A recent seemingly radical decision by the RBI to enforce PIN based transactions on all credit/debit cards has brought up much discussion about payment mechanisms. Although the concept is correct and the need is very real (specially considering that India is growing in terms of banking/credit fraud), the execution of the ruling has been hackneyed. Most banks have chosen to implement it by re-issuing existing cards and making it mandatory for all transactions to be PIN based , including Debit cards. However the banks have either forgotten or chosen to ignore that for Debit cards, the PIN also serves as the ATM PIN. This means that one would have to share the ATM pin with strangers, which would not be advisable.
The bigger problem lies in the fact that the reasons for the ruling and the exact procedure of PIN based cards has not been explained properly. The usage of PINs ensure that only the owner of the card can use the card and creating clones of the card would fail, unlike in magnetic stripe mechanisms. However most POS operators are unaware that now the PIN serves as authentication, not a signature on the receipt. Further, most POS devices work on land lines which means that getting the customer to enter the PIN in front of the cashier defeats the very purpose of trying to create a Chinese wall between customer and recipient.
Banks can use multiple mechanisms to avoid. A simple mechanism would be to allow Debit card holders to have 2 separate PINs – one for ATM withdrawals and one for transactions/online purchases. However I am not sure as to the extent of modification required in existing banking softwares and whether it can be implemented for issued cards. Another option is to provide OTPs(One Time Passwords) through the mobile services or Mobile Apps. However with smartphone batteries not being that reliable, one would hate to be stuck on payment because of delay in receiving the message or not being able to use the phone.
In India, a few companies have been trying to beat the payment problems. Unlike the US/Europe where card penetration is much higher and systems (phone/data) are much smoother, there are multiple hassles in India. Firstly financial systems are still under utilized and are available for < 10 % of our population. Credit/Debit card penetration and usage is even lower. In such a scenario, payment systems have to acknowledge the existing problems and also account for the future.
Flipkart is trying to launch PayZippy but it seems to be a simple version of saving your card details , much like Amazon saving them. The only difference is that they plan to tie up with different providers so Pay Zippy can be provided as an option during payment. My concerns with a third party holding financial data about myself is that they can access my usage patterns,my current financial status and my purchases. Its bad enough that the data is shared with financial providers who can/might sell it to others. Its worse that Flipkart is getting access to financial data across multiple cards. Not something I am comfortable with, from a data safety perspective .
An interesting article I read today has the infographic shared above. It describes how banks are losing out to e-commerce firms and startups while creating payment systems. This is also true when it comes to the Government. In a sense, the responsibility of Data privacy lies with the government. Ideally, part of the inclusive banking mandata should include creation of tools to make financial access easier. This includes both payment mechanisms and tools on the lines of Payzippy. Introduction of the Government will also help drive investment into a sector which has faced many hurdles in the past. Flawless integration with the Aadhaar card might also make payments a much better process. The only issue with the Aadhaar card is that it seems to be a populist measure aimed more at buying votes through subsidies rather than improving the lives of the masses. Until a clear data privacy and security policy is enabled in India, it will be worrisome to trust the Government or private parties with our data, be it financial or purchase patterns .