How India's banks killed the future of commerce (opens in new tab)

(blog.cleartrip.com)

130 pointssankara15y ago58 comments

58 comments

42 comments · 10 top-level

radicaldreamer15y ago· 13 in thread

India has a lot of public policy mishaps such as this. It seems that the people making these rules oftentimes don't do adequate research regarding what's feasible for such a large developing, and rapidly changing country.

A couple of other examples: There was recently a rule to limit SMS spam by limiting each cell phone to receive a max of 100 texts per day, there still is a rule where you can't entering the country twice within a certain number of days without getting prior permission, IIT students were arbitrarily limited in the number of hours they could spend online because some administrator thought they should get out more, etc.

radq15y ago

> IIT students were arbitrarily limited in the number of hours they could spend online because some administrator thought they should get out more

Wow, I didn't believe you at first, but it appears to be true. [1][2][3]

They appear to be justifying by claiming, besides that it prevents them from meeting others, that it somehow causes suicide and depression and that it is responsible for falling grades.

Does anyone know if this is still in effect? The most recent article I could find is from 2008.

[1] http://timesofindia.indiatimes.com/city/delhi/IIT-D-follows-...

[2] http://educational-newsflash.blogspot.com/2010/11/restrictio...

[3] http://vikashkablog.blogspot.com/2007/01/internet-ban-in-iit...

spiffworks15y ago

This happens every now and then in most state-run colleges in India. The pattern is like this - some kid who has never been exposed to the internet comes to college and is exposed to high-speed, unlimited internet and gets immediately hooked. He starts skipping class, eventually starts flunking subjects. At the end of his pre-final year, when he has to sit for placements, he realises his situation and then he kills himself. College admins want to appear to have taken action, and internet access is time-restricted. Eventually, of course, sanity prevails, and we get to go through this whole routine all over again. Happened twice during my 4 years in college.

copper15y ago

This was instituted when I was still at IIT because some people just /stopped/ studying, quite literally. I suppose it was a simpler solution than offering counseling for what could (I suppose) be called 'net addiction'. Ahh, memories :)

sankaraOP15y ago

Well they are even planning to remove all ceiling fans: http://www.indianexpress.com/news/iit-to-remove-ceiling-fans...

1 more reply

zaidf15y ago

India is generally conservative about financial issues.

In this case, it puts them on the wrong side. But their conservative approach also shielded India from the banking crisis experienced by US etc.

From http://www.nytimes.com/2009/06/26/business/global/26reddy.ht...

“If America had a central bank chief like Y. V. Reddy, the U.S. economy would not have been such a mess,” Joseph E. Stiglitz, the economist and Nobel laureate, has said.

movingahead15y ago

Being financially conservative is different from making adoption of new technology difficult. Today, Paypal doesn't work in India, the payment gateways are in a horrible mess and the one-time-password rule has given mobile commerce a huge setback. I believe the problem lies in not going into the details of implementation. There is a fine balance between security and usability which has to be maintained. As someone who is looking to start a web startup in India, I am disappointed by how consumer concerns are being ignored and online commerce is becoming more and more difficult here.

1 more reply

pilom15y ago

This is not a conservative approach. This is incredibly progressive! Two-factor authentication (when implemented correctly) is a necessary security measure in the world we live in and more banks should mandate it. Today banks simply would rather pay out for fraudulent charges than have to implement this even though there are incredible externalities for customers when their cards are stolen.

roel_v15y ago

I'm quite willing to be convinced that a conservative monetary system has shielded some countries from certain isssues, but some economist saying so doesn't make it so, not even if he's a famous economist. So some background on the mechanics would be nice.

2 more replies

known15y ago

85% of Indian economy runs on black money because 85% Indians do not have any bank a/c

1 more reply

train_robber15y ago

About the SMS limitation - you got it wrong here, the limit is for sending SMSes with the same text and definitely not for receiving them. There's no limit on the amount of normal SMSes (with different content) you can send in a day.

I think that's a pretty good move, spam SMS is turning into a huge problem here.

pilif15y ago

Buy my awesome product! (token: aa32cdf)

problem solved.

radicaldreamer15y ago

Thanks for the clarification. I'd just skimmed an article summary and wasn't aware of the details of the plan.

statictype15y ago

there still is a rule where you can't entering the country twice within a certain number of days without getting prior permission

This is by far the stupidest immigration policy in a large list of stupid immigration policies that have been passed. I know a lot of people affected by this crap. This affects tourist visas and so, in foreign high commissions, the visa officers will literally tell you how to cheat the system (by applying for a different type of visa, mostly).

