Delivering the promise of a tech-enabled and digitally-sound business is a model that most companies struggle to deliver today. As CIOs look forward to overcoming building pressures to improve user experience, grant more secure and sustainable solutions, and enhance employee experience, we help you understand where to invest, how to define your business ambition, design your approach, and orchestrate sustainable change.

From automation to hybrid cloud, frictionless digital experience to decentralized finance, some of the core themes that are set to rule digital transformation trends in 2023 are explained in our blog. So let’s take a look at our list of what every business must ready itself for in 2023 when it comes to digital transformation trends.

The Metaverse

Forbes describes the metaverse as “a more immersive digital world.” While some may think of it as just Augmented Reality/ Virtual Reality (AR/VR), it is also about blockchains and decentralization. A world-renowned futurist, Bernard Marr says, “The term web3 is closely linked to various ideas of what the metaverse will be and is used to describe what many are calling a decentralized web.”

The Sandbox is a decentralized, community-driven platform, one of the finest examples of the metaverse. The Co-founder and COO of the company, Sebastien Borget considers The Sandbox one of the most advanced metaverse platforms to date. Immersion, 3D content, and platforms like The Sandbox are set to rule the digital transformation trends in 2023 and beyond.

Artificial Intelligence and Cybersecurity

Milind Wagle, EVP & CIO of Equinix opines that cybersecurity and artificial intelligence will continue to drive opportunities for businesses across industries, especially since the technology is becoming more decentralized and accessible. In 2023, a strong focus of AI would be on workforce augmentation, which means allowing employees to navigate the change around remote and hybrid work cultures by leveraging new tools.

Another form of AI in business to watch out for would be synthetic content. This means that a business harnesses the power of AI to create entirely new kinds of content like images, information, and sounds that have not existed before.

Frictionless Digital Experience

By tapping into the power of data, and smart APIs, and then driving an action that would enhance employee and customer experience is what is needed for a frictionless digital experience. Ellora Sengupta, VP & Head of Business Technology, Procore believes that designing customer and employee journeys through engaging, connected and frictionless digital experiences would be essential for CIOs.

To enhance productivity, it is imperative that businesses provide an intuitive, simple, and connected experience. All this would become even more important as more governments are interested in creating smart cities and smart countries that offer connected experiences such as smart homes, and intelligent and automated check-ins at airports, and hospitals.

Hyper-Automation and Hyper-Cloud

Automation can drive growth, enhance productivity, and generate cost savings during economic uncertainties. One example of this is Salesforce’s suite of automation technologies, which allowed its customers to save more than 100 billion hours every month. In 2023, however, automation is not enough. Organizations must take hyper-automation initiatives at the enterprise level with a more strategic approach.
“In the year ahead, I will also be looking to see more focus on hyper-automation – where organizations rapidly identify, vet solutions, and automate as many business processes as possible,” says Lisa Davis, SVP & CIO, Blue Shield of California.

The technologies which are already built are no longer supported at just the cloud level. Hyper-cloud requirements are needed, which means that organizations must fully automate the provisioning of infrastructure, storage, networking, and computing.

Decentralized Finance

DeFi is largely known to be driven by the rising need for individual control and ownership over personal finance. NFTs or Non-Fungible Tokens are digital assets based on blockchain technology, and they are the drivers of this trend. NFTs can completely change the way investing and transactions are done. DeFi is highly innovative and allows shared or fractional ownership. This technology also opens up a range of possibilities and opportunities for the finance industry.

Future Lies in Delivering Total Experience or TX

In 2023, organizations will have added pressure to deliver a seamless employee and customer experience to drive growth, generate more revenue, and seek customer loyalty. Organizations will hence, look to create a holistic digital experience that delivers TX or total experience encompassing not just customers, but also employees. There will also be a focus on resilient and agile outcomes with more focus on integration and automation.

If you are prioritizing a total experience through advanced tech stacks in 2023, speak to us and let us create a roadmap for a successful digital transformation of your business.

Banking as a Service or BaaS is a provision of facilitating products and services to customers through third-party distributors. The concept of BaaS functions by the integration of non-banking businesses within the regulated financial infrastructure. BaaS offerings enable new and specialized propositions and bring them to the market at a faster speed-to-market. Since these new propositions are built on the modern concepts of agility and specificity, they are displacing conventional banking offerings and disaggregating various profitable elements of the traditionally working banking value chain.

As a result of Fintech companies dominating the finance sector now, various incumbent banks are waking up to the potential of banking as a service. And why not? Stats on the financial market suggest that BaaS offerings are gaining ground as customer dissatisfaction grows with traditional banking models. Deloitte suggests that 30% of customers are considering switching banks, while 42% of customers have already used a Buy Now, Pay Later service also popularly known as BNPL. Moreover, the banks focussed on BaaS offerings have 2X Return on average assets (ROAA).

In this blog, the bank’s CMOs, CIOs, and C-Suite executives can gain insights to build customer-led journeys. But before we dive deeper into the subject, we must know what is Banking as a Service or BaaS, and more importantly, what it is not.

What is Banking as a Service?

Banking as a Service is defined as a business model where banking institutions enable fintech and non-financial businesses to provide financial products and services via the bank’s APIs. Connecting with banks’ APIs helps non-banks build innovative financial services upon a licensed and regulated infrastructure of the existing bank.

The concept of BaaS is deeply rooted in the increasing need for embedded finance. As a result, financial institutions started Banking as a Service as bundled offerings, which were often packaged as white-labeled or co-branded services. Today they are branded as embedded products. Non-Banking Financial Companies or NBFCs can use BaaS to serve their customers.

To make Banking as a Service or BaaS work, financial institutions or FIs require technology and capabilities since it is distributed to third parties via APIs and so it is based upon strong compliance and risk management.

BaaS is Not Open Banking

In our previous series on Banking as a Platform or Open Banking, we have discussed that BaaP is a different business model than Banking as a Service. The two terms are often confused because both involve the use of bank APIs by third parties and fintech companies. But the major difference lies in the objectives of BaaS and BaaP or open banking.

While BaaS allows third parties to integrate complete banking services into their product offering, BaaP or API-based open banking only allows third parties to use data for their product offerings.

Considering the Pain Points

Several traditional banks across the globe are concerned that when they distribute products or services through channel partners, it threatens their business relationship with clients. However, if end users or customers have already started adopting embedded finance in huge numbers, the banks have no room for not considering BaaS business lines.

Banks must look at the sunny side of this. The good news is that banks have that licensed and regulated infrastructure that fintech companies and NBFCs lack. Additionally, enabling third parties to distribute products and services through their APIs can be a low-margin and high-volume business.

Traditional banks are often seen struggling with cost structures that are based upon legacy technology and are managed through manual operations. Hence, to adopt a BaaS business model, incumbent financial companies must be willing to undergo digital overhauling. Fortunately, many banks have already started their journey.

