Most Common Security Threats for Cloud Services

Cloud computing continues to transform the way organizations use, store, and share data, applications, and workloads. It has also introduced a host of new security threats and challenges. As more data and applications are moving to the cloud, the security threat also increases.

With so much data residing in the cloud — public cloud, these services have become natural targets for cyber security attacks.

The main responsibility for protecting corporate data in public cloud lies not with the service provider but with the cloud customer.  Enterprise customers are now learning about the risks and spending money to secure their data and applications.

Build Highly Resilient Web Services

Digitization has led to new business models that rely on web services. Digital banks, payment gateways & other Fintech services are now available only on web. These web services need to be highly resilient with uptime of greater than 99.9999%

Building such high resilient Web services essentially boils down to seven key components:

High Resilient IT Infrastructure: 
All underlying IT infrastructure (Compute, Network & Storage) is running in HA mode. High availability implies node level resilience and site level resilience. This ensures that a node failure or even a site failure does not bring down the web services.

Data Resilience:
All app related data is backed up in timely snapshots and also replicated in real time in multiple sites - so that data is never lost and RPO, RTO is maintained at "Zero"
This ensures that Data Recovery site is always maintained as an active state.

Application Resilience:
Web Applications have to be designed for high resilience. SOA based web apps, container apps are preferred than large monolith applications.

Multiple instances of the application should be run behind a load balancer - so that workload gets evenly distributed. Load balancing can also be done across multiple sites or even multiple cloud deployments to ensure web apps are always up and running.

Application performance monitoring plays an important role to ensure apps are available and performing as per required SLA. Active Application Performance Management is needed to ensure customers have good web experience.

Security Plan: 
Security planning implies building in security features into the underlying infrastructure, applications & data. Security plan is a mandatory and must be detailed enough to pass security audits and all regulatory compliance requirements.
Software-Defined-Security is developed based on this security plan and this helps avoid several security issues found in operations.
Security plan includes security policies like: encryption standards, access control, DMZ etc.

Security operations: 
Once the application is in production, the entire IT infrastructure stack must be monitored for security. There are several security tools for: Autonomous Watchdogs, Web Policing, web intelligence, continuous authentication, traffic monitoring, endpoint security & user training against phishing.
IT security is always an ongoing operation and one must be fully vigilant of any security attacks, threats or weaknesses.

IT Operations Management:
All web services need constant monitoring for Availability & Performance. All IT systems that are used to provide a service must be monitored and corrective actions, proactive actions need to be taken in order to keep the web applications running.

DevOps & Automation:
DevOps & automation is a lifeline of web apps. DevOps is used for all system updates to provide a seamless, non disruptive upgrades to web apps.  DevOps also allows new features of web apps be tested in a controlled ways - like exposing new versions/capabilities to select group of customers and then using that data to harden the apps.

Closing Thoughts

High resilient apps are not created by accident. It takes a whole lot of work and effort to keep the web applications up and running at all times. In this article, I have just mentioned 7 main steps needed to build high resilience web applications - but there are more depending on the nature of the application and business use cases, but these seven are common to all types of applications.

5 Aspects of Cloud Management

If you have to migrate an application to a public cloud, then there are five aspects that you need to consider first before migrating.

1. Cost Management
Cost of public cloud service must be clearly understood and charge back to each application must be accurate. Lookout for hidden costs and demand based costs - as these can burn a serious hole in your budgets.

2. Governance & Compliance
Compliance to regulatory standards is mandatory. In addition you may need additional compliance requirements. Service providers must proactively adhere to these standards.

3. Performance & Availability
Application performance is the key. Availability/Up time of underlying infrastructure and performance of IT infrastructure must be monitored continuously. In addition, application performance monitoring both direct methods and via synthetic transactions is critical to know what customers are experiencing

4. Data & Application Security
Data security is a must. Data must be protected against data theft, Data loss, data unavailability. Applications must also be secured from unauthorized access and DDoS attacks. Having an active security system is a must for apps running on cloud.