IIT students were arbitrarily limited in the number of hours they could spend online because some administrator thought they should get out more

Whippersnappers. Back in my day, we had to cycle out to the nearby village to a cybercafe to get internet access. :)

(I actually graduated just the year before they wired all the rooms)

microarchitect15y ago· 10 in thread

Notice how they made the post on Feb 14, but show only data for Feb 1. Is it really surprising that the first day with the new system saw fewer transactions? Making claims that this move "permanently hobbles India's mobile commerce" based on evidence like this is surely unwarranted.

I really think 3D secure is a good move. All it requires is entering your internet banking password at the time of making the transaction. Is this really so bad for usability?

sandGorgon15y ago

NO - 3D secure is not good for the customers.

the system has no safeguards for vulnerabilities like man-in-the-middle,etc. attacks. Yet it gives credit card companies, the right to deny chargebacks to customers (whose credit card was stolen/hacked) because they can now wash their hands off the matter ("hey only the customer knew the second password... he must have been careless with it, not us")

ahalam15y ago

Man-in-the-middle attack are made less likely because the 3DSecure page where the user is asked to enter a password also contains challenge question that was originally added by the user at the time of setting up 3DSecure for his/her account. The user should be able to recognize that this is not the bank's website when the challenge question is not his/her own.

2 more replies

random4215y ago

> because they can now wash their hands off the matter ("hey only the customer knew the second password... he must have been careless with it, not us")

Seems pretty valid argument to me.

1 more reply

microarchitect15y ago

I think all your points are valid, but they're referring to a different problem - which is how get control back from the banks to the customer about chargebacks. This problems wasn't introduced by 3D secure, it was always there and it was always just as bad. If you want to replace 3D secure with something that's better, I'm all for it, but this post implies that we should get rid of it as well.

AlexandrB15y ago

One time I forgot my "Verified by VISA" password.

I was able to reset it on the spot by providing my birthday and some information from the card (CVV and expiry date iirc). So really the only additional information someone needs to use my card now is my birthday (and that's without even going to the trouble of MITM).

bluesnowmonkey15y ago

And if they have your credit card, they probably have your driver license or other something else with your birthday. Either they stole your purse/wallet, or they're a merchant and could ask to see your ID when you used the card.

RuadhanMc15y ago

3D secure is not very user friendly at all. Most users aren't setup with 3D secure details or have forgotten the necessary details to use it.

Perhaps it's a good idea in principle, much like OpendID, but in the real world it's a pain to use for everyone involved.

msravi15y ago

Agreed. Usability with 3D secure is not bad at all. Breaking the "subscription" model is actually a good thing in the current scenario, where the customer has very little control on when and how he unsubscribes to services, and businesses unscrupulously charge for subscriptions beyond the agreed-on date. This happened recently, when a web hosting provider tried to charge my credit card although I'd canceled - I got an SMS from the bank saying that the charge had not been accepted - how delightful it feels to be in control!

movingahead15y ago

Because there are a few rogue players, should everyone be denied from using a subscription model. How painful will it be to actually subscribe to something and go through this slow painful process every month ?

hessenwolf15y ago

I agree, but that is what I would do if I was an annoyed phisher, blogging about the new security system in my way.

goombastic15y ago· 5 in thread

This is nothing. Every time somebody finds an easier way of doing things, the government and the babucracy finds a way of muscling in and making it as bad as all the earlier options. Some of it is not bad, but others are nuts. I should start a list.

- Vehicles registered in one state cant be used for too long in another state

- Banks have insane policies

- Online electronic tax filing requires that you complete the process in paper format as well. To complete the electronic process you have to send it in by normal snail mail as well. And you cant get acknowledgments.

- Universities don't recognize each other between states

train_robber15y ago

> Vehicles registered in one state cant be used for too long in another state

They can, if you stay for over 6 months you have to pay road tax for the state in which you are residing.

> Universities don't recognize each other between states

Universities are recognized by the Central government not by the states, all recognized universities remain recognized throughout India. (http://en.wikipedia.org/wiki/University_Grants_Commission_%2...)

goombastic15y ago

Welcome to India, experience teaches you more than what the documents tell you. Given the downvotes, I need to explain.

Vehicles why do you even need to pay across multiple states, pay once, get it to run across India. I don't see a justification for state by state rules on how you use your vehicle. Instead you get cop-stopped, you get questioned, and let off by the usual methods, you know which.

