The Telecom Regulatory Authority of India (TRAI) has issued new regulations on mobile banking to ensure faster and reliable communication for enabling banking through mobile phones. It has prescribed norms for telcos for facilitating communication related to banking and parameters for quality of service.

We believe that these regulations were long due, and would specially benefit online transactions, since they require an OTP (one time password), which is delivered through mobile networks. At times, the non-delivery of these transactional messages lead to failed transactions. It all depends on how service providers make changes to abide by these regulations.

Here are some of the highlights of the TRAI regulations on Mobile Banking:

On mode of delivery & time frame

– Every Access Provider acting as a bearer, needs to facilitate banks to use SMS (Text Messages), USSD (Unstructured Supplementary Service Data) and IVR (Interactive Voice Response) to provide banking services to its customers. Access providers can also optionally allow banks to use WAP or STK (SIM Application Toolkit) to provide banking services to their customers.

– The bank generated message should be delivered to the customer by the access provider within a prescribed time frame of less than or equal to 10 seconds for SMS, IVR, WAP and STK and less than or equal to two seconds for USSD. In case SMS is used for the transaction, the access provider should ensure that the message is treated as a transactional message and is sent through separate telecom resources. In addition, the access provider also needs to ensure that a report confirming the delivery of the message is sent to the customer or the bank or send an USSD communication to the customer confirming the completion of the transaction, in case the SMS is not delivered to the customer due to any network or handset related issues.

– The access provider should ensure that the customer is able to complete basic services like cash deposit, cash withdrawal, money transfer and balance enquiry, in not more than two stages of message transmission, in case of SMS, or not more than two stage of options in case of USSD and IVR.

On Quality of service

– Service providers should ensure to meet the quality of service standards as specified by TRAI for cellular mobile telephone service. The regulation mandates access providers to maintain a 99.5% success rate in delivering financial transactional messages and time taken to deliver either error or success confirmation message should be less than two minutes for 99.5% of the messages. However, there should be 100% transaction update in the system.

On Security

– Every Access Provider is mandated to protect the privacy and security of m-banking communications and ensure the confidentiality of end-to-end encryption, integrity, authentication and non-repudiation of such communication i.e. message sender cannot later deny having sent the message and the recipient cannot deny having received the message.

– Every Access Provider should maintain a complete and accurate record of mobile banking transaction messages for six months for audit purposes.