Mobile banking is increasingly being explored in India for online payment purposes. Realising the importance of this issue, the Telecom Regulatory Authority of India (TRAI) has issued regulations in this regard through Notification No. 305-27/2011-QoS, dated 17th April, 2012.
The same are known as Mobile Banking (Quality of Service) Regulations, 2012 and they have been issued by TRAI in exercise of the powers conferred by section 36 read with sub-clauses (i) and (v) of clause (b) of sub-section (1) of section 11 of the Telecom Regulatory Authority of India Act, 1997 (24 of 1997). They shall come into force from the date of their publication in the Official Gazette.
2. Definitions.― In these regulations, unless the context otherwise requires,-
(a) “Access Providers” includes the Basic Telephone Service Provider, Cellular Mobile Telephone Service Provider and Unified Access Service Provider;
(b) “Act” means the Telecom Regulatory Authority of India Act, 1997 (24 of 1997);
(c) “Authority” means the Telecom Regulatory Authority of India established under sub section (1) of section 3 of the Act;
(d) “Banking services” means the services provided by the bank to its customer;
(e) “Cellular Mobile Telephone Service”,--
(i) Means telecommunication service provided by means of a telecommunication system for the conveyance of messages through the agency of wireless telegraphy where every message that is conveyed thereby has been, or is to be, conveyed by means of a telecommunication system which is designed or adapted to be capable of being used while in motion;
(ii) Refers to transmission of voice or non-voice messages over Licensee’s Network in real time only but service does not cover broadcasting of any messages, voice or non-voice, however, Cell Broadcast is permitted only to the subscribers of the service;
(iii) In respect of which the subscriber (all types, pre-paid as well as post-paid) has to be registered and authenticated at the network point of registration and approved numbering plan shall be applicable;
(iv) Includes both Global System for Mobile Communications (GSM) and Code Division Multiple Access (CDMA) Technology;
(f) “Cellular Mobile Telephone Service Provider” means a licensee authorized to provide Cellular Mobile Telephone Service under a licence granted under section 4 of the Indian Telegraph Act, 1885 (13 of 1885), in a specified service area;
(g) “Customer” means a customer of a service provider to whom these regulations apply and includes its consumer and subscriber;
(h) “IVR” or “Interactive Voice Response” means a technology that allows a computer to interact with a person through the use of voice and Dual Tone Multi Frequency keypad inputs;
(i) “Mobile banking” or “m-banking” means delivery of banking services through mobile phones;
(j) “Message” shall have the meaning assigned to it in clause (3) of section 3 of the Indian Telegraph Act, 1885 (13 of 1885);
(k) “Regulations” mean the Mobile Banking (Quality of Service) Regulations, 2012;
(l) “SMS” means a message which is sent through short message service and includes a Multimedia Message which is sent through Multimedia Message Service (MMS);
(m) “STK” or “SIM Application Tool Kit” means a standard of GSM system which enables SIM to initiate actions which can be used for various value added services;
(n) “Subscriber” means a person or legal entity who subscribes to telecom service provided by an Access Provider;
(o) “Unified Access Services”, --
(i) Means telecommunication service provided by means of a telecommunication system for the conveyance of messages through the agency of wired or wireless telegraphy;
(ii) Refers to transmission of voice or non-voice messages over licensee’s network in real time only but service does not cover broadcasting of any messages, voice or non-voice, however, Cell Broadcast is permitted only to the subscribers of the service;
(iii) In respect of which the subscriber (all types, pre-paid as well as post-paid) has to be registered and authenticated at the network point of registration and approved numbering plan shall be applicable;
(p) “Unified Access Service Provider” means a licensee authorised to provide Unified Access Services under a licence granted under section 4 of the Indian Telegraph Act,1885(13 of 1885), in a specified service area;
(q) “USSD” or “Unstructured Supplementary Service Data” means a real-time or instant session-based messaging service;
(r) “WAP” or “Wireless Application Protocol” means an open protocol for wireless multimedia messaging;
(s) All other words and expressions used in these regulations but not defined, and defined in the Indian Telegraph Act, 1885 (13 of 1885) and the Telecom Regulatory Authority of India Act 1997 (24 of 1997) and the rules and other regulations made thereunder, shall have the meanings respectively assigned to them in those Acts or the rules or such other regulations, as the case may be.
3. Mode and Time frame for delivery of message for mobile banking. ―
(1) Every Access Provider, acting as bearer, shall facilitate the banks to use SMS, USSD and IVR to provide banking services to its customers and deliver the message generated by the bank or the customer within the time frame specified in sub-regulation (5).
