sign in sign up
<<
Home , RuPay

Annex I

Scope of Work

The proposal is for purchase of an Electronic funds transfer switching services for enabling transactions such as ATM, RUPAY, UPI, IMPS, etc. through NPCI. The service of is proposed to be utilized in OPEX model. The 24 x 7 x 365 service is to be offered, ensuring seamless transactions for all the latest and innovative gadgets such as ATM, etc. The interface with CBS, establishing connectivity with DC, DR and NDR, testing and certification is included in the scope. The service of the switch shall be utilized for an initial period of 5 years which can be extended for further period on the basis of mutual agreement. The switch vendor should take the responsibility of providing switch updations from time to time as per the stipulations of NPCI, RBI and other related authorities/ agencies. The switch vendor shall allocate adequate manpower to ensure continuous, day to day and timely support 24 x 7 x 365.

Technical Bid Form TECHNICAL REQUIREMENTS

Bidders should offer the solution that is state of the art and which will be supported for a minimum period of 5 years from the date of migration. Deviations in technical specifications may be clearly indicated.

Functional & Technical Specifications:

1. EFT Switch Solution

1. Solution should be compliant to all existing regulatory guidelines GOI/IBA/RBI/NPCI etc. 2. Solution should be compliant with standards and guidelines issue by major interchanges such as Rupay, VISA, Master Card etc. 3. Solution should adhere to requirements of IT Act 2000 and its amendments 4. Solution should adhere to requirements of Payment and Settlement Act 2007 and its amendments. 5. ATM Switch Solution should be EMV/PCI-DSS/PA-DSS Certified 6. Should support EMV (Chip & PIN) compliant with contact and contact-less, for acquiring ATM and POS Transactions 7. Should support Biometric Authentication as per Bank’s existing Biometric System and also Based Biometric authentication (when required) 8. Should be Triple DES compliant 9. Should support PKI based transactions 10. Should support message level encryption (software and hardware based) for entire or selected critical elements in the message such as PIN, Track Data etc. 11. Transaction Security - The system should support measures such as PIN Verification, 3DES Encryption, Key Management, MACing, Key encryption and Masking, Dual HSMs with automatic fallback 12. Solution should provide capabilities to enable biometric, Two Factor Authentication, Secure PIN Based and similar industry standard modes of authentication. 13. Switch must handle any Message Level Interface and should support all Industry standard message formats like ISO 8583, XML etc, for all major ATM machines and POS terminals, Core Banking Systems, Third Party Interface, etc. 14. Switch must handle any Message Level routing based on but not limited to Card Based, Account Based, Institution Code, BIN, Card Range, Message ID, Transaction Type and any other ISO/XML field value. 15. Solution should provide GUI to handle Message Level routing 16. Switch must provide connectivity to various Card & PIN as well as biometric based ATMs/POS/Kiosks with NDC/ DDC message formats as well as ISO 8583 V93 formats. 17. Solution should support Note Acceptance (Single and bunch) and Cash recycler for makes such as Diebold, NCR, Vortex, Wincor, LIPI and all major terminals available in the domestic/ global market 18. Solution should provide front end software for accessing the ATM Switch in a secure manner 19. The system should support ATM fee based on Terminal ID, ATM Location, BIN, Country Code, etc 20. The proposed solution should have an open architecture and proven and mature platform, in production at least 21. Solution must support international networks/ interchanges including but not limited to Rupay, VISA, MASTERCARD, Maestro, Amex, Dinners, Cirrus, DISCOVER etc. 22. Solution must support national and International networks / interchanges including but not limited to NPN, SCT, NPCI, DFS etc. 23. Switch should have capability to drive all standard ATMs including DIEBOLD,NCR, Wincor, LIPI, Hitachi, Vortex, Hyusang, etc 24. Switch should be compatible with all standard Kiosks available in the market 25. Switch should have capability to drive all standard POS terminals along with Mobile POS terminals 26. Provide an integrated solution for both hardware and software including enterprise support from OEM 27. Should provide High Availability at component level at data centre and near DR site. 28. Should provide High Availability of DR. The bidder should explain its DC and DR and near DR site Architecture 29. Should ensure near zero data loss DR environment to support the Bank's existing DC-DR-Near DR Site network architecture 30. Should be up and running in DR environment in less than 30 minutes if the primary site fails in case of Active Passive. 31. Should maintain switch data for at least 10 years in an easily retrievable form 32. Should maintain online transaction data for minimum 180 days 33. Should support Domestic interchange 34. Should automatically update from external Interchange Routing tables list refresh sources (VISA, MasterCard, Rupay etc) 35. Should support instant Refresh of balances from the host to the Switch online 36. Should support any other mandatory requirements introduced by Govt. of /regulatory authority/settlement agency such as Rupay/ Visa/ Master

