Applications >> Banking Industry
Introduction
The change in the economic and business environment in India has changed the way banks operate. However, it may be some time when the change is not only felt but gets properly entrenched in the system. Banks need to establish a vibrant, efficient, stable, sound and internationally competitive banking system. To reach this goal banks needs to improve productivity and enhance operational efficiency.

All existing methods of banking are giving way to new thinking and focus. Banks are shifting focus from lending focused business to transaction handling business. The competition has made relationship banking essential. Relationship is important to understand the clients need in time and working out structured customized solutions. Channel finance is another focus area.

Information technology opens up an opportunity for designing and delivering a range of products and services which were hitherto not available in the traditional mode. Banks have initiated the process of interconnecting their branches and offsite delivery channels, paving way for customer expectations to undergo a dramatic change. The increased competition has forced banks to invest in technology for centralization of processing, which has led to providing ease in banking. Banks are moving towards providing internet banking to customers, which can not only be used for enquiry but also for transaction initiation.
Niyamas Solution
Niyamas WorkeZ  for banking (transaction and workflow management suite using PKI & XML)

While public key infrastructure (PKI) systems can offer authentication in transactions using computers or handheld devices or even in e-commerce transactions, Niyamas does the same for banks by setting up a common PKI framework to verify online trading partners' electronic identities.

The greatest obstacle to e-business in the financial service sector is the lack of trust and security over existing and evolving infrastructures. For e-business transactions to flourish, all parties involved in transactions and communications must be able to confirm the unique and irrefutable digital identity of each participant before relying on that information to make a commercial transaction.

How can banks create an environment of trust? How can they be sure that the party performing a transaction over the Internet is who he claims to be? For normal, lower value e-business transactions, such as purchasing a book, the customer usually identifies himself by using a personal Identification Number (PIN) code or password, and it is reasonably safe to assume that the customer is who he claims to be.

But when it comes to making high-value transactions, such as setting up an online cash management system, even for the so called online banking systems or procuring supplies through the Internet, there is too much at stake in simply trusting someone just because he gave the correct PIN or the correct username and password. Developing systems that are able to provide firm authentication of customers, suppliers and other parties has therefore become a major challenge. Public key infrastructure (PKI) systems have surfaced as the solution to provide trustworthy identities.

PKI provides an electronic identity to a person through the issuance of a digital certificate and a private cryptographic key, usually stored in a secure media such as a smart card or an i-key or even a floppy disk. The person could make use of the identity to digitally sign documents or transactions.
 

Flexibility and inter-operability
From a technology standpoint, Niyamas sets up the technology standards to be deployed for business inter-operability. Niyamas Tyootelery provides the ability to integrate secure document transfer, by authenticated users, into processes that would otherwise require sending paper documents or computer media by post or courier, gambling on insecure, unreliable file transfers, or paying VAN charges. Secure document and data delivery over Internet enables a wide range of applications and benefits.

When extending payment and other cash management services to corporate customers over the Internet, a level of automation and security is required. Niyamas Tyootelery allows banks to extend their interactive Web-based cash management portals to include interactive and automated delivery of payment files and reports to and from corporate customers.

Again when it comes to corporate clients, channel finance is gaining loads of importance. The idea to use the creditworthiness of the major corporates and providing funding to the channel partners viz suppliers and dealers at spreads better than what the corporate offers but lower than what the channel partners get on their own strength. This turns out to be a win-win situation for everyone involved , the bank, the corporate, and the channel partners. The effort is also towards providing end to end solutions to corporates, capturing even personal banking requirements of its employees, salary accounts of employee's et al. With a proper Public Key Infrastructure in place, transactional backlog can be drastically cut down.

In the case of online banking for users, banks need to have a proper system for authentication of the user. Even though banks have a secure network system for encrypted data transfer, still the user is identified using the typical username/id verification process that is vulnerable to hacking. So implementation of PKI makes sure that the party performing a transaction over the Internet is who he claims to be. Later he cannot deny that he has not done a particular transaction, if he had used his digital certificate.