Zac Townsend, who works with banking clients on creating digital businesses, writes for McKinsey, “ My work with incumbent banks suggests that more than two-thirds have undergone the digital transformation and modernization necessary to be competitive in BaaS.”

While it’s still a rising tide, one possibility with Banking as a Service is that it becomes pervasive as mobile banking or online banking. BaaS can evolve as a channel that every bank builds and maintains.

Why Banks Must Move Past the Status Quo: Lyft’s Case Study

The rising interest of traditional banks in BaaS is a result of embedded finance, which also explains why incumbents must move from the status quo. Let’s consider the case of Lyft's debit card. The Lyft Direct debit card is issued by Stride Bank, N.A., member FDIC, pursuant to a license by Mastercard International.

The debit card company offers excellent drivers for customers in the form of a strong rewards program. The result is customer experience improvements such as seamless account opening.  Behind the debit card offering of Lyft is a bank that:

a) Provides a debit card
b) Manages transactions in and out of the accounts, and
c) Handles regulatory compliance requirements for this product offering

Across the financial services offerings, including insurance, lending, and payments, the embedded finance offering like this is estimated to generate $230 billion in revenue by 2025, which is 10x increase from $22.5 billion in 2020, suggests Lightyear Capital Inc., a private, independent investment dealer.

Moreover, 11% of banks already have a BaaS strategy, 8% are in the process of developing one, and 20% are considering it, a Cornerstone Advisor, the expert banking consultants, survey of financial institutions found.

So the answer to why banks must move from the status quo lies in growth opportunities. On average, the banks which are currently offering BaaS have six partners and can support around 1.3 million account holders.

Overall, a sponsor bank that supports 1 million consumer accounts and 300,000 commercial accounts can easily generate a revenue of over $40 million annually, which calculates roughly $15 per consumer account and $71 per commercial account.

Cornerstone research estimates that the industry-wide, BaaS market could expand to over $25 billion in annual revenue in 2026. Forbes says, “This would go a long way to replacing the inevitable loss of overdraft fees the banking industry will face over the next five years.”

What’s So Important About Embedded Finance?

There’s nothing new about vertical integration, but historically the companies had integrated supply chain elements from within their industry only. What embedded finance offered is banking enablement into other industries. Digitization of banking led to the integration of banking into other industries by “embedding” banking software into non-banking companies. That is what’s new. And the interesting aspect is that it is beneficial for both financial institutions as well as non-banking companies.

The Road Ahead

A traditional bank could go the route of developing its own BaaS platform from the scratch, but for most banks, this doesn’t seem to be a viable scenario due to cost and time requirements. Additionally, the operational and technical challenges remain daunting.

This is paving the way for BaaS platform providers which can productize services such as account management, compliance, lending fraud management, and payments. Even for the fintech companies, going through the route of platform provider becomes significant from a cost and time perspective.

Unit, a BaaS platform provider says that working directly with banking infrastructure typically requires a cost of about $2 million and a time of 15 to 18 months to launch, with approximately $2.5 million in ongoing annual costs. But, working with a platform provider can also help fintech companies because it helps in reducing deployment time to less than 2 months and initial costs to $50,000, with ongoing annual expenses of around $50,000 too.

Strategic planning by a bank’s CMO or fintech companies can help reduce deployment time and cost. If you are scaling the change and looking for BaaS platform providers, Valuebound engineering capabilities can help you integrate embedded finance. Drop us a hello or reach out to our team with your inquiries.

Accenture says, “Those that treat Open Banking as a strategic growth priority will position themselves to deliver the seamless and engaging digital experiences customers want—and potentially boost revenues by upwards of 10 percent.”

A reasonably mature FinTech environment with existing use cases of API-led banking has emerged in recent years. This has led to the development of a conducive environment for financial services companies, banks, and incumbent financial organizations- collectively called the financial institutions or FIs- to consider how they can mature in the quest to embark on their API-based open banking journey.

In our previous two parts of the open banking series, we explained why banks should adopt API-based open banking and the challenges and opportunities in adopting the same. We also demonstrated it through the successful use cases of top banks like HSBC and ICICI.

Our collection of three-part series of experience-driven insights on successful API integration for open banking models can help C-suite executives of FIs and banks navigate their way into a thriving digital future.

APIs, as we clearly see, have grown beyond their initial definitions of just letting two systems interact with one another. Today APIs have evolved as a full-fledged suite of services that all leadership personnel must understand in depth to adopt open banking.

So, what should be your internal capabilities? What are the key tenets for implementing an open banking ecosystem? Through our blog, we discuss them and develop a market-ready strategy for implementing an API-based open banking business model.

Internal Capabilities to Gauge Before Implementing Strategy for Open Banking

Before formulating a strategy for an API-based open banking business model, executives must gauge internal capabilities first. A gap analysis is necessary to identify loopholes and internal areas for building capabilities. Key stakeholders must assess the following four considerations (Fig. 1).

• Technology Readiness- Assess the current IT infrastructure of the FI and the ease of API integrations.
• Customer Experience- Understand customer needs and align them with product or service offerings.
• Workforce Readiness- Gauge whether an organization has manpower capabilities to integrate APIs or not.
• Cost Implications- Estimate the cost of API integration and technology upgrade.

Fundamental Tenets of Successful Open Banking Implementation

Five considerations serve as critical tenets for successfully implementing API-based open banking ecosystem. These include data sharing, data privacy and cybersecurity, regulatory compliance, partnerships or interoperability, and customer experience (Fig. 2).

 

Data Sharing- Open banking is highly reliant on data sharing. It makes it possible for the customers to control the portability of critical financial data, which is shared with third parties for the ultimate benefit of customers. In addition, financial service companies can monetize customer data, given that open banking envisages secure data sharing. This can create another source of revenue for incumbent banks.

Data Privacy & Cybersecurity- Customer trust, market reputation and confidence, and service adoption- all lie at the heart of data protection. Compromising cybersecurity could be a costly mistake. C-suite executives can read our insights on the cybersecurity roadmap to gauge the risks and inculcate cybersecurity best practices. Hence, banks and financial services companies must ensure appropriate internal audits for data transfers to move toward open banking.

Regulatory Compliance- While developing and implementing an open banking ecosystem, there has been a differentiated approach of regulatory authorities across different jurisdictions. As a result, FIs must ensure compliance with data sharing, cybersecurity regulations, data privacy, consumer protection, and personal data protection.

Partnerships or Interoperability- Since API forms the premise of open banking, including banks and NBFCs, developing capabilities to strategize data, products, and services is critical. Following set standards in context with the security, customer experience, API, and operations eases the process of creating partnerships and interoperability.

Customer Experience- Open banking not only helps create additional revenue streams but also provides greater control for improved customer experience. This is possible through actionable insights based on data. Hence, creating customer-centric products and services becomes easier while reinstating customers’ trust in the brand.

