ICICI Launches Twitter Payments Service
Icicibankpay Secured by Authentication, Encryption India's ICICI Bank has launched a new payments service, icicibankPay, which enables customers to conduct 24/7 instant funds transfers by selecting recipients from their Twitter friends list.See Also: OnDemand | Everything You Can Do to Fight Social Engineering and Phishing
In launching this new mobile, banking program, the private sector bank (with assets totalling US$124.76 billion) says this is the first Asia-based Twitter-based fund transfer service.
"It's yet another avenue for our customers, allowing them to bank while they are on social media, an innovation in line with our philosophy of 'khayaal aapka,' to enable them to experience easy banking with convenience." says Rajiv Sabharwal, executive director, ICICI Bank,
But in a world rife with banking fraud, can icicibankPay ensure secure transactions? Yes, says Subhash Subramaniam, ICICI Bank's chief information security officer, who is confident in the service's stringent security controls, including authentication and encryption.
"This platform's enabled us to adapt to the government of India's scheme of reaching out to the masses by introducing new channels of transactions," Subramaniam says.
A Novel Approach to Banking
Twitter-based services are a recent phenomenon, and larger banks such as State Bank of India and HDFC have launched similar programs recently. One of the drivers of the social media trend is the growing prominence of Gen Y, empowering the younger population with an advanced user experience and simplified payments.
SBI, in launching its service, said the aim is to target the tech-savvy young generation that connects better via this channel, and to leverage banks' products and services around the clock.
A World Retail Banking report recently released by Capgemini and Efma emphasizes the need for banks to embrace an omni-channel approach to delivering services, ensuring a seamless and unified customer experience through all channels. It said more than 90 percent of banks worldwide plan to position social media as a platform for information and customer service. Banks are still figuring out the right mix of social media banking functionalities, as this is in a nascent stage.
ICICI Bank claims it's the first in Asia to offer a Twitter-based fund transfer service. According to ICICI, any ICICI bank savings account customer, who has a mobile number registered with the bank and a Twitter account, can use icicibankpay. "Customers can send money to anyone in India even if the recipient does not have an ICICI Bank savings account," says Subramaniam.
The user must subscribe to the bank's Twitter feed and register by sending a direct message with the registered mobile number. For fund transfers, the sender must know the beneficiary's Twitter handle. The sender gets an SMS with a unique code after the transfer; the beneficiary must enter it on the special webpage set up to complete the transaction.
Subramaniam says the bank uses the National Electronic Funds Transfer or Real Time Gross Settlement for the transfer and will soon integrate IMPS platform supported by National Payment Corporation of India.
Security Controls
Most banks are cautious about such social media services because of inherent security challenges, including data privacy, regulations and evolving customer demands. However, ICICI's Subramaniam confirms that the initiative complies with all the regulatory requirements of two-factor authentication.
Like any mobile banking services, icicibankpay also has transaction limits, the upper limit being Rs 10,000 via Twitter. The bank will not charge for such fund transfers.
Security controls include:
- Encryption tools for communication process;,
- All transfers require a four-digit redemption passcode sent to the customer's registered mobile, valid for usage within three days of creating the request;
- The beneficiary also receives a Tweet from the bank with the link of its website as an authentication process;
- To receive money, the recipient has to click on the link sent by the bank, which will demand a verification of the party's Twitter account along with name, account number, IFSC code of the account and the four digit passcode from the sender;
- The site is monitored by a team of experts for phishing 24x7 and managed by a digital channel team to detect discrepancies.
Additionally, Subramaniam says, the security team has placed industry-leading controls to protect customer data. "Before launching it, we created a simulated environment using all security tools and a combination of all devices and all operating systems as part of the testing process," he says. "The idea was to ensure no scope for human error in the entire process."
Mumbai-based N D Kundu, chief information security officer at Bank of Baroda, doesn't see a major security challenge for icicibankpay. Rather, he expects the team to have designed the model with fool-proof security built-in.
"To have additional layers, banks are also going in for multi-factor authentication tools, 3D secure systems at the payment gateway level and effective PKIs," Kundu says.
Measuring Success
Subramaniam sees the opportunity for the bank to extend its services to customers across the country and leverage the social connect, buoyed by the success ratio of its Facebook-based fund transfer service launched a year ago, which fetched 30,000 active Facebook users.
The bank claims it has 2.8 million registered mobile banking users, 15 million internet banking users and a huge team working on digital banking.
Subramaniam expects the model to fetch good business and double-digit growth.
Security experts believe that customer awareness will make the program successful.
"Although SBI launched this service some time back, it was purely on an experimental basis without much push," says Bank of Baroda's Kundu. "Maybe SBI's platform was not completely ready for the volume of transaction."
ICICI Bank has had success with its earlier social media payment service model and its secure payment initiatives, Kundu adds. "I don't see why the platform cannot fetch positive results."