Centre for Digital Public Infrastructure
english
english
  • THE DPI WIKI
    • 🎉About the DPI Wiki
    • 🔆What is DPI?
    • ✨DPI Overview
    • 📝DPI Tech Architecture Principles
      • 🔗Interoperability
      • 🧱Minimalist & Reusable Building Blocks
      • 💡Diverse, Inclusive Innovation
      • 💠Federated & Decentralised by Design
      • 🔐Security & Privacy By Design
    • 🎯DPI Implementation & Execution Guidance
    • 🆚DPG and DPI
    • ❓What DPI can I build?
    • 🥇First use case for DPI
    • 📘Inputs for designing a DPI informed digital transformation strategy
    • 💰How much does it cost to build DPI?
    • 📢Is my system a DPI?
      • TL; DR - Is my system a DPI?
  • Mythbusters and FAQs
    • 🔯DPI and Mandating Adoption
    • 🔯DPI and Private Competition
    • 🔯DPI and Privacy / Security
    • 🔯DPI and the Digital Divide
  • Technical Notes
    • 🆔Identifiers & Registries
      • Digital ID
        • Capabilities on ID system
        • ID-Auth
        • Face Authentication
        • eKYC/ Identity profile sharing
        • Single Sign On (SSO)
        • QR Code for Offline ID
    • 📂Data Sharing, Credentials and Models
      • A primer to personal data sharing
      • Data standards
      • Verifiable Credentials
      • Building Data Analytics Pipelines
      • eLockers
      • Non-personal Anonymised Datasets
    • 🔏Trust Infra
      • Digital Signatures and PKI
      • eConsent
      • eSign
    • 🛒Discovery & Fulfilment
      • Platforms to Protocols
    • 💸Payments
      • Financial Address
      • Interoperable QR Code
      • Interoperable Authentication
      • Interoperable Bill Payments
      • Cash in Cash Out (CICO)
      • Financial Address Mapper (G2P Connect)
      • G2P Payments
  • Initiatives
    • 🌐DPI advisory
    • 🚀DPI as a Packaged Solution (DaaS)
      • 💡Why do we need DaaS?
      • 🎯DaaS in a nutshell
      • 📦Pre-packaged DaaS kits
      • ♻️Reusable DaaS Artefacts
      • 3️⃣A 3-step process from idea to implementation!
      • 📈Funded DaaS Program overview
      • 👩‍💻Cohort 1: DaaS Offerings
        • Digital authentication
        • Digital credentials
        • ID Account Mapper
      • 🖥️Co-create with us!
      • 💬Upcoming DaaS cohorts
        • Functional Registries
        • AI Assistant
      • ❓FAQs on DaaS
        • Country x DPG MOU /LoI FAQs
        • Ecosystem Participation Terms FAQs
    • 📑DPI Residents Program
    • ⚖️DPI-CPA
    • 💸G2P Connect
    • 📨User Centric Credentialing & Personal Data Sharing
    • ⚕️DPI for Health
    • 🌍Agri Connect (forthcoming)
  • References
    • Glossary
    • Curated Specifications
  • Additional Info
    • 🤝Licensing
    • ✍️Contact Us
Powered by GitBook
On this page
  • Why:
  • What:
  • How:
  • Benefits:
Export as PDF
  1. Technical Notes
  2. Payments

Interoperable Authentication

P2P, P2M

When we speak about ‘authentication’, we are referring to the ‘knowledge layer’. Authentication means the confirmation - of the person as well as transaction. Interoperable, in this context, means standardised. Thus, interoperable authentication means the ability to confirm the transaction in a standardised manner.

Why:

As an economy grows, very often through the nudge provided by the DPI approach, a lot of new fintechs emerge in the market. They offer a variety of services like banks do - such as P2P/P2M payments, loans, bill payments etc. However, they have one stark difference - they are unregulated. This gives them the agility the banks lack to adapt to newer trends and technologies but the unpredictability and volatility of creating systemic risk. Restricting their growth means stumping entrepreneurship and the economy. But letting them run freely, means more money leaving the formal banking system and going into unregulated hands. The solution to preventing both these extremes lies in interoperable authentication.

What:

Through interoperable authentication, the central bank can set out a predefined manner in which transactions have to be validated to ensure that money never leaves the banking system. The payment transaction is processed only once the authentication is received in a standardised manner in the form of a PIN, One time password, biometrics, face authentication etc. The fintechs remain the front end of the user-transaction, but the authentication is collected by the payment switch directly on the backend and settled between the banks themselves.

This solves for both use cases - it prevents money from leaving the formal banking system (goal of the banks) and it prevents users from leaving the fintech application to authenticate themselves (goal of the fintechs).

How:

The authentication page is provided as a standard SDK (software development kit) by the payment switch operator. They publish the page that all fintechs have to use, effectively decoupling this layer from the acquiring application to securely capture sensitive info like PIN, OTP, Biometric data with crypto keys for end financial institution to decrypt and authorise the payment. This SDK is integrated within all fintechs themselves so that while authentication is done on their application, it is done without the oversight of the fintechs. This SDK is mandated and has to be used by every payment application (including the banks themselves).

This creates 3 distinct layers, and thus roles, to every payment transaction:

  1. User layer: handled by fintechs who can create diverse, custom user interfaces to grow their market share

  2. Authentication layer: handled by the payment switch to securely capture private PIN, OTP, Biometric data and verify each transaction

  3. Settlement layer: handled by the banks themselves and settled between each other directly on the backend

Benefits:

  1. Privacy and Security: Enhances trust by allowing individuals to have a standardised experience while authenticating sensitive information and payment transactions across different applications

  2. Reduces systemic risk: by decoupling the verification process from the fintechs, it prevents misuse or leakage of secure pins, password and biometric data

  3. Growth of formal economy: it allows the free economy to grow and thrive with the growth of fintechs while ensuring the money never leaves the formal, regulated sector

PreviousInteroperable QR CodeNextInteroperable Bill Payments

Last updated 1 year ago

💸