Market-Ready Strategy for Open Banking

The average compounded annual revenue growth of banks and competing players in the Accenture study that utilize different business models (between 2018 and 2020) is

• 76% of digital-only players with non-linear models
• 44% digital-only players emulating traditional vertically integrated models
• <2% traditional banks with vertically integrated models

The revenue performance of digital-only, non-linear challengers is an inspiration for incumbent financial services companies, and banks for higher market valuations. So now the million-dollar question is how to facilitate a smooth “go-to-market”? Deloitte suggests three key areas that form essence of successful deployment of market strategy for API-based open banking (Fig. 3).

 

Developing Core Capabilities

As banks and financial services companies move towards developing core capabilities, their aim should be to develop an agile architecture that supports use cases for API enablement. Additionally, FIs must have organizational maturity for a seamless API management system, which includes API gateway, sandbox environment, and API lifecycle management.

To ensure optimum channel penetration and customer acquisition, banks and non-banks must have-

• Well-defined legal framework for liability and dispute management
• Capability building for personnel operating the system and acquiring the requisite skill set for APIs development
• Scalable, agile infrastructure to offer greater modularity and easier configuration
• Global FAPI (Financial grade API) and ISO 20022 standards to ensure adequate security controls
• Identification of verticals where API-enabled products and services can add value

Identifying and Prioritizing Relevant Use Cases

Financial institutions can leverage data to generate leads, cross-sell products, pre-, and post-delinquency management, risk assessment, and product development. Direct benefits of leveraging data for open banking are business augmentation, operational efficiency, improvement in asset quality, and cost optimization. For reaping all these benefits, banks and financial services companies must identify and prioritize the use cases to understand the relevance for their customers and the banks. Measure the intent to use, perceived benefits, and current experience for monetization, potential opportunity, and risk management.

Deloitte identifies the top 10 relevant use cases that form the basis of a successful market strategy for open banking. These are-

1. Wealth Management – High relevance to FI
2. Recurring payments – High relevance to customer
3. Sweeping accounts and micro-saving accounts – Medium relevance to FI
4. Credit risk assessment - High relevance to FI
5. NPA management and collections - High relevance to FI
6. Financial product aggregator - High relevance to customer
7. Spend management - High relevance to customer
8. Non-financial product aggregator – Low relevance to both banks, and customers
9. Automated overdraft credit - High relevance to FI
10. Automated payables reconciliation - High relevance to FI

Determining the Right Monetization and Pricing Strategy

The years to follow are promising for open banking, which is why banks have already started their journey toward API monetization. Banks can use robust pricing strategies for their competitive advantage by leveraging monetization opportunities and unlocking the full suite of API-enabled offerings.

Both free and premium APIs come with their own sets of monetization opportunities. Free-charge APIs facilitate services through third parties, which can help banks orchestrate unique customer experiences, intensify service penetration, and increase customer acquisition. Meanwhile, premium APIs monetization opportunities arise because banks can charge third parties for using them. Some of the pricing models for premium APIs can be

• Pay-per-use- No minimum fee, charge per call/per month
• Free + Premium- Free for basic; more information requires premium pricing
• Tiered-  Tiered pricing for pre-defined buckets
• Fixed fee- A fixed or percentage of the transaction paid to the API provider

In Brief

While the global open banking wave is relatively low tide right now, there is a change building at the bottom of the seabed. Accenture says that $416 billion in revenue will be at stake as the open data wave arrives, and banks must decide between surfing on the wave or riding it out with minimal damage. The leaders of open banking tomorrow shall be the ones who prioritize APIs, agile partnerships, data custodianship, analytics mastery, and trusted security.

Valuebound helps banks and financial services companies win in the digital ecosystem and get ready for what’s next. Talk to us to know how you can create a successful go-to-market strategy for API-based open banking.

Even though APIs have become a common denominator of digitization over the past few years, only 30% of the FIs were actually using APIs as of early 2021, suggests PYMNTS. So where is the challenge? To explore the growth potential, C-suite executives must also be aware of the global open banking situation. In this article of three-part series on open banking, we explain the challenges and opportunities of adopting API banking business model.

Matt Naish, head of the product strategy at FISPAN, a fintech company offering differentiated banking experience, says, “the lack of integration, generally speaking, is not a technical problem. The problem is with change management and process management.” He adds statistics to emphasize that “50% of customer relationship management (CRM) implementations fail — not because of the software but because of the inefficiencies of layering new systems over legacy infrastructure.”

Deloitte in its 2021 report, Open banking: Unleashing the power of data and seizing new opportunities underscores that data sharing is among the most critical challenges of open banking. The wariness to share data lies not just at the bank’s end, but also among the customers. The report says that cybersecurity and data protection are the top concern areas across all age groups, followed closely by wariness towards third-party access to data and transparency on data usage.

About 70 percent of survey respondents feel that greater emphasis should be made on data protection by institutions. More than 80 percent of respondents (who include multiple Financial Institutions, including banks and FinTechs, and customers) are uncomfortable with sharing the transaction history of accounts hinting toward a need for all FIs to assure customers that their data is secure.

So, we can safely say that the critical challenges of open banking are across 3 areas (Fig. 1)

• At the organizational level: Change Management & Process Management
• At the technology level: Running APIs with FI’s older tech infrastructure
• At the security level: Implementation based on regulatory favourability, industry maturity, cybersecurity, and data protection.

 

Open Banking Scenario in India: Case Study

India’s open banking or API banking scenario stands on a hybrid foundation. The retail banking industry and the government have collectively been involved to fuel financial development, and at the heart of this is an ambitious project called India Stack- an initiative that comprises several APIs and is aimed at bringing developers, businesses, fintech start-ups, and government at a unified software platform.

India Stack is a set of APIs (Aadhaar, eKYC, UPI, Digilocker, and eSign) that allows governments, businesses, startups, and developers to utilize a unique digital Infrastructure to solve India’s hard problems towards presence-less, paperless, and cashless service delivery.

“We believe Open Banking represents the next “UPI moment,” opening up new capabilities empowered by data,” TCS’ Report suggests. The strategic imperative for banks will be to figure out the implications stemming from the widespread consent-driven sharing of financial information.

From an operational perspective, banks will need to invest in technology for evaluating and acting upon large volumes of diverse data.

Despite the anticipated marketplace shifts, banks are well positioned to deliver solutions with deeper functionality, especially in areas such as corporate and SME banking, which requires deeper, contextual financial advice and expertise beyond what fintechs, telecom companies, and technology firms can typically provide. In these specialist segments, banks will likely continue to thrive.

HSBC’s Open Banking APIs and ICICI’s API banking are two successful examples of open banking. While HSBC’s open banking APIs enable third parties to begin integrating their financial services into merchant’s applications, ICICI’s payment APIs enable the complete payment lifecycle from registration to making transactions, checking status, and de-registering.

The Road Ahead

There are different ways in which financial services companies can approach the adoption of API banking or open banking. One way is to build APIs in-house, or they can also buy APIs and then bring them in-house. The second way is to integrate with platforms and partners like Valuebound.

