 I'm glad to see the 1, 2, 3, 4, 5, 6, 7, 8, 9 of you, 10, 11. I'm not counting the volunteers. I'm really happy to see you this morning. Thank you for getting up on a Friday morning to come to a conference. I have announcements, as always. There are always announcements at the beginning. If you have not yet logged into the Wi-Fi, I'm not sure what's stopping you. But maybe you don't know the password. If geeks are us, a lowercase that R is a letter. Please don't do any hotspots in the venue because it messes up the Wi-Fi for everybody. And if you are caught downloading excessive amounts of data and you will be caught, you will also be kicked off the network. So please be kind to our bandwidth. You have any problems with the network or anything? The network operation center is just outside here, and you are welcome to stop by and talk to them. Badges you should be wearing yours. Most participants have white lanyards, like this. Staff wear yellow ones if you have any problems or concerns or need some help, see somebody wearing a yellow lanyard. Blue lanyards are workshop only, and the red ones are very special. If you do not want to have your photograph taken, do not want to appear on Twitter or Instagram or any place on the internet, please wear a red lanyard. To those of us who are using social media too, so if you are tweeting things out and taking pictures for Instagram, please don't post pictures of people wearing red lanyards. Food can be pre-ordered. The food court is upstairs on the first floor. There's coffee, there's tea, and there are two different kinds of lunch boxes, well, two different vendors of lunch boxes, selling more than two kinds of lunch boxes. You can pay with food tokens, which are available at the front counter where you registered, or with Paytm, but we don't take cash in the food court. You will have a schedule, and it looks like this. Only yours isn't on the clipboard. This is also our feedback form. So as you attend the events today, please take a minute to check off whether the content was relevant, whether you thought the speaker was presentable, and whether the work was at a level that was good for you. That helped us make better decisions for the next conference so that you will have an even better experience. I also wanna tell you that we have office hours today, so most of our speakers are spending two hours upstairs in room one where you can talk to them face to face and ask questions of their expertise. So please do take advantage of that. I'll do my best to let you know when each speaker is upstairs. And if you were upstairs, you would have seen a big lot of chairs up there. Not only are they considerable for eating, but they're a place where you can get together and run a discussion group of your own, the unconference part of our conference. Flash talks are today at 3.40. If you'd like to sign up for a flash talk, you'll have a maximum of five minutes, and you can talk about anything you like in the payments realm, except for hiring pitches and sales pitches. You can see me or Harshal in the other auditorium to sign up. Please try to do that by lunchtime. And that's pretty much everything for announcements. But I have some more time, so we're gonna play a game. Have you guys played Rock, Paper, Scissors? Yeah, everybody's played Rock, Paper, Scissors. No matter where I go in the world, everybody's played Rock, Paper, Scissors in Japan. It's such a big deal game. You learn it when you're a kid and you play it through being an adult. So there's a way to play as a group. Has anybody ever played Rock, Paper, Scissors with more than one person? So you're all gonna play against me, and I have a prize. Last person standing gets 50 Japanese yen. I couldn't find 50 paisa, so 50 yen. It's one of Japan's lucky coins because it has a hole in it. So we're gonna play, you'll all be playing against me. So I'm not gonna do it the Japanese way because it won't make any sense to you. We'll do one, two, three, throw. Ready, hands up. One, two, three. All right, so if you're paper, you're out. If you're Rock, you're in. How do you guys handle ties? Play again. In Japan, ties are done. All right, ties can go. So if you have scissors or Rock, you can play again. If you have paper, put your hand down. Okay, hands up. One, two, three, go. Okay, so Rocks and Paper get to stay. Scissors are down. Again, one, two, three, go. Paper down. Scissors and Rock stay. Sorry, scissors down. Paper stay. Thank goodness I didn't add spock in this one. One, two, three, go. Okay, scissors and paper stay. Rock, you're covered. One, two, three, go. Paper down. Okay, so it's between you two. One of you is gonna win. Which is, what, like 25 rupees? I'm sorry, it's not a really great price. One, two, three, go. All right, scissors wins. Come collect your prize. It's a very pretty coin. It has flowers on it. You're very welcome. Congratulations, that's a good way to start the day, right? Winning a prize. We have five more minutes before our first talk. I wanna start on time so that the people on our live stream can actually watch the beginning of the talk. So, we're gonna do another thing. We're gonna stand up and stretch, because it's morning. Did you guys stretch this morning? Okay, good. Well, one person did, I didn't. So we're gonna stretch, because I need to stretch. So