5. Automation & Orchestration
Automation for rapid application deployment via DevOps, rapid configuration changes and new application deployment is a must. Offering IT Infrastructure as code enables flexibility for automation and DevOps. Orchestration of various third party cloud services and ability to use multiple cloud services together is mandatory. 

AI for IT Infrastructure Management

AI is being used today for IT Infrastructure management. IT infrastructure generates lots of telemetry data from sensors & software that can be used to observe and automate. As IT infrastructure grows in size and complexity, standard monitoring tools does not work well. That's when we need AI tools to manage IT infrastructure.

Like in any classical AI system, IT infrastructure management systems also has 5 standard steps:

1. Observe: 
Typical IT systems collect billions of data sets from thousands of sensors, collecting data every 4-5 minutes. I/O pattern data is also collected in parallel and parsed for analysis. 

2. Learn:
Telemetry data from each device is modeled along with its global connections, and system learns each device & application  stable, active states, and learns unstable states. Abnormal behavior is identified by learning from I/O patterns & configurations of each device and application.

3. Predict: 
AI engines learn to predict an issue based on pattern-matching algorithms. Even application performance can be modeled and predicted based on historical workload patterns and configurations

4. Recommend: 
Based on predictive analytics, recommendations are be developed based on expert systems. Recommendations are based on what constitutes an ideal environment, or what is needed to improve the current condition

5. Automate: 
IT automation is done via Run Book Automation tools – which runs on behalf of IT Administrators, and all details of event & automation results are entered into an IT Ticketing system

5 Reasons for All Flash vSAN Storage

1. High Performance  
All flash vSAN with a mix of NVMe, SAS SSD allows for superior input/output operations per second (IOPS) performance needed for all enterprise workloads. vSAN 6.7 can give  more than 500K IOPS with sub-millisecond read/write latency.  When compared to   spinning disks storage systems, all-flash vSAN system wins in all performance benchmarks.

2. Enterprise-class capability & Capacity
VSAN now provides all enterprise class storage performance and security such as Encrption, DeDupe, Compliance with all major standards: PCI-DSS, HIPPA, DISA, STIG, FedRAMP etc. Along with vRealize, vSAN can used for all data center automation functions to quickly provision storage, storage insights, storage resource management etc.

3. Guaranteed availability and resiliency
vSAN storage can deliver 99.9999 percent availability. All flash vSAN delivers high availability and high resilience with vSphere HA, Stretched clusters, Smart Rebuild/Rebalancing  to ensure highest data integrity.

4. Run multiple workloads 
High cluster level storage performance allows users to run multiple enterprise apps within the same cluster. Moreover, vSAN is now certified to run SAP HANA, Oracle, MS-SQL etc. This gives IT admins the confidence to run all mission critical IT apps in vSAN.  In addition to standard block storage services, vSAN with NexentaConnect can provide high-performance NFS file services - to provide unified storage solution.

5. DR & Data protection optimizes all-flash storage
Backup and recovery is always one of the highest IT priorities. VMware tools such as vSphere and other 3rd part tools provide enterprises the highest data protection. vSphere Replication, Rapid Array replication across stretched clusters, Storage vMotion etc., leverage all-flash storage best in class data protection. 

Popular AI Programming Tools

AI & Robotics based automation market is expected to cross $153 Billion by 2020. 

Majority of this value is coming from robotics, and Robotics Process Automation (RPA) which is essentially based on AI technologies.

Here I compiled a list of popular AI programming tools. Most of AI tools are a set of libraries built in Python. In fact python is the number-1 programming language for AI, and in addition to Python, you can use other tools listed below:

Software Defined Security for Secure DevOps

Core idea of DevOps is to build & deploy more applications and do that a whole lot faster. However, there are several security related challenges that needs to be addressed before a new application is deployed.

Software Defined Security addresses this challenge of making applications more secure - while keeping pace with business requirements for a DevOps deployment.