A collaborative model can help banks future-proof their technological pursuits, given that it is still hard to say where the banking industry will go in a decade or half from here. By engaging with platforms and partners, FIs get an opportunity to position themselves for growth in real-time data exchange, embedded banking, and real-time payments.

Partnering with a product engineering company reduces a traditional organization’s time to market by adopting an agile product development and deployment. If you wish to spin off a successful, agile, cost-effective digital operation, get in touch with us to learn how we can accelerate your business model towards API banking or open banking.

In the next insight of our three-part series, we shall talk about the key tenets of open banking that form the pillars of a successful open banking ecosystem and a market-ready strategy for implementing an open banking business model by solving the challenges mentioned in this insight.

Financial data Application programming interfaces or APIs are one of the emerging innovation triggers of the banking and financial services industry as per the Gartner Hype Cycle for Digital Banking Transformation, 2022. APIs help financial institutions (FI) create products that can meet customer demand in the times of fintech penetration into the mainstream. API-based open banking is a mechanism wherein traditional retail banks open their application programming interfaces for third parties to create new apps or services.

The percentage of banks and credit unions that have invested in developing APIs has grown from 35% in 2019 to 47% in 2021, says PYMNTS data.

Open banking using APIs is a way for incumbent financial institutions and banks to partner with fintech rather than holding a competition with them. In this first part of our three-part series of API-based open banking insights, we shall holistically discuss-

• What is Open Banking or API Banking?
• How do banking APIs work
• Why incumbent financial institutions must move from the status quo?

CMOs, CIOs, and C-Suite executives of financial services companies and retail banks can gain usable insights from this series of open banking to build an API-enabled digitally advanced product or service platform.

What is Open Banking or API Banking?

Open Banking or API-based Banking is defined as APIs (XML/JSON codes) for allowing bank and client servers to communicate securely with one another. API banking makes data transfer between these entities seamless and ensures secured integration between the bank and customer’s systems. This capability of APIs enables customers to carry out their banking transactions without toggling between their Enterprise Resource Planning or ERP platform, and the bank.

How do Banking APIs Work?

Non-banking companies are developing and facilitating a range of core financial services to clients by connecting with APIs of financial services companies, FIs, and retail banks. This has led to the emergence of platforms connecting clients with bank APIs. These platforms pitch themselves as banking-as-a-service (‘BaaS’) or middleware.

At the back end, an intermediate layer connects with banks and regulated entities. On the front end, it hosts various fintech companies and non-bank entities (Fig. 1). So, the API platforms act as the infrastructure. In contrast, non-banking enterprises and fintech companies integrate financial and banking services in their non-financial offerings.

Why Move From the Status Quo?

According to Accenture, 29% of banks’ traditional retail products-based revenue streams are at risk. Most bankers expect a 10% increase in overall organic banking growth. While, in 2020 alone, there was a 55% boost to banking revenue from new opportunities created by open API-enabled services.

The adoption of open banking or API banking has gained traction over the last decade across the globe. There has been a significant difference in its interpretation, reception, and adoption from one country to another. Yet, if we mainly speak about market readiness in India, there has been a significant surge in the FinTech space.

Pertaining to the competitive landscape, financial institutions have taken active steps to educate the customer, invested in increasing distribution, and offered rewards to drive customer behavior. Account aggregation use cases are expected to scale up.

Key Takeaway

Whether the banking industry also continues to thrive in the retail financial services segment will depend entirely on how well they navigate the next few years along with open banking. The success stories will be those that can stand the ground with flexibility and imagination to create offerings by meticulous use of APIs and bringing together multiple domains, within and outside of financial services. To explore the growth potential, C-suite executives must also be aware of the global open banking situation. In the next part of this series, we explain the challenges and opportunities of adopting an open banking business model.

In the first part of this two-series insights, we looked at why retail banks must ride the Banking as a Platform or BaaP wave to create revenue streams, enhance customer satisfaction, and build partnerships with fintech companies to walk toward new-age automation in finance.

McKinsey reasonably points out that “Banks are better served to get ahead of and define the trend rather than waging a futile battle to repel it.” Given that many CMOs, CIOs, and C-Suite Executives are interested to upend the status quo and explore possibilities that move past their set patterns of vertically integrated, closed-loop offerings, this blog will offer insights into a strategic roadmap for retail banks to compete in a platform world (Fig. 1)

Adopt API-Powered Platform Strategy

After a retail bank has demonstrated its maturity at the level of emerging or the intentional emergence stage on delivering a product set that involves APIs, it can go on to a more specific level for leveraging and monetizing APIs.

In order to adopt an API-fuelled platform strategy, banks must be ready to face organizational and technical challenges. At the organizational level, banks must bring a change in functional mindset through multidisciplinary team creation, redesigning customer expectation strategies, and reshaping business architecture. At the technology level, banks must pursue process automation, experimentation with rapid prototyping, updating development approaches, and maintaining APIs at the internal level.

Generate Platform Exclusivity

More than 50% of the banking executives in the World Retail Banking Report said that the critical challenges to maintaining brand exclusivity are- the multi-home nature of platforms, and the ability of partners to participate in multiple ecosystems. The survey also suggests that nearly three-quarters of the executives are worried about brand dilution in such an ecosystem.

Therefore to understand how banks can build and maintain exclusivity, they are also looking toward those industries which are taking the platform path. For instance, Amazon boosts homing costs by charging third-party sellers higher fees for orders not placed on the retailer’s marketplace. One way in which Banking as a Platform or BAAP can gain exclusivity is if they lock Fintech company or software development company in the strategic investment ecosystem.

Confront Brand Dilution

CMOs and CIOs, they can create strategies that are separate from core bank offerings. This way, they can ensure that their exclusive offerings get top billing and that the brand does not get diluted. An example in India is the digital application platform of HDFC Bank which provides loans against securities- mutual funds. It meshes an exclusive offering of loans into its exclusive digital application platform.

Avoid Product Cannibalization

Cannibalization is a chief concern of several bank executives, the survey in the World Retail Banking Report explains. Competition with fintech companies is a direct result of the digitization of financial services. But, one strategic way to avoid cannibalization could be to ensure that the partner products do not sit in direct competition with the bank’s product offerings. This will prevent the fintech companies from eating into the bank’s core business. Another method could be to avoid cannibalization, bank CMOs must work to ensure that they don’t invite third-party vendors with direct competition into their own ecosystem.

Meet Customers’ Lifestyle Needs

When banks seek to differentiate their Banking as a Platform or BAAP and build intense customer journeys through platform banking, they can mesh traditional offerings with lifestyle products that are non-financial in nature. Targeting lifestyle solutions that can drive customer engagement without jeopardizing bank offerings to a lower position in the chain can be a way to hit equilibrium.

For example, CaixaBank, a Spanish multinational financial services company, offers non-financial services like educational content, shopping, games, music, and video through its lifestyle banking platform while complementing its core financial offerings. After one year of launching its lifestyle banking platform, the mobile-only digital bank got hold of 3.1 million customers.