(2) Every Access provider shall ensure that in case SMS is used for mobile banking transaction, a report confirming the delivery of the message is sent to the customer or the bank, as the case may be:
Provided that every service provider shall, establish, if network permits, through mutual agreement with the bank, a system to ensure that if SMS sent by the bank is not delivered to the customer, the system shall trigger USSD communication to the customer confirming the completion of the transaction.
(3) An Access Provider may allow the bank to use WAP or STK to provide banking services to its customers and shall comply with the time frame for delivery of the messages generated by the customer or the bank specified in sub-regulation (5):
Provided that the Authority may, from time to time, specify any other means of communication and its quality of service parameter for delivery of message.
(4) Every Access provider shall ensure that for availing the banking services such as cash deposit, cash withdrawal, money transfer and balance enquiry, the customer is able to complete the transaction in not more than two stage transmission of message in the case of SMS or not more than two stage entry of options in the case of USSD and IVR.
(5) Every Access Provider shall meet the following time frame for delivery of the messages generated by the customer or the bank relating to banking services provided to the customers, namely:-
1. SMS Response time <= 10 seconds
2. USSD Response time <= 2 seconds
3. IVR Response time <= 10 seconds
4. WAP Response time <= 10 seconds
5. STK Response time <= 10 seconds
Provided that the expiry time for SMS shall be seventy two hours;
Provided further that in the case of an USSD communication triggered by the system referred to in sub-regulation (2), the time frame shall start from the time USSD is triggered by the system.
(6) Every Access Provider shall ensure that if SMS is used for mobile transaction the SMS, sent by the bank, shall be sent as transactional messages through separate telecom resources, as provided in the Telecom Commercial Communications Customer Preference Regulations, 2010 (6 of 2010) dated 1st December, 2010.
(7) The measurement methodology in respect of the means of communication provided in sub-regulation (5) is specified in the Schedule-I.
(8) Every Access Provider shall ensure that the equipments installed in its network are capable of delivering messages within the time frame fixed under sub-regulation (5).
4. Quality of service parameters for m-banking communication. ― (1) The Network Service Quality Parameters for Cellular Mobile Telephone Services as specified in the Standards of Quality of Service of Basic Telephone Service (Wireline) and Cellular Mobile Telephone Service Regulations, 2009 (7 of 2009) shall apply to all m-banking messages.
(2) Every Access Provider shall meet the following customer centric quality of service parameters, namely:-
1. Time taken to deliver error and success confirmation message- 99.5 % within 2 minutes.
2. Transaction update on the system- 100 %
3. Success of delivery of financial transaction messages- 99.5 %
(3) Every Access Provider shall measure its quality of service in respect of each parameter against their benchmark in accordance with the measurement methodology specified in the Schedule-II.
5. Security requirements for m-banking communication. ― (1) Every Access Provider shall protect privacy and security of m-banking communication and ensure the confidentiality of end-to-end encryption, integrity, authentication and non-repudiation of such communication.
(2) The end-to-end encryption, integrity, authentication and non-repudiation of m-banking communication in the network of the Access Provider shall be in accordance with the standards certified by International Telecommunication Union (ITU) or European Telecommunications Standards Institute (ETSI) or Telecommunication Engineering Centre (TEC) or International standardization bodies such as Third Generation Partnership Project (3GPP) or Third Generation Partnership Project 2 (3GPP2) or Internet Engineering Task Force (IETF) or American National Standards Institute (ANSI) or Telecommunications Industry Association (TIA) or Interim Standard (IS) or any other international standard as may be approved by the Central Government.
6. Reporting. ―Every Access provider shall submit to the Authority its compliance reports of benchmarks in respect of each Quality of Service parameter specified under sub regulation (5) of regulation 3 and sub regulation (2) of regulation 4 in such manner and such format, at such intervals and within such time limit, as may be specified by the Authority by an order or direction.
7. Obligation of the Access Providers. ― (1) Every Access Provider shall maintain record of mobile banking messages for six months for audit purposes.
(2) In case the message generated by the customer or the bank, in the process of m-banking transaction is not delivered due to any reason, the Access Provider shall immediately send an error message intimating the non completion of the process to the customer or the bank, as the case may be.
(3) Every Access Provider shall maintain records of every m-banking communication in compliance of time frame for delivery of the messages specified in regulation 3 and benchmark of each of the quality of service parameters specified in regulation 4, in such manner and in such format, as may be specified by direction, by the Authority, from time to time.
(4) The Authority may, if it considers expedient so to do, and to ensure compliance of the provisions of these regulations, at any time, direct any of its officers or employee or any agency appointed by the Authority in this behalf, to inspect the records maintained under sub-regulations (1), (2) and (3).
(5) Every Access Provider shall maintain complete and accurate record of the consumers, using banking service through mobile phones.
8. Interpretation. ― In case of any doubt regarding interpretation of any of the provisions of these regulations, the clarifications issued by the Authority in this regard, shall be final and binding.