In today's global economy, the Letter of Credit (LoC) is a key financial instrument that facilitates the settlement of funds for cross-border trade. Using an LoC reduces risks for exporters and importers by interposing their respective banks as trusted third parties. Tower Group estimates the cost of processing a Letter of Credit to lie in the range of $300 to $500; this cost can be reduced considerably if the process is automated. For banks, the cost is even greater. Aside from the traditionally low profit margins associated with processing LoCs, delays can result in poor customer satisfaction and therefore, the perception of inferior customer service. Simply put, today's paper-based LoC processes represent a lose-lose-lose situation for banks, exporters, and importers alike. Trade Finance is predominantly a document management business, often involving substantial manpower costs, and resulting in low profit margins. But it is a critical business for banks; they must offer trade finance services to satisfy the demands of their all-important corporate clients.

So, should local banks invest in PKI? When is the right time to invest in developing the necessary infrastructure? How to go about implementing PKI? The first two questions require an assessment of how PKI could be used to support the banks' current and future e-business solutions. For example, if a bank is looking at implementing a wealth management system for its top-tier clients or a business-to-business fund-transfer system, or have an online banking system in place, PKI may be useful in mitigating the inherent business risks.

Furthermore, the bank may consider choosing Niyamas as the PKI standard, especially if its customers are to transact with customers of other banks. The individual return on investment could vary for different banks depending on the types of e-business solutions they offer. PKI is an infrastructure; in itself, it offers no direct return on investment unless it could add value to other business applications. Thus, an integrated strategy linking the business application development plan, risk management framework and customer relationship management is needed to fully exploit the benefits offered by PKI.

Also, the bank has to decide whether it should implement and operate the PKI itself or outsource it to a trusted third party. The benefits of outsourcing include lower upfront investment and implementation risks, and shorter time-to-market.

The required technology infrastructure and business processes need not be created from scratch. We offer a quick and affordable way for banks to implement PKI, with the boost for their business initiatives.

One notable aspect of this system is the network externality effect. Similar to the fax or the telephone, the value that Niyamas provides increases with the number of participants. As more banks join Niyamas, more customers will benefit from the business inter-operability and trust framework provided by the Niyamas system; and this will induce even more customers, their trading partners and their banks to join the network.
 
Applications
Financial and Insurance Applications
  • Treasury and cash management
  • Electronic funds transfer (EFT, ACH)
  • Trade finance documentary collection
  • Positive Pay file delivery
  • Escrow and mortgage documents
  • Trust and custodial services
  • Brokerage position updates
  • Credit card and recovery services
  • Insurance claims processing
  • Health insurance member enrollment
Benefits
  • Reduces risk of fraud in electronic fund transfers and other treasury activities.
  • Use of a low-cost public network infrastructure eliminates the need for dedicated leased lines or VPNs.
  • Allows for real-time cash management with strategic banking partners
  • Assures that only specific users can access and execute high-value transactions
  • Integrates easily with legacy systems
Issues surrounding PKI
Through the use of PKI and digital signature, one can prove to a third party or the court that a particular piece of electronic document is authentic and can be traced to the person who has digitally signed the document or transaction. This works because the cryptography and mathematics underlying a PKI system ensure that digitally signed documents cannot be forged. The digital certificate can be thought of as the electronic equivalent of the identification card. Thus, the authority which issues the digital certificates (known as Certificate Authority) must be highly trusted and secure.

Besides security, there are other issues related to PKI - technology, legal framework and standards. The technology for PKI has been around for more than a decade and is relatively mature and a number of countries have introduced legislation to recognize the validity of digital signature.

The lack of commonly accepted industry standards for policies and business practices surrounding PKI is probably the reason why PKI has not yet taken off in a big way. Now, after introduction of IT Laws by many countries has enabled a standard for business transactions. Forums like Asia Pacific PKI Forum allow inter-operability to its digital certifying authority licencees with their counterparts in the member countries of that region. As financial institutions sign on to these policies and business practices, their customers will create an extensive global system of known and trusted businesses. Once certified by a Certification Authority, a trading partner can authenticate any other party with assurance. Even if a trading partner is from another part of the world, the fact that he is a certified member (through the trust relationship with his bank) makes trading viable and reduces the risk of transacting in the global system. By virtue of commonly accepted standards, trading partners will know that:
  • Their transactions are legally binding;
  • They have recourse in the event of a dispute or a potential fraud situation; and
  • They can place legal and practical trust on the electronic identity issued by any Certification Authority