2. Solution must provide interface to alternate channel applications and Payment Products like:

1. Rupay 2. ATM, BNA, Recycler, Kiosk 3. Online transactions like online shopping, bill payments 4. Mobile Banking 5. IMPS 6. Payment Gateway Interface 7. Telephone Banking and IVR Interface 8. Should support configuration of new Host parameters on the Switch without stopping services. 9. Online addition of New ATM/CR (Cash Recyclers) without bringing down the System/ Switch network 10. Solution should provide for dynamic generation of terminal session key. 11. Solution should offer remote key download functionality with requisite security features such as password/encryption etc. 12. System should automatically generate Daily transaction reports based on the scheduled time and should have the capability to export the same in different formats but not limited to CSV, xls,xlsx, xml, text, etc

3. Scalability:

The system architecture should be modular, with load balancing and fault tolerance for data recovery, hardware failure and site failure with built in redundancy. The solution should also allow 100% scalability, by adding capacity to the current environment (vertical and horizontal)

4. Services through ATMs/Recyclers:

1. Cash Withdrawal 2. Cash Deposit (in case of Recycler) 3. Balance Enquiry 4. Fast Cash 5. Mini Statement 6. PIN Change 7. Fund transfer between accounts linked with the card 8. Utility Bill payment 9. Mobile Recharge 10. Linking Aadhaar Number with Bank Account 11. Cheque deposit, Cheque book request, Pin Generation, Utility bill payment etc 12. Cardless Cash Withdrawal 13. QR Code based Cash withdrawal

5. Fraud and Risk Monitoring Solution:

1. Should integrate with the NPCI FRM solution in Near Real time /Real time mode. In case of real time mode, the risk score provided by NPCI for every transaction should be validated by the switch and decision to be taken for authorization/ decline based on the parameters configured. 2. The solution should monitor all On-us transactions i.e. transaction happening in our Bank ATMs and all other terminals connected to the Switch. 3. The FRM Solution offered should be configurable, scalable and customizable and integrated with the ATM switch solution offered by the bidder, to support the Bank’s requirement on Fraud Risk Monitoring and take real time decision. 4. The solution should provide an option to configure rules based on various risk parameters, test the same in live database to analyze the impact of implementing the rule before enable the same in live. 5. The FRM solution offered by the bidder should have all the parameters available in the solutions shall be customizable to enable any new parameters as per the requirements given by the Bank in future. 6. The system should provide the risk score for each transaction based on the defined set of rules using which the switch can take a decision either to approve or decline the transaction. 7. Solution should generate real time alert (SMS & email) and should work intelligently based on the pre-set parameters and transaction patterns

6. Security control

1. Solution should support security controls over specific users or group of users 2. Data access should be controlled based on individual profiles/roles. 3. Solution should provide for configuring privileges at user level and be able to set preferences. 4. Solution should provide facility for recording centime, timeout of user from such device in Switch database. Audit logs should be maintained and made available for the bank in case of need 5. Solution should provide adequate reports for these controls and should provide report/alert on unauthorized access