In this context, Zac Maufe from Google Cloud says, “embedded finance will be critical within the futuristic banking equation, where financial institutions are available whenever customers require financial services.”

Prevent Platform Leakage

Banking platform ecosystem can increase its value for customers and partners through cobranding arrangements and preferred pricing to ensure that there is no erosion in the banking ecosystem. To avoid third-party partners circumventing their banking platform and engaging directly with the bank’s customer base, CMOs can also offer support services to third parties. So this means that what begins with the banking platform must also stay there.

One example of preventing platform leakage can come from another industry, for instance, India’s travel and accommodation agency, OYO. They prevent customer leakage from its ecosystem by supporting partner hotels with advertising, financing, and brand management.

Measuring the Success of a Banking Platform

Banking as a Platform is a wave that’s still rising, and to which incumbent banks are not yet accustomed. The platform world operates in a different mindset than what retail banks are used to. So what is the right way to measure the success of a banking platform? “The accurate measure of an ecosystem will be the net impact of a consumer on the parent and associated entities,” said Raghuram Iyengar and David Reibstein, professors of marketing at the University of Pennsylvania’s Wharton School.

Effective metrics include network effects, customer acquisition rate, the effectiveness of engagement in the market, and asking internal questions like how diverse the platform is in their offerings and partnerships.

“The ripple effect of a single customer journey will be throughout the ecosystem. It can help derive the value that a particular customer brings in and the value that the customer can get driving engagement and network effects,” add Raghuram Iyengar and David Reibstein.

Future of Banking as a Platform as We See It

The nature of Banking as a Platform or BAAP is to grow gradually through an ecosystem of complimentary offerings through services and solutions. Hence, cross-platform offerings or hybrid business models such as Amazon pay-Icici Bank partnerships make way for the business.

If you’re interested in embedded banking into the platform and are looking to partner with a digital experience company, learn how Valuebound can assist you in carving a successful BAAP journey. 

Banking as a Platform (BAAP), or platformification of banks is increasingly becoming an accepted business model for several banks to cultivate, monetize, and leverage APIs. BAAP or Platform Banking is not a new concept, a World Retail Banking Report by Capgemini explains. For example, a 2021 study by the European Banking Authority found that 97% of banks in the region used platforms to market and distribute products and services, while 83% reported exploring opportunities to use platform models to diversify and expand beyond their primary geographic markets.

India’s digital banking platform market was worth USD 776.7 million in the year 2021, according to BlueWeave Consulting Study. The study underscores that the market is estimated to grow at a CAGR of 9.8%, earning revenue of around USD 1,485.5 million by the end of 2028.

This growth of Banking as a Platform is attributed largely to faster digitization in the country. Another factor is the faster adoption of growing technologies like artificial intelligence (AI), cloud computing, the Internet of Things (IoT), and the use of APIs- all of which leads to automation in finance, higher customer satisfaction, and increased business revenue.

Bank’s CMOs, CIOs, and C-Suite executives can gain usable insights from this blog for building customer-led journeys and a data- and technology-driven product or service platform. But before we dive deeper into the subject, it is essential that we know what is Banking as a Platform or BAAP.

What is Banking as a Platform?

Banking as a Platform is defined as a business model where third-party developers build products or services for banks. These developers can be from a fintech or any other software/technology company, and they embed APIs into platform functionalities, while a banking platform can itself manage data exchanges, authentication, and compliance.

Is Banking as a Platform & Banking as a Service the same?

In layman’s terms, a fintech or any other software/technology company can develop a product or service and “rent” it to a bank. Banking as a Platform cannot be used interchangeably with Banking as a Service (BAAS) because banking institutions enable fintech and non-financial businesses to provide financial services in the latter. So these are two exact opposite terms. In fact, BAAP is a business model that fits perfectly into the modern-day financial ecosystem, where fintech companies can enable banks and work in conjunction rather than as two separate bodies, to enhance customer experience.

Banking as a Platform is hence, largely being accepted to embed banking into the broader ecosystem journeys of customers to empower inclusivity and sustainability. Banking as a Platform or BAAP is also known by other names like Platform Banking, Open Banking, and Ecosystem Banking.

Speaking specifically of India, the digital banking platform market is segregated into two types- based on their deployment. These include- on-premises and cloud segments. Cloud deployment of Banking as a Platform product has more market capture due to better traffic, faster access to data, and improved efficiency. Also, cloud deployment of BAAP offers faster rectification and tracking of issues, which in turn, reduces the risks of reputation damage.

A third of retail banking customers were interested in platform services offered by their primary lender, a Deloitte survey conducted in the United States said. 34% of customers surveyed said they were willing to use platform banking service they were willing to use platform banking services, whilst 25% said they were neutral.

Younger customers, both Gen Z and Millennials are more inclined towards financial superstore app, with an overwhelming 75% and 67% approval, respectively. 54% Gen X and 33% Boomers showed interest in a digital banking platform whilst on a cumulative level, 55% of all respondents had shown interest in India.  
While prolific growth is highlighted in this business model across all geographies, there are still some reservations due to the traditional way of working. So why should banks consider BAAP?

Moving Past the Status Quo: Why Banks Must?

“The key question incumbents must ask themselves is whether banking is a destination or an enabler? As an enabler, banks can go beyond their products/ services and embed themselves within customers’ lives, paving the way for ecosystem banking,” says Christopher Young, Director, Financial Service Strategy, Adobe.

Banks that embrace Open Banking trends could profit from a potential revenue uplift of 20 percent, whereas those failing to do so risk losing 30 percent to disruption by the end of 2020, per one study from Accenture.

All parties are in a triple win-win situation when they adopt a BAAP model.

• Customers- They are still owned by banks, and by adopting a BAAP model they win because of better, newer, and tech-advanced services from banks.
• Banking as a Frontend- Banks win in this model because they can increase customer engagement, customer satisfaction, and revenue, while also saving development and support costs.
• Fintech- Fintechs are well integrated into the banking platform with the help of APIs. So, banks are powered by fintech companies. Meanwhile, fintech companies win because they can sell their product to a reputed and established institution for a profit.

Benefits of Banking as a Platform

Apart from focusing on the core business, banks can leverage platformification with major benefits as mentioned below:

• Reduced cost and time that goes into development of a product
• Maintenance costs are being borne by the fintech company or software development company
• BAAP introduces a new way of banking for customers, where they find new services
• Platform banking strengthens a bank’s position in the market
• Open banking or BAAP increases customer engagement and satisfaction

Banks can make use of the platform in a different way according to geographies, demography and market competitiveness. For example, in a highly competitive market or region, more importance is given to differentiation. So banks can have their SWOT analysis and build a platform or ecosystem around it. In a less competitive environment, BAAP can adopt the opposite strategy. It can become a one-stop shop by offering all possible services on a single platform.