The fundamental concept of software defined security is the codify all security parameters/requirements into modules - which can be snapped on to any application. For example, micro segmentation, data security, encryption policies, activity monitoring, DMZ security posture etc are all coded into distinct modules and offered over a service catalog.

A small team of security experts can develop this code, review & validate it and make these security modules generally available for all application developers.

Application developers can select the required security modules at the time of deployment. This gives tremendous time to deployment advantage as it automates several security checks and audits that are done before deployment.

Security code review & security testing is done once at the security module level and thus individual security code review of each application can then be automated. This saves tremendous amount of time during application testing time - leading to faster deployment.

Software security is ever changing, so when a new standard or a security posture has to be modified, only the security modules are changed and applications can pick up the new security modules - thus automating security updates on a whole lot of individual applications. This leads to tremendous effort saving in operations management of deployed apps.

How to select uses cases for AI automation

AI is rapidly growing and companies are actively looking at how to use AI in their organization and automate things to improve profitability.

Approaching the problem from business management perspective, the ideal areas to automate will be around the periphery of business operations where jobs are usually routine, repetitive but needs little human intelligence - like warehouse operators, metro train drivers etc., These jobs follow a set pattern and even if there is a mistake either by human operator or by a robot - the costs are very low.

Business operations tends to employ large number of people with minimum skills and use lots of safety systems to minimize costs of errors. It is these areas that are usually the low hanging fruits for automation with AI & robotics..

Developing an AI application is a lot more complex, but all apps have 4 basic steps:
1. Identify area for automation: Areas where automation solves a business problem & saves money

2. Identify data sources. Automation needs tones of data. So one needs to identify all possible sources of data and start collecting & organizing all the data

Once data is collected, AI applications can be developed. Today, there are several AI libraries and AI tools to develop new applications. My next blog talks about all the popular AI application development tools.

Once an AI tool to automate a business process is developed, it has to be deployed, monitored and checked for additional improvements - which should be part of regular business improvement program.

Fintech & Rise of Digital Banks

All around the world, we are seeing a new class of banks: The digital banks. These fintech pioneers are redefining the banking industry by connecting with a new generation of mobile-first consumers.

Digital banks are an online only version of a normal bank offering Savings, Checking Accounts with payment, deposit and withdrawal services – but only through web: PC & Mobile devices.

Proving low cost banking services to a new class of customers: People who are highly mobile, tech savvy and unbanked!

Digital banks offer three main services:

1. Payment Gateways

• A seller service, often provided by e-commerce store or e-commerce enabler
• Authorizes a credit card or online transfer to merchants & businesses
• A virtual Point-of-Sale terminal for online businesses

2. E-Wallets

• Mobile App used to make payments to other mobile wallets
• Digital wallet can be set up to transfer funds to/from a bank account
• Popular banking tool for unbanked.

3. Remittances

• International Money transfers between individuals
• Nearly instant money transfers and low fees to lure customers away from traditional banks
• Uses Bitcoin or crypto currencies to avoid regulatory authorities

Digitalization of Banks and How Blockchain Helps

The core of challenges faced by banking industry today are: Time taken to complete a transaction, Securing customer and bank’s internal data, Compliance with regulations & Fraud detection & prevention.

All these challenges are essentially data & compute related. Once we understand the core data issues, solving them is relatively easy. Blockchain technology is a great solution to solve many of the current banking challenges.

Popular Programming Languages for Data Analytics

Data analysis is becoming very important and an exciting field to work in. To become a data scientist, one need to have advanced mathematical skills, advanced statistical and real world programming ability. In addition of C/C++ & Java, there are several programming languages that are designed for data analysis.

I have listed down the most popular programming languages for data analysis.

How AI Tools helps Banks

In the modern era of the digital economy, technological advancements in Machine Learning (ML) and Artificial Intelligence (AI) can help banking and financial services industry immensely.

AI & ML tools will become an integral part of how customers interact with banks and financial institutions. I have listed 8 areas where AI tools will have the greatest impact.

