Day 23

Ashwani Prakash Srivastava Saturday, April 10, 2021

Digital Financial Tools 

With the world still mired in an unprecedented pandemic and social distancing the new norm, people find themselves adjusting the “old way” of handling everyday tasks in order to stay safe.


Banking and financial services transactions are no exception, and now is as good a time as ever to find easy, fast and safe ways to bank.

Here are a few tools to consider trying that are easy and safe to use.

Online Banking
Many financial transactions can be handled from the comfort of your home by setting up an online account with your bank.

Online banking allows you to access and manage accounts 24 hours a day, so you can handle transactions on your own timeline, while also being able to monitor closely for suspicious transactions. You can transfer funds seamlessly, set up online statements to enhance security and pay bills without having to make a trip to the mailbox. It also enables you to be able to view past statements and download them whenever you may need.

Online banking can also be an invaluable tool for small businesses that may’ve previously handled transactions in-person. Many banks offer a variety of services for businesses via online portals, including reporting, the ability to make and collect payments and even apply for loans.

Mobile Banking
Step it up another notch by downloading your bank’s mobile app, enabling you to deposit checks anytime with the use of your phone’s camera, saving you a trip to the branch or ATM. Banking mobile apps provide an added layer of security by using biometric data or two-factor authentication methods in order to access accounts.

Many banks offer services like Zelle®, allowing you to instantly send and receive payments with people you trust, like a socially distant gift for that recent graduate in your life. Mobile apps also offer the ability to pay your mortgage and credit cards, check your credit score and even set up alerts for account activity, security and bill pay notifications.

Some financial institutions also offer mobile apps – such as WSFS Bank’s myWSFS app – that allow you to connect directly with a live banker to assist with all your banking needs. Select a banker that you think is the best fit for you and get personalized assistance on everything from a lost debit card to how to find the right mortgage.

Businesses can also benefit from banking mobile apps, which allow them to stay on top of cash flow in an ever-changing environment and even approve transfers, wires and ACH payments on the go.

Contactless Payments
Many banks now provide you with contactless debit and credit cards, which enable you to make safe, secure purchases while minimizing the amount of contact needed at card readers. Just tap your contactless card to the machine and you’re on your way.

You can also link your accounts to digital payment platforms like Apple Pay and other digital wallets, allowing your mobile device to take the place of a debit or credit card for even more contactless purchases.

Smart ATMs
With social distancing measures in place, many find themselves trying to avoid contact with highly trafficked areas. Smart ATMs allow you to get your cash from a supported ATM in a safe and secure manner while making minimum contact with the machine itself.

OTP (one-time password)
A one-time password or passcode (OTP) is a string of characters or numbers that authenticates a user for a single login attempt or transaction. An algorithm generates a unique value for each one-time password by factoring in contextual information, like time-based data or previous login events.

When authenticating users, companies have to keep three independent factors to keep in mind:

  1. Knowledge. Things the user knows, like a password, PIN, or security question answer.
  2. Possession. Things the user has, such as a token, credit card, or phone.
  3. Biometric. Things that identify the user uniquely, like fingerprints or behavioral data.

What are the benefits of One-Time Passwords (OTPs)?

Now that you know what OTPs are, let’s examine how they keep businesses secure.

  • Resistance to replay attacks: OTP authentication provides distinct advantages over using static passwords alone. Unlike traditional passwords, OTPs aren’t vulnerable to replay attacks—where a hacker intercepts a transmission of data (like a user submitting their password), records it, and uses it to gain access to the system or account themselves. When a user gains access to their account using an OTP, the code becomes invalid, and therefore can’t be repurposed by attackers.
  • Difficult to guess: OTPs are often generated with algorithms that make use of randomness. This makes it difficult for attackers to successfully guess and use them. OTPs may be valid only for short periods of time, require the user to have knowledge of a previous OTP, or provide the user with a challenge (e.g., “please enter the second and fifth number”). All of these measures further reduce an environment’s attack surface when compared to password-only authentication.
  • Reduced risk when passwords are compromised: Users that don’t adopt strong security practices tend to recycle the same credentials across different accounts. If these credentials are leaked or otherwise fall into the wrong hands, stolen data and fraud are significant threats to the user on every front. OTP security helps to prevent access breaches, even if an attacker has obtained a valid set of login credentials.
  • Easy adoption: One-time passcodes are also easy for organizations to integrate into their authentication strategies. While the cryptic nature of these codes makes them difficult for people to memorize, phones, tokens, and other technologies are widely accessible for security teams to use and distribute to their employees.

Which authentication methods are the best?