Yes, universities are recognized, but I know from experience that some state universities do not recognize courses from the University of Delhi. Been there and lost 2 years fighting the system, the bitterness doesn't go away.

msravi15y ago

> Online electronic tax filing requires that you complete the process in paper format as well. To complete the electronic process you have to send it in by normal snail mail as well. And you cant get acknowledgments.

Well, you certainly can digitally sign your return - then you won't have to send your physically signed copy.

SwaroopH15y ago

Yes but obtaining a digital certificate requires paperwork as well. And not to forget, renewing it every year (or two).

1 more reply

arkitaip15y ago

Upvote simply because of babucracy - that's a great term.

Charuru15y ago· 3 in thread

It seems to me like it was the government that started the whole mess.

copper15y ago

It usually is :) but cleartrip might just be right here to blame the banks. Asking for more secure authentication is a good idea, particularly in India where on more than one occasion, I've had to stop people from writing down my credit card number for "the record".

That transaction volumes decreased on the /first/ day 3-D secure (and now, the one-time password) was implemented is hardly surprising, but I think once customers get used to it it would have returned back to normal.

skrish15y ago

I agree with your point I have found it hard to prevent merchants from writing down credit card numbers(!!!) and these additional layers of security are needed for the market. On the contrary, though I am a regular user of credit / debit cards for online transactions in India - atleast 3-5 times a month, I have found it really hard to use my credit card from the beginning of the month since they introduced the one-time-password.

I have not been able to use my credit card even once since this was introduced due to various reasons - the SMS service that banks are supposed to deliver One-Time-Password is not sent promptly or I do not have a way to get password to authorize even an IVR transaction in time.

It might all work out after initial issues are resolved but so far I find this to be a pain.

1 more reply

Charuru15y ago

Interesting to learn. Thanks!

senthilnayagam15y ago· 1 in thread

I have stopped using credit cards online for over a year, prefer online banking based payments, because it is one username and 2 passwords(authentication, transaction)

I dont like 2 factor authentication, especially with mobile/sms, when I am abroad or travelling, I still can do my transaction

rmjb15y ago

Online banking based payments work just fine for local Indian sites, but I haven't found a way to pay US based businesses without a credit card. The only use I've had for using a credit card has been to pay for AWS and Linode.

JonnieCache15y ago

Reminds me of the law that existed up until recently in south korea mandating that all financial transactions had to be encrypted using ActiveX. Yes. You read that right. It is as mad as it sounds.

http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s#003...

rushabh15y ago

India's systems are generally not designed for the "new entrants" and most of the incumbents design the system with walled gardens to protect themselves.

For a startup like us who have a web based software like basecamp, there is no way we can charge subscription services. Infact no payment gateway exists for us to take credit card payments from Indian customers.

Thanks to PayPal, we can serve international customers much easily. I have a lot of anger against the people who run India's large services as if its an entitlement, without caring for the new entrants.

nakkal15y ago

One reason Government has to come up with restrictions like that is because banks and credit card companies do not protect the consumer in case of card theft unlike here in the US where the customer is liable for only the first $50.

All the fraudulent charges are the customers responsibility.

known15y ago

In India, e-Governance = e-Redtape

trainindia15y ago

I feel this is a good thing!

If you are stupid enough to fail to use and understand the new system, they you wont be able to purchase it.

And thus they will end up avoiding huge credit card debt's like poor Americans.

Also hardly anyone buys from Amazon and only pathetic people buy from apple iTunes.

j / k navigate · click thread line to collapse

58 comments

42 comments · 10 top-level

radicaldreamer15y ago· 13 in thread

radq15y ago

> IIT students were arbitrarily limited in the number of hours they could spend online because some administrator thought they should get out more

Wow, I didn't believe you at first, but it appears to be true. [1][2][3]

They appear to be justifying by claiming, besides that it prevents them from meeting others, that it somehow causes suicide and depression and that it is responsible for falling grades.

Does anyone know if this is still in effect? The most recent article I could find is from 2008.

[1] http://timesofindia.indiatimes.com/city/delhi/IIT-D-follows-...

[2] http://educational-newsflash.blogspot.com/2010/11/restrictio...

[3] http://vikashkablog.blogspot.com/2007/01/internet-ban-in-iit...

spiffworks15y ago

copper15y ago

sankaraOP15y ago

Well they are even planning to remove all ceiling fans: http://www.indianexpress.com/news/iit-to-remove-ceiling-fans...