Build Modern Data Center for Digital Banking

Building a digital bank needs a modern data center. The dynamic nature of fintech and digital banking calls for a new data center which is  highly dynamic, scalable, agile, highly available, and offers all compute, network, storage, and security services as a programmable object with unified management.

A modern data center enables banks to respond quickly to the dynamic needs of the business.
Rapid IT responsiveness is architected into the design of a modern infrastructure that abstracts traditional infrastructure silos into a cohesive virtualized, software defined environment that supports both legacy and cloud native applications and seamlessly extends across private and public clouds .

A modern data center can deliver infrastructure as code to application developers for even
faster provisioning both test & production deployment via rapid DevOps.

Modern IT infrastructure is built to deliver automation - to rapidly configure, provision, deploy, test, update, and decommission infrastructure and applications (Both legacy, Cloud native and micro services.

Modern IT infrastructure is built with security as a solid foundation to help protect data, applications, and infrastructure in ways that meet all compliance requirements, and also offer flexibility to rapidly respond to new security threats.

Product Management - Managing SaaS Offerings

If you are a product manager of a SaaS product, then there additional things one needs to do to ensure a successful customer experience - Manage the cloud deployment.

Guidelines to choosing the best data center or cloud-based platform for a SaaS offering

1. Run the latest software. 

In the data center or in the IaaS cloud, have the latest versions of all supporting software: OS, hyper visors, Security, core libraries etc., Having the latest software stack will help build the most secure ecosystem for your SaaS offerings.

2. Run on the latest hardware. 

Assuming you're running on your data center, run the SaaS application on the latest servers - like HPE Proliant Gen-10 servers to take advantage of the latest Intel Xeon processors. As of mid-2018, use servers running the Xeon E5 v3 or later, or E7 v4 or later. If you use anything older than that, you're not getting the most out of the applications or taking advantage of the hardware chipset.

3. Optimize your infrastructure for best performance.

Choose the VM sizing (vCPU & Memory) for the best software performance. More memory almost always helps. Yes, memory is the lowest hanging of all the low-hanging fruit. You could start out with less memory and add more later with a mouse click. However, the maximum memory available to a virtual server is limited to whatever is in the physical server.

4. Build Application performance monitoring into your SaaS platform

In a cloud, application performance monitoring is vital in determining customer experience. Application performance monitoring had to be from a customer perspective - i.e., how customers experience the software.

This implies constant Server, Network, Storage performance monitoring, VM monitoring, application performance monitoring via synthetic transactions.

Application performance also determines the location of cloud services. If  customers are in East coast - then servers/datacenters should be in east coast. Identify where customers are using the software and locate the data centers closer to customer, to maximize user experience.

5. Build for DR and Redundancy

SaaS operation must be available 24x7x365. So every component of SaaS platform must be designed for high availability (multiple redundancy) and active DR. If the SaaS application is hosted on big name-brand hosting services (AWS, Azure, Google Cloud etc) then opt for multi-site resilience with auto fail over.

6. Cloud security

Regardless of your application, you'll need to decide if you'll use your cloud vendor's native security tools or leverage your own for deterrent, preventative, detective and corrective controls. Many, though not all, concerns about security in the cloud are overblown. At the infrastructure level, the cloud is often more secure than private data centers. And because managing security services is complex and error-prone, relying on pre-configured, tested security services available from your cloud vendor may make sense. That said, some applications and their associated data have security requirements that cannot be met exclusively in the cloud. Plus, for applications that need to remain portable between environments, it makes sense to build a portable security stack that provides consistent protection across environments.

Hybrid SaaS Offering

Not all parts of your SaaS application can reside in one cloud. There may be cases where your SaaS app runs on one cloud - but pulls data from other cloud. This calls for interconnect between multiple cloud services from various cloud providers.

In such hybrid environment, one need to know how apps communicate and how to optimize such a data communications. Latency will be a critical concern and in such cases, one needs to build in a cloud interconnect services into the solution.