7. Operational Security

1. Mode to access the system should be through passwords to ensure that only authorized users gain access 2. Solution should provide for configuration of complex passwords using algorithms and special characters. 3. Option to set life for the password in the system for forcing the user to change it once it expires 4. Password history is to be maintained and validated so that the same password is not continued by the user. 5. The user rights on the system should be definable so that a user can perform only those tasks, which are assigned to them. 6. System must provide levels of security, which will include Add, Modify, Delete, Query etc 7. It should be capable of maintaining audit logs of each activity on the system. Audit Trail of all changes made in the application, system Parameter, user role change etc. with details like user name, IP address, date and time, module name etc. System should maintain a record of the users who have accessed the system resources used and actions performed along with security violations. 8. Type and nature of security violations should be configurable over & above what has been stated above. 9. Solution should provide and retain audit logs of transactions throughout the system and each transaction should be uniquely identifiable in the system 10. The solution should be capable to send alerts on changes in system parameters as per configurations

8. Authorization, Authentication and PIN Verification:

1. Should be configurable with Host/Interchange for Authorization/PIN verification 2. Admin Card Generation and Admin card PIN verification for ATMs and other channels wherever necessary 3. System should validate transactions allowed for the specific card/ card type and linked account. 4. Setting up separate limits & velocity at an Interchange level, Institution level, Transaction Type, Country level, MCC and Terminal level 5. Setting up separate online / offline limits & velocity for Interchange level, Institution level, Transaction Type, Country level, MCC and Terminal level 6. Personalized card limits by cardholder for withdrawal, POS, Ecom transactions. 7. Key Management 8. Verification of the validity of the card (whether active or Inactive) 9. Expiration date verification on card / Switch as per card issuer 10. CVV/ CVC, CVV2/ CVC2/ ICVV verification 11. Checking for Hot listed or CLOSED cards 12. Supports Card verification

9. Monitoring

1. Should be able to monitor and report status of Host, ATMs, and all interfaces 2. GUI based with dashboard facility at multiple locations, as required by the Bank 3. Online status of ATMs, devices, interchanges, host, servers etc. connected to switch including reason in case of down/ problem in ATM and generation of alerts via SMS, email etc. 4. Real time cash monitoring of all the ATMs/Recyclers and proactive alert of low cash 5. Online status of different components of Switch application like processes, interfaces, etc. 6. Online transactions surveillance giving information/analysis on TPS, transaction wise, type of transactions wise, successful/ decline ratio, reason for declining of transaction, abnormal transaction behavior on particular device etc. 7. Provision for defining the thresholds for different parameters. 8. Should be able to give alert at screen, through voice, SMS and emails in case of problem and abnormal network/transaction behavior 9. The system should be able to provide history of ATM status and should be able to generate and export report whenever and wherever necessary 10. The system should be able to handle tickets automatically 11. Intelligent MIS for a desired duration on all above parameters including ATM up/ downtime and business

10. Device Screen and Software Management

1. Capabilities to allow Addition/Deletion/Modification of ATM/POS/Kiosk screen flow & its contents centrally 2. Should support remote Terminal Master & Session Key management 3. The solution should be capable of centralized distribution of software upgrades and patches to the ATMs/CDs/Kiosk/POS. 4. The solution should support remote EJ pulling with end to end encryption

11. POS/Micro ATM

The system should support: 1. Mini Statement 2. Balance enquiry 3. 4. Cash Withdrawal 5. PIN Change 6. Deposit Solution should provide for Intra/ Inter bank transfer 7. Money Transfer (VMT),Western Union as well as any other transfer methods as per the Bank's 8. Bill Payment, mobile top-ups, etc 9. Facility of PIN, Biometric based transaction at POS

12. Kiosk/Micro ATM

The system supports: 1. Balance Inquiry 2. Mini Statement 3. Full statement 4. Passbook Printing 5. Facility of PIN , Biometric, OTP based transactions 6. PIN Change 7. Fund Transfer 8. Capturing of Customer Mobile Number 9. Mobile & DTH top ups 10. Requests Cheque book, DD etc. 11. Cheque related queries 12. Bill Payments & electronic bill presentment, Tax Payments Fee, Donations 13. Envelop less cheque deposit transactions 14. Utility Bill Payments & e-ticketing 15. Automatic unblock of card after prescribed time