please stand up. Look, your body stretches and some balances. It's a little hard to stretch in those spaces, so I'm not gonna make you go crazy. But put your arms up and stretch. One side, the other side. Doesn't that feel good? Do you know that when animals do this, when the animals naturally stretch when they start moving after they've been sitting or lying down, and there's a special word for it. It's called pendiculation. It's a great word. All right, so stop stretching like this, and now we're gonna just one side. Bring your arms down and shake them a little bit. What? And while you're shaking those, you can take these. Do you guys ever go to the shopping mall or walk around and suddenly you find yourself kind of dull and you would just buy anything, like a zombie? So there's a way to get out of that, and it's to jump up and down. By bringing movement back to your body, you get out of what's called the grew and transfer. It's actually a thing that shopping mall designers do on purpose. They make shopping malls confusing so that you will end up in the shopping zone. It's terrible. I call it fall head, but you walk around fast but you jump, it goes away. So next time you don't wanna be shopping anymore but you can't stop, jump up and down and then you'll be able to leave the store. I know it sounds really weird, but it's truly true. Go ahead, you can sit down. I will introduce our first speaker. First talk this morning, in fact, our talks, both our talks this morning are about user design, and this one is about accessibility. Sunivas has been advocating accessibility for over a decade. He's the man who ensures people with bad eyesight and fat thumbs can still pay with their phones. It's our first talk of the day. He's gonna cover the state of accessibility in payments and how you can build accessible payment experiences. Sunivas, thanks for helping make the world a better place for all of us. The slides want to show up until we get started with their talk, and then he's gonna still play with us, very good. Strong, I charged it over the night. Oops, okay, now what do we do? Anyone has a Mac charger? While it gets started, you know, what is it called? This is called situational disability, or you can also call it as technological disability. It's charging here, come on. Okay, good morning everybody. Am I audible enough? Firstly, if Srikanth and Abhishek are in this room, I just want to give a shout out and thanks to both these gentlemen for choosing this accessibility as a topic. Very much charging here, this is surprising. I'm not sure if it is still charging. Instead of saying Mac or Windows, inclusion, okay, finally. So are we, okay now? Yeah, good, sorry about that. Of course, it's beyond our control. Right, so I just wanted to give a shout out to Abhishek and Srikanth who actually reached out to me some time ago to see if I'm interested to talk about accessibility of the payments. Okay, and it's a very important topic. And to me, it's not about the importance or anything, but something I'm passionate about. It's, I'm happy to see that Hasglick agreed to do this on a mainstream conference, which is actually a valid thing, than doing this kind of talks in a excluded or separate conferences related to accessibility alone. So in next 30 minutes or so, we will be talking about, I do, Christian has done a wonderful introduction already, but I will just do once again to talk about myself. And then we'll talk about what is currency state of today and then we'll talk about cards and wallets and digital transactions and so on. So before that, I just want to give you all a quick question I want to ask you all. If I give you all a blank paper and say it is a newspaper, what would be your reaction? So that could be the same thing which applies to accessibility, which we are going to talk about today. And before that, I like Srikanth has made some disclaimers yesterday. I'd also make a couple of disclaimers. Firstly, is there a sign language interpreter in this group? I believe no. And if any of you have a hard of hearing, my sincere apologies. You may want to read the full text later, which will be posted on my website. If there are any visually impaired in the audience, I would actually speak out most of my slides, so you shouldn't generally having any problem. So visually impaired could be not necessarily people who have got the eyesight problem, but primarily who would be sitting in the last room. For myself, I am an accessibility advocate like Christian has mentioned, and I have a day job at Informatica. And I'm also founder of something called Servo Inclusion, where, which is a platform that I use to raise awareness about accessibility and not just raising awareness in a respectable way, but I'm a kind of shameless person to tell anybody, oh, we should together work for accessibility. I don't mind if other person feels me saying that, oh, this guy is bugging me or bothering me, but as long as it's a consumer application, if there are people who actually use these applications, I do not hesitate to give them feedback. But what I generally do is, I try and give them a constructive feedback so that they not only find a problem statement in whatever I tell them, but also a kind of solution how they can fix their problems. Because I personally believe accessibility