A lot has been debated about the authentication arbitrage that Wallets have over bank accounts and that the revised PPI Guidelines should require wallets too to have 2FA. At the same time there has been talk of waiving 2FA for cards with NFC - for up to Rs. 2000.
As the industry awaits RBI's new guidelines, here are some thoughts on how one could streamline the whole process and provide a consistent experience to the consumer - so that the consumer can enjoy the convenience without being mandated to. The reality is money is money - and the fact that I'm using it via a wallet or a card should not make it less or more precious to me - and I should feel safe transacting with it digitally. I for one hope the new guidelines will take this into account (no pun intended).
Traditionally we have always assumed that Security and Convenience are at loggerheads with one another! This has traditionally been the case but no longer has to be true.
In other words can we make security convenient?
Security and convenience are often seen as contradictory - but if done right can surely get the best of both worlds!
Some key recommendations for 2FA Guidelines:
1) Fix a limit above which 2FA is mandatory across ALL transactions. Let's nominally assume that limit is Rs. 2000. This also means that for all transactions above this amount, lack of 2FA means the user can raise a chargeback.
2) Below that amount, allow users to specify rules below which they do not want 2FA - it is after all the consumer's money - so let him decide.
3) These rules can be on a per transaction basis, per merchant basis (eg. Ola/Uber) etc. The flexibility that one bank or wallet provider gives me over another provider is what makes me choose one over the other.
4) Whenever I am specifying a mandate, take a 2FA from me and make me accept explicitly, so that I understand what I am doing.
5) At any point in time, I must be able to view all mandates and revoke the mandate with one click.
All of these features are expected to come in UPI 2.0 with e-Mandates - its best to unify all payment methods under the same.
So for example I might say:
These kinds of features are what are required to reduce the friction from digital transactions while adding enough security to protect the consumer and to give them the confidence to use digital payments more frequently.
Notice that in none of the above examples, does the payment instrument matter - its purely how the user thinks about their money and trust with certain merchants over others.
Last but not least it would be great to have ALL payment instruments (Credit, Debit, Prepaid, Wallets) on the UPI inter-operable platform - and thereby have a consistent experience for all - and open it up to all parties in an interoperable manner.
A level playing field with consistent interpretation across all forms of payment is necessary - this is the only way consumers will clearly understand what their risks are and make considered judgements on how to interpret the rules.
The common enemy is after-all cash - which has NO friction or protection!
About the Author -
Sanjay Swamy is an Entrepreneur & Early-Stage Fintech Investor! #DigitalPayments & #Financial Services Fanatic! #IndiaStack_Evangelist!
This article was originally published on Linkedin
This Women’s Day I Tweeted about a couple of amazing nuggets I had taken away nearly ten years ago from …
Read MoreI read with excitement about the launch of BharatQR - a common format QR code for payment acceptance. My excitement …
Read MoreIf you believe you are building the next big thing, let’s make it happen.