13. MIS

1. Solution must provide MIS that can be customized in future as per bank requirement. 2. Solution must provide web interface for obtaining standard reports 3. Solution should be able to provide reports in standard interfacing formats such as xls, xml, csv, etc. 4. Solution should provide the following MIS reports at a minimum: 5. Daily Settlement Report 6. Daily Transactions Log report 7. Daily Report on Reversal Transactions sent to Host. 8. Branch wise abnormal transaction i.e. multiple transactions attempted with cards at various interval. 9. ATM/ Recycler down-time summary and detail daily as well as monthly 10. Cash position of ATMs daily as well as monthly 11. Cash dispensed by ATMs daily as well as monthly 12. POS/Ecom/Mobile banking down time summary and details daily as well as monthly 13. Admin transactions reports 14. Admin done vs. Cash available report 15. Reports on financial, non-financial and reversal/suspected transactions. 16. Report of unsuccessful transactions with reasons for failure 17. Location-wise transaction report 18. Terminal-wise transaction report 19. Report on income earned through interchange 20. Usage by customer type ( On us Vs Off us) 21. Monthly Reports - ATMs average hits report on monthly basis 22. Monthly Reports – ATMs hits analysis report covering financial/non-financial hits, cash disbursed, our bank vs. other bank transactions, income earned by the ATM etc 23. Monthly Reports – ATM/ POS/ Ecom/ IMPS/UPI Down time percentage 24. Monthly Reports – Down time analysis basing on reasons for downtime 25. Monthly Report – Card Base 26. Monthly Report – Card base analysis 27. All other reports identified by the Bank during system study. The Bidder must clearly list all the reports generated by the proposed solution. 28. Access should be made available for the Bank’s team to generate customized reports as per the requirement through scripting/queries.

14. Interfaces:

1. CBS Host 2. National Financial Switch for ATM Sharing (ATM Issuer & Acquirer), RuPay POS & Ecom Issuer transactions 3. Interface with ATM/BNAs/Recyclers 4. Interface with Net Banking/ ATMs, and Foreign Inward Remittance 5. Credit Cards Host for extending the ATM facility to holders. 6. Financial Inclusion Gateway for Card/PIN validation 7. For authorization of transactions through Prepaid Cards 8. Card/PIN through SMS 9. Blocking / unblocking of cards based on customer request through various delivery interfaces mobile banking / internet banking / missed call / SMS /IVR etc. 10. E-Commerce/ Mobile banking Transactions 11. Mobile Banking / Internet Banking registration through ATM 12. Voice Enable transactions 13. Aadhar Registration / linked Authentication 14. Card to Card Payments 15. Card to Mobile Payments 16. Card to Card less Payment 17. IMPS Interface for Utilities Payments 18. Govt. Tax payments 19. Any other customized application deployments 20. System shall be capable of configuring multiple credit / debit accounts for transaction routed through ATM switch.

15. Card Management System:

Currently Bank is using the Management System Software provided by different vendors.

Non-Personalized cards:

1. Request for Non-Personalized cards is entered/ uploaded from CBS by the Cards Management Department centrally in Cards module 2. Epins/ PINs to be sent. 3. Card data is downloaded and processed by Cards Management Department to generate Support Function file for activation of the card in Switch with customer details.

Personalized Cards:

1. Request is entered by the branches in CBS. 2. CBS data is downloaded and processed by Cards Management Department 3. CAF generated is refreshed in ATM Switch to generate Embossa and PIN. 4. Embossa is sent to Card Personalization team for embossing. 5. EPINs / PINs to be generated/ printed and sent 6. Cards are dispatched to the respective branches / customer address. 7. CBS data is downloaded and processed by Cards Management Department to generate Support Function file for activation of the card in Switch. 8. In case Bank sends Cards to Customer Directly, system to be available to accept customer card activation request through SMS request. 9. In both cases, the cards are generated with Inactive Status first and activated only after delivery of the card to customers.

