Community

Nice post. India's UIDAI provides more-or-less the kind of KYC you've described. Its biometric-enabled Aadhaar Card / Number is used widely by companies in TELCO, BFSI and other industries to carry out KYC for various products and services.

That said, the first issue listed by you - How do you agree to one set of minimum due diligence requirements? - is quite a serious issue: One TELCO needs Aadhaar only for full KYC; another TELCO needs Aadhaar and at least one more artefact for Proof of Identity / Proof of Address (e.g. PAN card, Drivers License); most banks require Aadhaar and one more artefact; fintech PayTM requires you to visit a physical agent to authenticate Aadhaar whereas most banks don't.

End of the day, despite Aadhaar, the pain of having to do KYC multiple times to avail oneself of multiple services has not gone away. (Aadhaar is on a traditional, centralized database architecture but I doubt if Blockchain will make any difference in this specific regard.)

@ShajuNair: 

TY for your kind words. 

I'm a heavy user of credit card. I enjoy all the benefits of credit card when I use Method 1 to pay by PayTM without prefunding the wallet e.g. rewards, deferred payment, superior fraud protection. These benefits are not provided by with A2A EFT payment methods like UPI, IMPS, Venmo, etc. In addition, A2A has many disadvantages e.g. nonrepudiation, no proof of receipt, zero fraud protection. I don't see any reason to switch from credit card - directly or via PayTM - to any of these A2A EFTs. But, while saying that, I recognize that I belong to the very tiny minority of 40M people in India who have a credit card. 

After the episode with PayTM, I do have angst about keeping my credit card on file with PayTM. Like I've written, "I started wondering, if PayTM fools around with my wallet today, what will it do with my cards on file tomorrow."

Factors aiding PayTM use are VC Subsidy and Superior CX; and factors inhibiting PayTM use are erosion of trust and more onerous KYC requirements post 1 March 2018. A2A EFT doesn't play any role in my decision to make more or less use of PayTM.

Ironically, UPI and other A2A EFTs were expected to kill PayTM but, as per latest figures, PayTM is the biggest contributor of UPI transaction volumes.

In his blog post of yesterday, Mark Zuckerberg listed the steps Facebook is taking in order to prevent another Cambridge Analytica-type of misuse of data from happening in future e.g. automatically block off data to 3rd party apps not used by users for 3 months or more. Curious to know how Open Banking founding organization proposes to prevent a CA-type of misuse from happening with banking data sourced under the provisions of PSD2 / Open Banking. As I've said before, banks are not up to this task.

The Facebook-Cambridge Analytica fracas is a big threat to mainstream adoption of Open Banking. If self-proclaimed tech company Facebook can’t ensure that third party apps comply with its own rules for data usage, how will banks that merely "want to be a tech company” ensure that third party fintech apps comply with third party Open Banking rules for data usage?

It's relatively easy to ensure that 3rd party apps only have access to information that they should have. However, the crux of the FB-CA scandal is not with respect to access of data - it was legitimately sourced - but with use of that data. FB's policy forbids the 3rd party app from selling the data. But 3rd party did sell that data. I don't know of any technology or certification available today that can enforce that rule. FB couldn't and didn't. Banks won't be, either. Even ex-post facto when FB learned that 3rd party had violated its "no resale" rule and FB sent a legal notice to tell 3rd party to delete the data, 3rd party apparently lied that it had deleted the data but hadn't. No way FB could verify that claim. No way banks will be able to verify such a claim if made by 3rd party fintech apps, either.

The FB-CA scandal underscores my previously-expressed concern: But what about keeping customer's data secure from first party i.e. itself?

Agreed. I've said before, I'll say it again, value proposition is key to adoption of Open Banking. But, more than GDPR or Consumer Apathy, the recent Facebook-Cambridge Analytica debacle is a bigger threat to adoption of Open Banking. If self-proclaimed tech company Facebook can’t ensure that third party apps comply with its own rules for data usage, how will banks that merely "want to be a tech company” ensure that third party fintech apps comply with third party Open Banking rules for data usage?

Self-proclaimed tech company Facebook can’t ensure that third party apps comply with its own rules for data usage. How will banks that "want to be a tech company” ensure that third party fintech apps comply with third party Open Banking rules for data usage? I think the FB-Cambridge Analytica debacle is going to push out Open Banking by several years.

Banks have definitely overcome their legacy tech debt - if that's a debt. Not sure whether it's because they have great ideas and / or great people but it's banks with legacy tech that have accelerated change by introducing many of the pathbreaking innovations over the years e.g. Credit Card, ATM, MBS, CDO, CDS, and Algo Trading. If that sounds counterintuitive, it's only because parties with vested interests have tried to create a link between innovation capability and open systems. In reality, as many banks have shown, this link is highly tenuous. Capability to innovate is driven by many more factors than just whether a bank uses mainframe or open systems. Open systems purveyors may have better success with their legacy migration offerings if they appreciated Why Banks Can't Transform Legacy Applications and recast their pitch and offerings accordingly.

Sorry but your timescales are off by 10 years, if not more. I've personally sold truckloads of computers to Indian PSBs (Public Sector Banks) as far back as 1988 and many of my coworkers were doing that at least for 5 years before that i.e. since 1983. This included standalone and networked PCs for ALPM (Advanced Ledger Posting Machine), EAM (Electronic Accounting Machine), SWIFT Gateway, and Mini Computers for TBA (Total Branch Automation), which was the precursor for CBS. All of these were transaction processing applications, not just data collection / analysis. I'm not even counting the few Mainframes and high-powered RISC Mini Computers bought by Indian PSBs for ATM Switch, Credit Card Management and Project Finance Appraisal applications.