Cloud Interconnect: Speed and security for critical apps

If the SaaS App needs to access multiple cloud locations, you might consider using a cloud interconnect service. This typically offers lower latency and when security is a top priority, cloud interconnect services offer an additional security advantage.

Closing Thoughts

SaaS offerings has several unique requirements and needs continuos improvements. Product managers need to make important decisions about how the applications  are hosted in the cloud environment and how customers experience it. Making the right decisions gives the results for a successful SaaS offering.

Finally, measure continuously. Measure real-time performance, after deployment, examining all relevant factors, such as end-to-end performance, user response time, and individual components. Be ready to make changes if performance drops unexpectedly or if things change. Operating system patches, updates to core applications, workload from other tenants, and even malware infections can suddenly slow down server applications.

Key Technologies for Next Gen Banking

Digital Transformation is changing they way customers interact with banks. New digital technologies are fundamentally changing banks from being a branch-centric human interface driven to a digital centric, technology interface driven operations. 

In next 10 years, I predict more than 90% of existing branches will close and people will migrate to digital banks. In this article, I have listed out 6 main technologies needed for next gen banking - aka the Digital Bank.

1. MobileMobile Apps is changing how customers are interacting with bank. What started as digital payment wallets, mobile banking has grown to offer most of the banking services: Investments, Account management, Lines of credit, International remittances etc., providing banking services anywhere, anytime!

2.Cloud & API

Mobile banking is built on cloud services such as Open API & Microservices. Open API allows banks to interact with customers and other banks faster. For example, Open API allows business ERP systems to directly access bank accounts and transfer funds as needed. Open API allows banks to interact faster, transfer funds from one back to another etc. In short Cloud technologies such as Open API and microservices are accelerating interactions between banks, and banks & customers, thus increasing the velocity of business.

3. Big Data & Analytics

Big data and analytics are changing the way banks reach out to customers, offer new services and create new opportunities. Today banks have tremendous access to data: Streaming data from websites, cloud services, mobile data and real time transaction data. All this data can be analyzed to identify new business opportunities - micro credit, Algorithmic trading etc.

4. AI & ML

Advanced analytical technologies such as AI & ML is increasingly being used to detect fraud, identify hidden customer needs and create new business opportunities for banks. Though these technologies are still in their early stages, it will get a faster adaption and become main stream in next 4-5 years.

Already, several banks are using AI tools for customer support activities such as chat, phone banking etc.

5. Biometrics & security.

As velocity of transactions increases, Security is becoming vital for financial services. Biometric based authentication, Stronger encryption, continuous real time security monitoring enhances security in a big way.

6. Block chain & IoT

IoT has become mainstream. Banks were early adapters of IoT technologies: POS devices, CCTV, ATM machines, etc.  Block chain technology is used to validate IoT data from retail banking customers. This is helping banks better understand customers and tailor new offerings to create new business opportunities.

Bitcoin Hype has ended: What's Next? Answer is Corda!

Bitcoin and Blockchain A number of things have come to pass since 2016.  post (below the line) including Bitcoin forking in order to increase transaction speed. This happened suddenly, after what appears to be a reversal of policy by China whose companies control 80% and all 5 of the largest bitcoin "mining pools."

Chinese companies blocked bitcoin forking for an extended period except Alibaba's ANTpool. Suddenly all five approved the XT and then Classic fork and voila. What happened? We can only speculate, however it appears the Chinese government decided it was better to control Bitcoin than attempt to block it. So yes, Bitcoin is a "distributed" governance model but make no mistake that Bitcoin governance stops in Beijing.

What is Corda?

Corda is a blockchain platform built for business. Corda removes costly friction in business transactions by enabling businesses to transact directly. Using smart contract and blockchain technology, Corda allows existing business networks to reduce transaction and record-keeping costs and to streamline business operations. Corda enables an interoperable, open network that empowers organisations to collaborate and transfer value directly with trust. Corda achieves this with complete privacy in a freely available open source software platform.

Corda can be deployed on Generic x86 Servers

Data Analytics for Competitive Advantage

Data Analytics is touted as 'THE" tool for competitive advantage.