RazorpayX: A Successful Use Case of India’s Neobanking Platform

RazorpayX is the neobanking platform belonging to the unicorn Razorpay. This neobank has already served more than 10,000 businesses- helping them process payroll using Opfin, paying expenses using a Corporate Card, and paying business vendors in real-time using the underlying payouts layer.

RazorpayX allows customers to open and operate fully functional current accounts, which come with standard banking features like debit cards, account statements, and cheque book. This platform has API banking capabilities, along with insightful reports, and approval workflow. RazorpayX also helps with automation in finance by refunding Cash on Delivery orders using Payout Links.

Future of Platform Banking

Embedded analytics will become the undercurrent of platform banking, along with key differentiators of AI and ML to enhance customer experience. The DNA of Banking as a Platform (BAAP) shall be defined through API strategy and how agile a bank is to fully use APIs.

While the future of BAAP or platform banking is still in a nascent phase, strong strategic planning and a roadmap can help trail retail banks’ path to a complete platform world. Hence, it’s a ripe time for the banks to consider consolidation for newer business models which would help them compete in the present business environment.

In our next blog of this two-part series, we put the idea of BAAP to the next level, explaining strategies for retail banks to compete in a platform world.
 

Banking 4.0 can be defined as the foundation of creative destruction that came through fintech companies, transitioning innovation, and traditional retail banks reorganizing their business models on new-age digital principles of platforms, apps, data intelligence, and embedded finance. This radical reordering brings a promise of platform-based banking to deliver experience-driven customer satisfaction through the optimum channel.

CIBC, the Canadian bank, for instance, has seen customer acquisition rates in three primary lines of business increase by 65% due largely to personalization efforts, a Capgemini report suggests. In the present financial ecosystem, hyper-personalized and growth-oriented digital environment, the competition for retail banks lies in customer trust, delivery channels, and data.

“Bank 4.0 is essentially embedded, ubiquitous banking built into the world around us through technology layer,” says Brett King, a global best-selling author, and a FinTech futurist, in his statement to Economic Times. Hence, banking 4.0 is essentially about shifting the financial service orbit by demolishing long-standing practices and experimenting with that which hasn’t been done yet.

At the heart of this transformation are today’s chief marketing officers (CMOs) and chief information officers (CIOs) who are also evolving in their role as chief customer strategists. This insight is for such new-defined roles in the retail banking sector that are trying to leverage technology to orchestrate unique customer experiences by coordinating technology, compliance, and data. Leaders who’re aiming at breaking data silos and ensuring that banks of the present finance ecosystem have capabilities to deliver real-time data-driven experiences will find our insight useful as we explain how banks can deliver value now, and what they can learn from fintech companies.

Why Banks Must Move From Status Quo?

In Brett King’s book entitled Bank 4.0: Banking everywhere, never at a bank, the description says that in 30-50 years when cash is gone, cards are gone and all vestiges of the traditional banking system have been re-engineered in real-time, what exactly will a bank look like? How will we reimagine a bank account, identity, value, assets, and investments?

“Banks have historically focused on capturing value and have forgotten about customer experience. Capturing value and profit is not contradictory if a bank focuses on long-term customer relationships,” says Alexander Weber, Chief Growth Officer of a German neobank.

95% of banking executives in The World Retail Banking Report highlight that legacy systems and outdated core banking modules inhibit efforts to optimize data- and customer-centric growth strategies.

Evolving consumer tastes, a hyper-competitive landscape, and increasing regulatory scrutiny around data usage among some other factors (Fig. 1) are critical present contests that challenge banks in their abilities to digitally grow and evolve. The report also highlights structural challenges across the customer lifecycle (Fig. 2) and data challenges (Fig. 3) that incumbent banking institutions face.

It is on the lines of these pain points that incumbent banking institutions can compete in the fintech environment with a vision of futuristic banking 4.0 and move from the status quo.

Bank 4.0: A 4-Pronged Vision of Future Banking

The last two years have been quintessential in pushing the Banking, financial services, and insurance (BFSI) sector faster into the future. With the penetration of fintech companies as we move forward, financial services will be entirely driven by virtual facilities through platform-based models, cloud data storage, blockchain technology, digital channels, and other futuristic changes. Comparing the customer acquisition cost between digital and branch shows that the former has a cost of $5 per customer, while the latter has a cost of about $350 per customer. So, the digital acquisition cost of customers is another modality that’s driving the future of retail banking towards Bank 4.0.

In the section below we explain a 4-pronged vision of how Banking 4.0 will unlock hyper-personalized engagement and drive revenues for traditional working retail banks.

The banking 4.0 vision should include recasting the business model with platform-based solutions, revamping customer perception, strengthening data capabilities, and increasing impetus between fintech and traditional banking (Fig. 4)

Recast Business Model with Platform-Based Solutions

Bank executives and customers fall in a similar bracket of expectations from the distribution channel. About 80% of both groups continue to view the website as a critical point of interaction. Mobile apps were cited by 77% of consumers, compared to 91% of executives, while branches were valued more by customers (75%) than executives (58%) in the survey done for The World Retail Banking Report 2022.

Platform-based products and services are promising for filling capacity holes and expanding retail banking revenue. However, banks are still at the cusp of technological reforms, and the executives struggle with cannibalizing products through ecosystem partners, preventing brand dilution, and maintaining ecosystem exclusivity for partners.

While new fintech players can accelerate customers’ expectations around the convenience, transparency, and speed of digital products and services, banks still have a few dominant areas where they can respond to position themselves for the future.

Revamp Customer Perception

Creating a positive brand perception on the grounds of low latency, and low friction, with an element of experience design, and ZeroOps is needed to redefine and revamp customer perception. Bank 4.0 is about capturing value by introducing relevant and low-priced innovative products, enhancing API and cloud capabilities, and strengthening internal processes for frictionless omnichannel experiences.

To change customer perception, the following recommendations can work well-

• Engage customers through VR/AR immersive experience
• Reinforce the commitment of the brand towards green banking by integrating ESG parameters into banking products
• Embrace models that bundle financial service, and non-FS together
• Drive collaboration and co-innovation to expand the banking product portfolio
• Embrace cloud and APIs for a robust digital foundation to improve internal processes
• Synchronize digital and physical channels to shift from multi-channel engagement to an omnichannel experience

As an example, Canada’s CIBC embraced a third-party experience management solution that uses first-party cookies to help build a more scalable and relevant digital platform. This platform allows it to prioritize and push targeted mobile promotions to customers and synchronize data to create models that can update product pages quickly and at scale. The platform also enables the bank’s busy customers to set up direct deposit payments, request financial relief, or apply for credit card rate reductions or mortgage payment deferrals in seconds.

Result? Mobile conversion rates increased by 50% and website conversions more than doubled. Bank leaders have credited digital investments made in 2021 and a cloud-first strategy for CIBC’s adjusted year-over-year revenue growth of 7%.