is not something that developers do it intentionally. And guess, who do I blame? Let's say, if an application, if a website is not accessible, who do you blame? Who do you blame? Do you blame the developer? Do you blame the product manager? I don't blame the developer. I actually blame his or her teacher, who actually taught them HTML, CSS, JavaScript, et cetera. Because unfortunately, I wish if somebody would disagree with me, but most of the institutes today, which teach you HTML, CSS, and JavaScript, and so on or any programming language, they do not talk about you of usability, guess of standards or forget about you have accessibility anyway. Did you all agree or anybody who would be happy to disagree? So there is no sound, that means everybody agrees, right? Very good. All right, so pray to my work at Informatica. I was formally, it's interesting, I started my journey into accessibility while I was working for a nonprofit organization called the National Association for the Blind, where we've actually created a beautiful website for the organization and at the end of the day, we realized our own students who are people with blindness cannot use the website. So that is which has triggered me to start working in the area of accessibility and I started working something called Barrier Break, which is an accessibility consulting firm in Mumbai. And then of course I moved on and worked at various companies like Yahoo, PayPal, HCL, through them, I got a chance to work with Google and so on. And since my passion is about raising awareness about accessibility, I also do a consulting activity with somebody like Precut Solutions, Mnet and so on, a few companies. So I'm open to help anybody who want to bring change in their culture of working, culture of building products. So I'm also an active participant at Accessibility Guidelines Working Group at W3C and I'm also a member of something called International Association of Accessibility Propulsion. Some of them are hidden because the screen size I don't know what is going on here. But do you all remember, any of you remember this? Any of you have ever used, seen? Yes. There is a reason why I'm actually showing this old currency. If you actually notice, you will see the different dimensions and sizes in the earlier currency. It may be one paisa coin, two paisa coin, five paisa, 10 paisa, 20 paisa used to have a different design, 25 paisa used to be very small and 50 paisa used to be bigger and one rupees all together bigger and two rupees has a different dimension and five rupees is a thickness. Earlier it was easy to, for people to identify the currency. But off late for some time. Now this is a picture I have taken from a change.org campaign which is being done by some of our colleagues in the industry. Because if you look at the current year of today, forgot about people with blindness or low vision. I have seen my mother having a conversation with the auto driver. Hey, you're supposed to pay me five rupees and why are you giving me 50 paisa? That poor guy actually gave her five rupees coin. Okay, and she is looking at it with her hand and think, oh it must be a 50 paisa coin. If people who have got all the eyesight and mainstream people are getting confused with the currency. And now thanks to the new currency like 2,000 rupees, 500 and new 50 rupees. I don't know how many of you have seen, even the 200 rupees note. It's all, do you think they look like currency or they look like what, they are lottery tickets. Right? So we are lobbying to work with RBI to bring back the real good currency of different sizes because no matter how technology is evolved, there are of course applications which can recognize your currency and all. But not everyone could be afford to use the internet even today. Or not they may be aware of how to use them at all. So the problem today is that all the currency coins, if you look at, there is no difference between 50 paisa and 5 rupee coin. There is no difference between 20 rupee and 2000 rupees note. Right? So this is something which we are actively lobbying with the RBI and in government of India to see what changes can be made. If you ever got a chance to talk to anybody about this, please do so. Do your best, fight whatever you want to do. Let's all together do whatever we can. And now ATMs. ATM is, how many of you don't use ATM in your life? What is the problem with the ATMs today? There are, in spite government has the regulations, RBI and IPA has got the clear regulations to further manufacturers to develop the accessible ATMs. So accessible ATM does not mean only having the talking features, okay? Because accessibility is not just for blind people. Vasu is standing here and talking, being a person with low vision does not mean accessibility is only for people with low vision. Right? It could be for anybody, people who are in the wheelchairs, people who are the hard of hearing, people who are the cognitive disabilities. And I'll give you an example. Now most of these ATMs, if you see today, at some point it will tell you, welcome to Access Bank ATMs. Then after some time, after a few tasks that you have done, it will tell you, please enter your secret code. Thank you for using Access Bank ATMs. Is this an accessible ATM? Yes or no? Yes? No, I need an answer. No, because it is partially