In this article, I have done a break down of data analytics into its three main components and further listed down various activities that are done in each category.

Three Main Components of Data Analytics

1. Data Management
2. Standard Analytics
3. Advanced Analytics

Data Management

Data Management forms the foundation of data analytics.  About 80% of efforts & costs are incurred in data management functions. The world of data management is vast and complex, it consists of several activities that needs to be done:

1. Data Architecture
2. Data Governance
3. Data Development
4. Data Security
4. Master Data Management
5. Metadata Management
6. Data Quality Management
7. Document & Content Management
8. Database & Data warehousing Operations

Standard Analytics

Standard Analytics is what most businesses have been doing for a long time now. Standard business reporting, Alerts etc., There are several standard analytics functions that business needs for day-to-day activities.

1. Standard Reporting

2. Ad hoc queries

3. Data filtering

4. Alerts

5. Clustering

6. Trend Forecasting

7. Statistical Analysis

Advanced Analytics

Advanced Analytics is what getting all the attention. Big data & analytics using modern algorithms such as Map Reduce. In addition to big data, Advanced analytics includes newer technologies such as AI, ML, RPA etc.

1. Predictive Analytics

2. Prescriptive Techniques

3. Operations Optimization 

4. Simulation Modelling 

5. Machine Learning

6. Artificial Intelligence

7. Robotic Process Automation

8. Deep Learning

Closing Thoughts 

It often assumed that advanced analytics gives competitive advantage. While this statement is TRUE, the foundation of business analytics is in data management and basic analytics - without which advanced analytics will not provide the desired competitive advantages.

One must also note that the level of complexity, costs, and efforts increase exponentially as one moves to advanced analytics. New investments are needed in terms of newer IT infrastructure, software tools, people skills and talent. So companies must be ready to invest to get competitive advantage.

Rise of Robo-Advisors!

Robo-advisor  brings down the cost of such services to those investors who otherwise couldn't afford.

Lower cost plus rapid execution of trades based on algorithm gives better results. No wonder people are moving to robot advisors.

Current State of Digital wallets in India

This article is a follow up to my previous blogs and revisit the impact of demonetization on small businesses and common man.

It has been 18 months since demonetization and surprisingly, at the street level, India still remains a predominantly cash economy. Only the major industries have moved towards a complete digital economy for a vast majority of their transactions. 

Indian digital wallet companies mainly consists of numerous startups such as Paytm, Mobikwik, and Oxigen Services, etc. These startups along with Airtel and Jio, the two major telecom service providers have played a major role in moving the Indian economy towards digitization and the industry has crossed Rs 12,000 crores of transactions per year in 2017!

While this is a significant number, year 2018 does not seem to be a smooth sailing and I suspect year 2018 will turn out to be a very tough year for digital wallets. 

What Changed?

RBI (Reserve Bank of India) imposed one major guideline for Digital wallet services to fulfill their KYC (know your customer) information & February 28, 2018 was the deadline.

This directive unnerved India's unorganized sector and refused to cooperate and many users were willing to move away from Digital wallets back to cash based transactions. As of march 2018, only 10% of the total customers in the digital wallets industry had submitted their KYC information (which was to link their Aadhar card with the account - by providing biometric information).

This implies that nearly 90% of existing customers were willing to walk away from digital wallets!

A 90% loss in customer base can kill the industry.

But on the ground, things are really not that bad. Though 90% of customers walked away, the total volume of transactions fell by 21.3% and the total value of transactions fell by 16.7% only.

This implies that there is a strong silver lining to the dark clouds and digital wallets companies can continue to grow only if they innovate and develop newer services.

Opportunity Ahead

As per information released by the RBI, the effect of demonetization was at its peak in January 2017 and the overall number of transactions via digital wallet during this period was reportedly about 295.5 million. Despite such a significant rise in digital wallet transactions, the percentage of transactions used for purposes of buying goods and services remained at just about 29 percent, at around 86.8 million transactions and only a minor percentage of all transactions conducted with digital wallets, was used for the purpose of purchasing goods and services.