Strengthen Data Capabilities

At the turf of a retail bank brand, is the data that CIOs and CMOs can defend and use to succeed in this competitive environment. Retail banks have access to huge transactional, behavioral, and financial data, which they can use to create profitable customer relationships and understand customer behavior. But the point is- are you investing in technological capabilities to harness this data for your advantage?

The enormous volume of customer data that is supplemented by information from data ecosystems and third parties can strengthen any incumbent brand to leverage this ability and drive customer engagement and revenue. Structuring and organizing data silos with a centralized repository, such as a customer data platform (CDP) can help in generating deeper customer insights. Retail banks can also leverage large volumes of internal data to gain customer insights and a competitive advantage against fintech.

Increase Impetus between Traditional Banking and Fintech

The staggered tech shift in last few years calls for an increased partnership between traditional retail banking and fintech. Technology can be a force multiplier for a traditional bank. Hitesh Sachdeva, Head of Startup Engagement, Innovation and investments at the ICICI Bank, India, emphasized, “We realize that innovation has two broad approaches. One is you keep building a lot of innovation inside the bank. But it has its own limitations. And the other way to capture the innovation is to tap into the innovation happening in the outside ecosystem, and amalgamate it inside the bank with platforms, partnerships, and collaborations with start-ups, to create innovative products, which are in alignment with our digital roadmap, for rapid prototyping experimentation and then make it the core of the bank.” So this way, fintech companies can play an influential role as the ‘enabler’ of traditional banks, rather than the ‘competitors’.

In a Nutshell

Banks can clearly deliver value by shifting from monolithic broadcasting models to engaging interactive service delivery of fluid experiences to customers. There has to be a shift from brand custodians to brand experience custodians. Bank 4.0 innovations can hence help shape a growth trajectory around four critical areas- product, customer experience, data, and technology.

The recipe for new-age digitization lies in a coherent and integrated strategy. Bank CMOs and CIOs keen on delivering personalized experiences to customers or orchestrating bank 4.0 innovation, can get in touch with the Valuebound product engineering team to learn how we can help to convert your revenues by turning customers into brand evangelists. 

75% of customers in the World Retail Banking Report 2022 opined that they are attracted to FinTechs’ cost-effective and seamless services focussed on automation in finance. This significantly raises their digital banking expectations. Oracle's study finds that nearly 81% of customers use digital channels while interacting with banks to avoid physically going to the bank. Retail customers of nearly all banks have reported Internet and Mobile banking outages. This is because all traditional banks in India are built on the foundation of security rather than scalability, and most banks are still not comfortable with cloud migration. This is where new-age, next-gen FinTech companies are overpowering traditional retail banking in India.

For starters, technology and fintech have challenged the status quo of conventional retail banking- impacting their revenue as well. With the future of fintech in India becoming more relevant, it’s about time that automation in finance becomes a central theme across all banking services in India.

In our insight, we explain the core themes that can drive new business models in the retail banking industry in India.

The Metamorphosis of Retail Banking in India

Consumers have better expectations regarding customer service, reduced app or web downtime, and core functions like investments, savings, payment facilities, and credit across segments, but topping them all with the seamless user experience across various platforms.

Financial inclusion became a keyword a few years ago, which penetrated technology and fintech into the banking services, leaving the conventional firms wondering if their time is up. In a simple definition, financial inclusion means an act where all consumers across the length and breadth of India are included in the banking services. The digital literacy divide among the Indian audience is a major pain point among IT security, regulatory uncertainty, and differences in management and culture.

Most Gen Z and Millennial Indians have started calling fintech the primary financial service provider. Hence, it doesn’t matter whether a new product or service comes to the market or not- fintech has captured the mind share and market. Regarding the impact of fintech on Indian retail banking, fintech companies have not replaced the traditional banking model- they’ve only introduced new services and products in the market. This has fundamentally metamorphosed supply and demand for financial services. So where does that leave the traditional retail banking industry in India?

Technology and Fintech: A Game-Changer for Traditional Banking Model in India

The regulatory authorities in India realized that technology could be a game changer for financial inclusion in India. Institutes like the National Payment Corporation of India (NPCI), the Institute for Development and Research in Banking Technology (IDRBT), and the India Stack became the key pillars to set the foundation of fintech in India with the intent of driving digital transformation in finance and advancing the motive of financial inclusion.

To combat the pain point of the digital divide, schemes like NFS, UPI, Aadhar, and Digital India set the foundation for financial literacy and inclusion, which led to automation in the financial landscape of the country. Against these grounds, it might become useful to comprehend the impact of fintech on retail banking in India.

There are 6 core themes that Valuebound observes regarding the impact of fintech on Indian retail banking-

Customer Experience & Customer Engagement at the Core

Channel diversification has become the key driving factor in the retail banking sector in India. Critical reasons for this include growth in the number of mobile users. As per Deloitte's analysis, the demand for smartphones in India is expected to reach about 400 million in 2026 from 300 million in 2021. Increased use of web-based platforms is another strategic reason for channel diversification to cater to a larger audience. Mobile-first approach to reaching out to the customers, and offering mobile applications to the clients for banking-at-the-doorstep is an investment that most traditional banks are now making to enhance customer experience substantially.

Integration & Collaboration

Fintech incubation programs and captive accelerator programs have increasingly become popular among traditional banks in India to foster innovation and create a safer environment for customers. One such example is the SBI Fintech Innovation Incubation Program (SBI FIIP), which runs with an overarching purpose to promote a culture of FINTECH innovation and entrepreneurship in India.

While the traditional banking models remained upended due to the fintech ecosystem 5 years ago, they’re now actively introspecting how they can be a part of disruptive innovation. Account Aggregators under open banking architecture are another notable change in India’s retail banking ecosystem.

Establishing Win-Win Partnerships

The win-win partnership between new fintech entrants and traditional banks gives a direct benefit to the country’s financial ecosystem with customers at the center. Potential opportunities could include expanding infrastructure capabilities by banks and enhancing knowledge of product design and IT development.

Access to lending is set to be democratized, the lending models will be subject to greater regulatory scrutiny. While overall credit card penetration will increase, the role of non-banks is unclear; to be shaped by regulation, which explains the need for win-win partnerships. These developments bring banks, NBFCs, and Fintechs closer, as collaborators and not as competitors.

Building Strong IT Infrastructure

In December 2020, Shaktikanta Das, the RBI Governor urged banks to invest more in IT infrastructure and technology to remain competitive with Fintech companies. The retail banking sector in India does not lack the capital to invest in technology- there’s a lack of vision and business leads that could take strong decisions. Yet, the metamorphosis of retail banking we talked about in the previous section is visible now.

In 2021, HDFC Bank created its own Digital and Enterprise Factories to enhance the digital banking experience of customers. This enterprise factory aims at upgrading legacy infrastructure, decouple existing systems, and build its own capabilities by embracing open-source to build resilience and scale.

