (UPI)?
Can it address the security concerns linked to payments and banking m-applications? The UPI is going to be the game changer and may change the landscape for remittance and payment facilities. The unified payment service will open up the frontiers to the customer to use different channels of different banks and will help in moving towards a cashless society.UPI would be a transformational product and further the cause for building a society, which is ‘less-cash’ and more ‘digital’ in nature.
Further, there will be premium services and consolidation among the service providers and withering out of inefficient service providers.
The fact that users need not share their account-related details at any stage and all transactions are based only on the Virtual ID concept, makes this a much safer system from the customer point of view. However, there will still be a need for strong and resilient re-conciliation and fraud prevention systems besides customer support.