16. Reconciliation System:

Reconciliation of all transactions (ATM/ POS/ Ecom/ IMPS/UPI) happening through the Switch to be reconciled with CBS, NPCI and ATM machines in case of ATM.

1. Reconciliation of ATM/ POS/ Ecom/ IMPS/UPI transactions 2. Utility bill payment and the same will be extended to other aggregators as well.

17. Settlement

Settlement between Bank, other institutions, and interchanges is to be carried out on a day-to- day basis accurately. The scope of work involves 1. 2. Representment 3. Credit Adjustment 4. Debit Adjustment 5. Retrieval Request 6. Replenishment Claims Checking With Switch Dispense and Branch Dispense With EJ.

18. Customer Relationship Module:

1. Receive complaint 2. Registration of complaint in system with available details 3. Categorization of complaints 4. Verification with ATM Switch/Electronic Journal/Tie-up 5. Closure of complaint 6. Hot-listing of cards through SMS, Miss Call, IVR etc.

19. Facility Management/Technical Support

1. Monitoring the health of the ATM Switch 2. Processor Status Monitoring 3. Spooler Status Monitoring 4. System Cut Over Monitoring for ATM 5. System Backup – Daily, Weekly & Monthly 6. EMS (Enterprise Messaging System)Monitoring 7. Monitoring the status of various host stations and interchanges integrated with ATM Switch and coordinating with respective entity for problem resolution in case of any issues 8. Addition/Deletion/Modification of ATM Configurations. 9. Coordinating with the ATM vendor for making the ATM operational and other related issues. 10. Generation of Emboss for Card personalization and printing of PINs. 11. Restoration of backups for providing switch logs relating to transactions beyond 90 days for addressing customer complaints. 12. Handling the calls received from Branches. 13. Generating emboss for Admin Cards for ATMs. 14. Monitor the status of ATMs for down, Cash out, JP, RP low or faulty, Cash Handler/Dispenser problems 15. Preparation of ATMs down/ Cash out status report every 2 hours for updating to Bank officials. 16. Sending ATM Downs/ Cash Outs status report to Branches/Zonal Offices and respective vendors.

20. Statutory Requirements/ Mandates:

Any regulatory changes which are necessitated in the proposed solution due to changes in the law or provisions or directions introduced /issued by , State Governments, other governmental authorities, Reserve , NPCI, other regulatory authorities or due to industry level changes should be promptly effected by the selected bidder to the Bank during the contracted period at no extra cost to the bank

1. Implementation of all the mandates/services as per the guidelines received from Regulator/s (RBI, NPCI, DFS etc) and/or Associations (ex. IBA) will be the responsibility of the bidder without any additional cost to the Bank. The vendor should undertake to make any changes as per the regulatory requirements RBI/IBA/NPCI/VISA/MASTER/any other) as and when these arise at own cost for compliance. For any penalty which Bank may become liable to pay to regulatory bodies, customers etc. due to non-compliance or any performance related issues at ATM Switch, the same would be recovered from the vendor.

2. Conducting quarterly DR Drills and as advised RBI/Settlement Agency/NPCI / Bank/regulatory entities from time to time.

21. Training to Bank Team:

1. The selected Bidder must provide training to various target groups consisting of Core Team, Operations team and Executives attending complaints at its own cost on overview of system fundamentals, Operating Systems, application software, databases, etc. 2. They will also be trained in fault diagnosis and first line support. 3. The training must enable the Bank’s software staff to understand about the software related to the EFT Switch & its operations. Bidder must provide complete training plan for EFT Switch. 4. The training along with software documentation/manuals must be provided on site at Bank’s Head Office. 5. Training will be provided at the Bank’s location. 6. The functional and technical training for the core team would be for the duration on part/full time basis and would commence within two weeks from the Go Live date. 7. The duration of the training should be agreed with the Bank.