RBI OKs Video-based Authentication. But Will Banks Use It?Some Experts Predict Banks May Find the New Process Impractical
The Reserve Bank of India has decided to allow all banks to use remote video-based "know your customer authentication for onboarding new clients. But some observers say many Indian banks may prove reluctant to use video KYC because they lack secure messaging or video conferencing capabilities and many of their potential customers lack smartphones.
See Also: The Global State of Online Digital Trust
In the video approach, customers can use a video chat function, such as Google Duo or Apple FaceTime, to display documents to verify their identity. Right now, the KYC process for onboarding new customers must be done in person, along with Aadhaar-based verification.
India apparently is the first nation to allow video-based KYC, security experts say.
Why Video-based Authentication
In September, the Steering Committee on Fintech submitted a report to Finance Minister Nirmala Sitharaman recommending the use of video-based authentication and the services of the government's DigiLocker, which provides an account in the cloud for accessing relevant documents.
Last June, a committee headed by former Subhash Chandra Garg, former economic affairs secretary, and the expert committee on Micro, Small and Medium Enterprises, headed by UK Sinha, former chairman of the Securities and Exchange Board of India, proposed allowing the video KYC approach.
Based on that recommendation, RBI decided to allow a video-based customer identification process for onboarding, says RBI Chief General Manager Dr. S.K. Kar.
Video-Based Authentication Process
For video KYC, customers will have to display a PAN [Permanent Account Number] taxpayer card or provide an e-PAN - an electronic version of the card - which will be double checked with the issuing authority.
The bank should also verify that the photograph of the customer in the Aadhaar/PAN database matches and that the identification details in Aadhaar/PAN match with the details provided by the customer.
Will It Prove Popular?
Delhi-based Sriram Natarajan, president of Quinte Financial Technologies, a global fintech solutions company, questions whether banks will embrace this initiative because most lack secure messaging or video conferencing capabilities.
"Banks won't like their staff to use their personal mobiles for this purpose, and they would see a big challenge for spoofing fraud, as fraudsters will extract money from gullible consumers who think they are opening a bank account and they will end up giving their cash to fraudsters who will be running dummy video conferencing from fake offices," Natarajan says.
Plus, video KYC is only possible with a smartphone, and less than 30 percent of Indians have a device, he points out. Those that have a smartphone likely already have a bank account, he adds.
The financial services industry will leverage machine learning and artificial Intelligence for customer onboarding using video KYC to help ensure full compliance, Natarajan says.
Banks will have to integrate their applications and websites with a link to initiate the video KYC process, which could create some risks, some security experts say.
Prasanna Lohar, head of IT and digital innovations and DCB Bank, questions whether RBI has considered the risk factors arising from using Google Duo, Apple FaceTime or other applications for video KYC.
"Since banks will integrate their applications and website with the link to initiate the video KYC process, the security controls need to be strong," he stresses.
Privacy advocate Shivangi Nadkarni., CEO of Arrka Consulting, says using applications to access video KYC could open the door to privacy compromises. That's because banks may have access to new customers' location information, and, potentially, their camera, microphone and contact details, she says. (See: Mobile Apps: Privacy Issues in India)
Also, RBI's data localization mandate for banks could create some challenges for in using video applications that are of foreign origin, some experts say.