1 more reply

zaidf15y ago

India is generally conservative about financial issues.

In this case, it puts them on the wrong side. But their conservative approach also shielded India from the banking crisis experienced by US etc.

From http://www.nytimes.com/2009/06/26/business/global/26reddy.ht...

“If America had a central bank chief like Y. V. Reddy, the U.S. economy would not have been such a mess,” Joseph E. Stiglitz, the economist and Nobel laureate, has said.

movingahead15y ago

1 more reply

pilom15y ago

roel_v15y ago

2 more replies

known15y ago

85% of Indian economy runs on black money because 85% Indians do not have any bank a/c

1 more reply

train_robber15y ago

I think that's a pretty good move, spam SMS is turning into a huge problem here.

pilif15y ago

Buy my awesome product! (token: aa32cdf)

problem solved.

radicaldreamer15y ago

Thanks for the clarification. I'd just skimmed an article summary and wasn't aware of the details of the plan.

statictype15y ago

there still is a rule where you can't entering the country twice within a certain number of days without getting prior permission

IIT students were arbitrarily limited in the number of hours they could spend online because some administrator thought they should get out more

Whippersnappers. Back in my day, we had to cycle out to the nearby village to a cybercafe to get internet access. :)

(I actually graduated just the year before they wired all the rooms)

microarchitect15y ago· 10 in thread

I really think 3D secure is a good move. All it requires is entering your internet banking password at the time of making the transaction. Is this really so bad for usability?

sandGorgon15y ago

NO - 3D secure is not good for the customers.

ahalam15y ago

2 more replies

random4215y ago

> because they can now wash their hands off the matter ("hey only the customer knew the second password... he must have been careless with it, not us")

Seems pretty valid argument to me.

1 more reply

microarchitect15y ago

AlexandrB15y ago

One time I forgot my "Verified by VISA" password.

bluesnowmonkey15y ago

RuadhanMc15y ago

3D secure is not very user friendly at all. Most users aren't setup with 3D secure details or have forgotten the necessary details to use it.

Perhaps it's a good idea in principle, much like OpendID, but in the real world it's a pain to use for everyone involved.

msravi15y ago

movingahead15y ago

hessenwolf15y ago

I agree, but that is what I would do if I was an annoyed phisher, blogging about the new security system in my way.

goombastic15y ago· 5 in thread

- Vehicles registered in one state cant be used for too long in another state

- Banks have insane policies

- Universities don't recognize each other between states

train_robber15y ago

> Vehicles registered in one state cant be used for too long in another state

They can, if you stay for over 6 months you have to pay road tax for the state in which you are residing.

> Universities don't recognize each other between states

goombastic15y ago

Welcome to India, experience teaches you more than what the documents tell you. Given the downvotes, I need to explain.

msravi15y ago

Well, you certainly can digitally sign your return - then you won't have to send your physically signed copy.

SwaroopH15y ago

Yes but obtaining a digital certificate requires paperwork as well. And not to forget, renewing it every year (or two).

1 more reply

arkitaip15y ago

Upvote simply because of babucracy - that's a great term.

Charuru15y ago· 3 in thread

It seems to me like it was the government that started the whole mess.

copper15y ago

skrish15y ago

It might all work out after initial issues are resolved but so far I find this to be a pain.

1 more reply

Charuru15y ago

Interesting to learn. Thanks!

senthilnayagam15y ago· 1 in thread

I have stopped using credit cards online for over a year, prefer online banking based payments, because it is one username and 2 passwords(authentication, transaction)

I dont like 2 factor authentication, especially with mobile/sms, when I am abroad or travelling, I still can do my transaction

rmjb15y ago

JonnieCache15y ago

Reminds me of the law that existed up until recently in south korea mandating that all financial transactions had to be encrypted using ActiveX. Yes. You read that right. It is as mad as it sounds.

http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s#003...

rushabh15y ago

India's systems are generally not designed for the "new entrants" and most of the incumbents design the system with walled gardens to protect themselves.

nakkal15y ago

All the fraudulent charges are the customers responsibility.

known15y ago

In India, e-Governance = e-Redtape

trainindia15y ago

I feel this is a good thing!

If you are stupid enough to fail to use and understand the new system, they you wont be able to purchase it.

And thus they will end up avoiding huge credit card debt's like poor Americans.

Also hardly anyone buys from Amazon and only pathetic people buy from apple iTunes.

j / k navigate · click thread line to collapse