“The Digital and Enterprise factories will help us realize the strategy of ‘running’ the bank, while ‘building’ the bank for the future,” says Parag Rao, Group Head – Payments, Consumer Finance, Digital Banking & IT, HDFC Bank. He also adds, “we have led the digital transformation of the Indian financial services sector and continue to invest in technologies.”

Mitigating Cyber Security Risks

Cyber security risks erupt when external APIs interact with banks’ IT systems, leaving the bolt open for vulnerabilities and information breaches that transverse the positives mentioned above. The banks are now partnering with IT organizations to address such challenges. However, cloud sourcing increases risks of money laundering, data security, customer privacy, and cybercrime- all of which can be addressed with strong decision-making and advanced technologies in place.

Compliance and Regulations

Reliability of APIs and the cloud has increased interconnectedness amongst banks and third-party apps, which may not be subject to equivalent regulations and compliances. Banks cannot risk non-compliance with data privacy and security. But if vetted technically and through the right channels, traditional banks can utilize this in their favor- something where fintech companies would lag behind.

Wrapping Up

These developments bring Indian banks, NBFCs, and Fintechs closer, as collaborators and not as competitors. The success of innovation and amalgamation between retail banking and fintech largely depends on regulations and compliance. In spite of the long way to go, the impact of fintech on retail banking in India shall emerge for the highest good of digital transformation of financial services and customers. 
 

In June 2021, providers of unified payments interfaces (UPI) in India recorded a total of 2.8 billion digital payment transactions worth over five trillion Indian rupees. This was an increase compared to May 2021, according to Statista research. It also underscores that in the financial year 2022, digital payments in India reached a total of over 239 billion Indian rupees. This marks a significant increase from 20.7 billion Indian rupees in the financial year 2018. The emergence of UPI or unified payments interface is an initiative by the Government of India to introduce a standardized protocol where banks, bank-like organizations, and non-bank entities could communicate with one another so as to make India’s payment system digital native.

What is UPI or Unified Payment Interface?

Launched in 2016, UPI is a National Payments Corporation of India (NPCI) payment system that allows online payment and cashless money transfer using a simple mobile system.

UPI works on the concept of virtual payment addresses, which makes it interoperable- the greatest advantage that changed the payment landscape in India. UPI leverages the present infrastructure for authentication and enables one-click payment. By eliminating the need for sharing sensitive information like bank account numbers and One-time passwords (OTP), UPI has facilitated a safe, secure, and game-changing digital transition toward India’s nearly cashless economy. Unified Payment Interface is a platform that is both backward compatible as well as futuristic. Yet, when we speak of safety, there are a few things that are at stake.

What’s at stake during UPI Transaction?

A two-way payment transaction begins with a need for the sender or an entity that needs to transfer money to the receiver or second entity. Both entities could be either individuals or merchants or even government organizations. Three core requirements to be met for completing a payment transaction using UPI include sender authentication, receiver identification, and authorization. During these steps security at the infrastructure remains a major pain point of the UPI. Banks do not have a core competency of safely transmitting information, and placing the entire burden of two-factor authentication on the banking systems leads to insecure communication channels and non-standard authentication processes among different institutions.

So even while the reason for UPI’s success is a modern unique identifier for every individual, there are certain things that remain at stake, which are-

• Virtual payment addresses & Individual’s Digital identity
• UPI ecosystem that’s built and integrated for provisioning services
• Security of the identity, transaction information, and data over the network
• Response Time since the speed of transaction is the highest

Some of the other things also include regulatory compliance, financial and reputational aspects, and confidence of customer and market trust.

Ensuring UPI Security

Cyber security of Unified Payment Interface is targeted towards four main offerings which include process controls, functional controls, technology controls, and vulnerability detection. Across these four offerings, a product owner should consider the following points for UPI security-

• Ensure that the UPI environment and interfacing systems are secure
• Security of identity on mobile devices must be ensured
• An organization must introduce new security tools in context with the changing business model
• To ensure effective monitoring and analysis of security risks, advanced and smart analytics tools must be used
• Compliance with regulations and adopting industry standards help in further strengthening the security of UPI

OWASP Mobile Top 10 2022 for UPI Security

The Open Web Application Security Project (OWASP) is a non-profit foundation which provides remediation guidance to improve software security. OWASP Mobile Top 10 provides a ranking and most critical security risks for mobile application, alongside suggestions on how to remain protected against these attack vectors. The top 10 attack vulnerabilities OWASP Mobile Top 10 in 2022 are-

• M1: Improper Platform Usage
• M2: Insecure Data Storage
• M3: Insecure Communication
• M4: Insecure Authentication
• M5: Insufficient Cryptography
• M6: Insecure Authorization
• M7: Client Code Quality
• M8: Code Tampering
• M9: Reverse Engineering
• M10: Extraneous Functionality

Security Considerations: 5-Step Roadmap to Create Secure UPI Product

The proportion of UPI transactions in the total volume of digital transactions grew from 23% in 2018-19 to 55% in 2020-21 with an average value of ₹1,849 per transaction. The volume of UPI transactions calls for security considerations in place to create a secure UPI product that ensures customer trust and retention. Valuebound recommends following UPI security considerations to ensure benefit-realization of the product (Fig. 1).

Web Protection

This includes protection from cyber fraud and safeguarding digital identity. Google Pay, for instance, suggests prerequisites for integrating it with a site. These include-

• Ensuring that business channels are verified merchants by NBFC/ banks
• Ensuring that all details needed to accept payment using UPI ID are available
• Ensuring to have required APIs from the bank to check payment status
• Ensuring that every transaction uses a unique transaction ID

Fraud Detection

Early detection tools can reduce Mean Time to Detect (MTTD) for new-age frauds like Distributed Denial of Service (DDoS), ransomware, application vulnerability exploits, merchant frauds, spam, reconnaissance attacks, software supply chain attacks, and account takeovers.

Secure Design

Embedding security needs or adopting the DevSecOps model in the development programme helps in putting cybersecurity at the central part of the production pipeline.

Technology Design Review

Encryption and authentication strategies like public key infrastructure (PKI) and hardware security modules (HSM) help secure UPI product.  Network architecture, application program interface (API) and interface security form an integral part of technology design review.

Operations Readiness

A new UPI product should have compliance with National Payments Corporation of India (NPCI), Reserve Bank of India, and IT Act guidelines to avoid compliance and regulatory hiccups. UPI security also includes log maintenance and advanced log analytics.

Conclusion

In 2021, out of the 2.8 billion transactions, PhonePe had a share of 46 percent and GooglePay a share of 35 percent. Third big player is Paytm with a share of nearly 12 percent. The volume of UPI transactions and India’s digital ecosystem is a testimony that the scaled-up mobile banking infrastructure is here to stay and transform the economy. Creating a secure UPI ecosystem becomes more important due to the exponentially growing customer base. If you wish to learn how Valuebound processes solutions to ensure a safe and secure UPI product for you, get in touch with us.