Digital wallets has now become the first step in formal banking for a whole new generation of customers. For Several young adults, a digital wallet is their first bank account!

It is the nature of this India customer base, which results in such a high skew of the results: 90% drop in customer base results in only 16.7% drop in transaction value. This implies that most customers had very little transactions.

Small & kirana business have returned to cash

Small & kirana business, especially those in small towns and rural areas adapted digital wallets in the initial days on demonetization and now have returned to cash - mainly because of high transaction costs. PayTm charges 3% transaction fees to transfer funds from PayTm account to a regular bank account. 

Majority of small & kirana businesses do less than Rs 2000 of sales per day, and paying 3% transaction fees was unacceptable for small businesses!

eCommerce accounts for a tiny fraction of retail sales

eCommerce accounts for just 2-4% of Indian retail, and only 8% of Indian retail sales happens through organized retailers (such as Big Bazaar, Reliance Retails etc). 

This means that nearly 90% of retail sales is still happening over cash and there is a good opportunity for Indian Digital wallets to win them over - only if the transaction fees are eliminated.

Impact of UPI

UPI or Unified Payments Interface developed by the NPCI. 

The disruptive effect of digital wallets was met with a rapid and effective response by the banks; they quickly launched their own mobile wallets. SBI came up with SBI Buddy, HDFC Bank launched PayZapp, and ICICI Bank offered ICICI Pockets digital wallet - all powered by UPI. 

UPI permitted real time money transfer from one bank to another via mobile phones.

This new payment interface was not available in Digital wallets and that has hindered Indian digital wallets.

Future for Indian Digital Wallets

Year 2018 will be marked as the year of "crossing the chasm" for most digital wallet providers. Companies that can innovate and offer lower cost services (when compared to traditional banks), will ultimately win the battle against use of cash for transactions.

Indian Digital wallet providers must provide an alternate banking model that is affordable, transparent & help customers from financial standpoint.

In Indian context, Indian Digital wallet providers may also have to enable independent agents to work/operate as a human interface with whom customers can talk/call/interact when they have problems. A pure 100% online bank cannot win small business owners - many of them are not fully literate or knowledgeable in digital banking terms/technology.

Use of local agent also helps in onboarding new customers, getting their KYC details and initiating new customers into the world of digital banking.

Indian Digital wallet providers have to innovate beyond payment banks and offer a whole suite of banking services - either directly or via partnering with existing banks, while keeping a sharp focus on winning Indian small businesses and kirana stores. For example offer Peer-to-peer lending services (like Monex), offer investments services: Mutual Funds, Debt funds and government investment schemes etc.

Indian Digital wallet providers have to create a completely branchless experiences. Digital wallet companies need to move beyond mobiles and embrace web banking services and offer value added services - such as international money transfers: Global money remittances, insurance, GST filing, tax planning, etc.

Lastly, Indian Digital wallet providers have to embrace cash! Customers should be able to convert their money in digital wallets into cash without transaction fees.  Though this sounds counter intuitive, there are customers who need cash for their daily living - for example: to buy a bus ticket in DTC or BMTC busses, To pay traffic fines, To pay for postal stamps, etc. There are thousands of areas where government agencies do not accept anything but cash.

Closing Thoughts 

From a business perspective, Indian mobile wallets sector is currently fighting to survive and overcome its hardest phase. The industry has to innovate and continue fighting

I believe that the effect of the KYC mandate on the digital wallet industry is limited. Over the long term, the mandate will prove to be advantageous and enable them to be more competitive with the current banking systems. New innovations will solve the problems of interoperability between different payment banks, debit/credit cards and banks.

Digital wallet industry will emerge from this crisis stronger and better. 


Read more at:

https://economictimes.indiatimes.com/articleshow/62229424.cms?
https://inc42.com/buzz/mobile-wallets-drop-users-full-kyc-rbi/
==