Not all methods are created equal. Implementing any form of MFA marks an improvement over using passwords alone, but each authentication factor offers different degrees of protection. We’ve got some recommendations that’ll help you avoid vulnerabilities.

SMS authentication might be more convenient, but is less secure

We know from our day-to-day lives just how easy it is to communicate through SMS. It makes sense, then, that many companies and service providers have implemented SMS OTP as a second form of identity verification.

Unfortunately, SMS OTP is open to several lines of attack, including:

  • SIM swapping and hacking: Your SIM card tells your phone which carrier to connect to, and what phone number to connect with. In a SIM swap attack, a threat actor convinces your carrier to switch your number to a SIM that they own. As a result, they can access all the SMS OTP messages synced to your accounts.
  • Account takeover: Many wireless providers let users view text messages within their web portal. If your online account for the web portal is protected only by a weak or common password, an attacker can breach this account and access any SMS OTP messages.
  • Lost and synced devices: In theory, losing your phone means you shouldn’t be able to receive SMS OTP messages. However, we can now sync messages between different devices, allowing us to authenticate via SMS OTP and access accounts even without the phone. Forwarding sensitive messages like this isn’t a strong security practice—especially not when your email may have a guessable password.
  • Phishing: In a social engineering attack, a threat actor impersonating an employee from a trustworthy service deceives you into handing over your account credentials, and your SMS OTP. Phishing attacks hinge on hackers exploiting users’ emotions or lack of knowledge, and can result in SMS OTPs leaking in the same way as a password.

QR code 

QR code (abbreviated from Quick Response code) is a type of matrix barcode (or two-dimensional barcode) first designed in 1994 for the automotive industry in Japan. A barcode is a machine-readable optical label that contains information about the item to which it is attached. In practice, QR codes often contain data for a locator, identifier, or tracker that points to a website or application. A QR code uses four standardized encoding modes (numeric, alphanumeric, byte/binary, and kanji) to store data efficiently; extensions may also be used.



The Quick Response system became popular outside the automotive industry due to its fast readability and greater storage capacity compared to standard UPC barcodes. Applications include product tracking, item identification, time tracking, document management, and general marketing.


1. What is UPI?

UPI is a single platform that merges various banking services and features under one umbrella. A UPI ID and PIN are sufficient to send and receive money. Real-time bank-to-bank payments can be made using a mobile number or virtual payment address (UPI ID).

2. Who initiated UPI?

UPI is an initiative taken by the National Payments Corporation of India (NPCI) together with the Reserve Bank of India and Indian Banks Association (IBA). NPCI is the firm that handles RuPay payments infrastructure, i.e. similar to Visa and MasterCard. It allows different banks to interconnect and transfer funds. Immediate Payments Service (IMPS) is also an initiative of NPCI. UPI is considered as the advanced version of IMPS.

3. What is UPI ID and PIN?

A UPI ID is a unique identification for a bank account that can be used to send and receive funds. UPI PIN is a 4-digit personal identification number that must be entered to authorise the transfer of money via UPI. The PIN can be chosen by the account holder.

4. How does UPI work?

UPI has made the money transfer process a lot easier. You do not have to remember the receiver’s account number, account type, IFSC, and bank name. Instead, you can do the money transfer only by knowing their Aadhaar number, mobile phone number registered with the bank account, or UPI ID. You can set up UPI ID on one of the apps that support UPI service. Mostly, a UPI ID begins with your mobile number followed by ‘@’ symbol and ends with the app you are using. For example, if your mobile number is 90xxxxxx60 and if you are using Paytm app, the UPI ID can be ‘90xxxxxx60@paytm’. The ID can be set up by providing the details of your bank account on the app. The app will send an OTP to your registered mobile number to make sure that you are an authorised person. Once you enter the OTP, you will be prompted to create a PIN for the UPI ID. Upon completing the registration, you can choose any mobile number from your contacts and send money. You can also request money from anyone on your contacts list.

5. What are the features and benefits of using UPI?

  • Online payments are simplified.
  • Pay for your hailing services, food delivery services, and shopping sites with UPI payments for instant fund transfer.
  • Pay at the nearest restaurants, grocery stores, and departmental stores online.
  • Rent, mobile recharge, and utility bill payments can be done online instantly.

6. Is it secure?

UPI transactions use highly secure encryption format that is not easy to tamper. NPCI’s IMPS network handles about Rs.8,000 crore worth transactions every day. This is expected to exponentially increase with UPI technology. It uses a two-factor authentication method, similar to OTP, for verifying every transaction. However, UPI PIN will be used in the place of OTP for validation.

7. Banks that support UPI

The major banks that support UPI services are:

  • State Bank of India (SBI Pay)
  • ICICI Bank (iMobile)
  • HDFC Bank (HDFC Bank MobileBanking)
  • Axis Bank (Axis Pay)
  • Bank of Maharashtra (MahaUPI)
  • United Bank of India (United UPI)
  • Vijaya Bank (Vijaya UPI)
  • Union Bank of India (Union Bank UPI)
  • Federal Bank (Lotza)
  • UCO Bank (UCO-UPI)
  • Yes Bank (Yes Pay)
  • Karnataka Bank (KBL Smartz)
  • Punjab National Bank (PNB UPI)
  • Bank of Baroda (Baroda MPay)
  • South Indian Bank (SIB M-Pay)

8. What apps allow UPI usage?

There are many apps coming up every day that supports UPI payments, such as Google Pay, PhonePe, FreeCharge, Mobikwik, and others. You need to verify your bank account information to generate UPI ID on the app before you begin transactions.


AePS(AADHAR ENABLED PAYMENT SYSTEM)



  • In order to further speed track Financial Inclusion in the country, Two Working Groups were constituted by RBI on MicroATM standards and Central Infrastructure & Connectivity for Aadhaar based financial inclusion transactions with members representing RBI, Unique Identification Authority of India, NPCI, Institute for Development and Research in Banking Technology and some special invitees representing banks and research institutions.
  • The working group on MicroATM standards & Central Infrastructure & Connectivity has submitted its report to RBI. As a part of the working group it was proposed to conduct a Lab level Proof of concept (PoC), integrating the authentication & encryption standards of UIDAI, to test the efficacy of MicroATM standards and transactions using Aadhaar before they are put to actual use. The PoC was successfully demonstrated at various venues.
  • AePS is a bank led model which allows online interoperable financial inclusion transaction at PoS (MicroATM) through the Business correspondent of any bank using the Aadhaar authentication.AePS allows you to do six types of transactions.
  • The only inputs required for a customer to do a transaction under this scenario are:-
    1. Bank Name
    2. Aadhaar Number
    3. Fingerprint captured during enrollment.
Objectives
  • To empower a bank customer to use Aadhaar as his/her identity to access his/ her respective Aadhaar enabled bank account and perform basic banking transactions like cash deposit, cash withdrawal, Intrabank or interbank fund transfer, balance enquiry and obtain a mini statement through a Business Correspondent
  • To sub-serve the goal of Government of India (GoI) and Reserve Bank of India (RBI) in furthering Financial Inclusion.
  • To sub-serve the goal of RBI in electronification of retail payments.
  • To enable banks to route the Aadhaar initiated interbank transactions through a central switching and clearing agency.
  • To facilitate disbursements of Government entitlements like NREGA, Social Security pension, Handicapped Old Age Pension etc. of any Central or State Government bodies, using Aadhaar and authentication thereof as supported by UIDAI.
  • To facilitate inter-operability across banks in a safe and secured manner.
  • To build the foundation for a full range of Aadhaar enabled Banking services.
Banking Services Offered by AePS
  • Cash Deposit
  • Cash Withdrawal
  • Balance Enquiry
  • Mini Statement
  • Aadhaar to Aadhaar Fund Transfer
  • Authentication
  • BHIM Aadhaar Pay
Other Services offered by AePS:
  • eKYC
  • Best Finger detection
  • Demo Auth
  • Tokenization
  • Aadhaar Seeding Status

UNSTRUCTURED SUPPLEMENTARY SERVICE DATA (USSD)



The innovative payment service *99# works on Unstructured Supplementary Service Data (USSD) channel. This service allows mobile banking transactions using basic feature mobile phone, there is no need to have mobile internet data facility for using USSD based mobile banking. It is envisioned to provide financial deepening and inclusion of underbanked society in the mainstream banking services.

How to get it:

  • Provide KYC (Know Your Customer) information to open a new account
  • Mobile no. should be  linked with bank a/c
  • Register for USSD/Mobile Banking
  • Get MMID (Mobile Money Identifier)
  • Get MPIN (Mobile PIN)

Service Activation:

  • None
  • 1-2 minutes

What is required for Transaction:

  • Remember MMID
  • Remember MPIN
  • Dial *99#
  • Registered mobile number with any phone (feature or smart)
  • Self Service mode

Transaction Cost:

  • NIL by system
  • Rs. 0.50 charged to customer

Services Offered:

  • Balance enquiry
  • Mini Statement
  • Funds transfer
    • MMID
    • A/c no.
    • Aadhaar
  • Know MMID
  • Change M-PIN
  • Generate OTP

Funds Transfer limit:

  • Rs 5,000/day
  • Rs 50,000/annum

0 Comments