giving you an instruction like welcome messages and all. But it should, if you're a real accessible ATM means, it should have adjustable height, it should have buttons that can be accessed by blind people, okay, and so on. So it has, there are the clear guidelines how to design an accessible ATM, okay. And there is also a website called TalkingATMIndia.org, which is maintained by some of our friends. So that actually gives you, you can look at where is the accessible ATM in your area, okay. They maintain the list of accessible ATMs. The data will be provided by their respective banks but they cross the country. Okay, they're using cards and POS machines. So you have heard a lot of things about this point of sale machines and cards and payment gateways and all yesterday and some of them are going to be today as well. And also that includes the privacy, security and all. So let's see what are the things about these? Cards, you don't need to deal with that inaccessible physical currency which is the good news. But there are few things. When you go to a shop, I know in the United States and few countries where you actually do check out on your own. But does it happen really in India? No, we just go to the counter and give them our card and they will do the calculations and they'll take your card and they'll swipe and give you, right? So in that there are few things involved related to privacy. Especially if you are a customer who is a wheelchair user or who happens to be blind. Okay, if you are a wheelchair user if the counter is high, it is good enough that you are able to access the machine and put in your own pin, that's okay, decent. You have to spell out your pin to the merchant which can be had by somebody who is around you as well. And what if after the transaction is done if somebody just takes away your card? Who got to know your code? There can be a choice chances of misuse, all right? And if it's a blind person forget, there is no option but to tell the pin to the merchant. Because firstly, you don't know what kind of machine that person is using, POS machine. There are two or three varieties today. And you really have to trust that merchant. He has entered the right amount. Because until the transaction is happened you will not get to know what is the amount made until you get your own SMS, right? If the merchant wisely put the right amount well and good but accidentally or intentionally if you put an additional amount, that's it. You only get to know after you get the SMS. Then you'll have to do all your fights. What could be solutions for it? Like somebody yesterday said instead of the POS machines they use the mobile applications, which is a good thing. Because in every mobile phone today whether you're using Android or IOS, you have a screen reader. If you are using Android, you have a talk back feature which is ready to use. So you can even ask the merchant, I want to turn on the talk back before I use your application, okay? And the screen reader can come in hand if you are using a mobile application. But if the government regulates or something happens if you still want to use only the POS machines then you have to add a screen reader to it so that people should be able to use on their own and that should have the real accessible buttons. I have also added voice recognition. The reason because as I said it's not about only blind people, right? People who can't use their hands, how do they activate? How do they enter them out? How do they use that machine? So they should be able to dictate, right? Because things if you feel that it is an expensive affair it's not going to happen. Then what you should be doing is like how the Paytm does, okay? Unity sender OTP, the user which also has the amount in it so that you give back that OTP to the merchant you will enter done, okay? So that's the technological solution that you can use. The reason why I mentioned about the card details to be sent to the user as and when needed because if I'm using a, if I'm dropping something online I need to check out, okay? And what if I don't remember my card information? I want to retrieve my card information immediately. How do I do that? I don't have brain, I'm blind. So I should be able to send some instructions to my bank using some SMS format or something like that or clicking on some option. I should be able to get my information in a secured manner not the CVV code and all because CVV, it's expected people should be able to remember that much at least. But the card number, the sexy and digits are something that has to be sent to the user securely. Wallets, see we have so many wallets today. Paytm, pay you money with actually one of the sponsors for this event Moby Quake and quite a number of wallets you have. It's for wallets are in a way very self-serviced. People can use it themselves, okay? But the problem here is that the interfaces are inaccessible with due respect, since we have reached out using several channels as well and the public channel is good to have send messages to as many, through as many people as possible but if somebody from Paytm is around Paytm Android app used to be accessible until two months ago but now with the recent update it is slightly broken. So if anybody from Paytm in this room you should actually go back and alert your teams if or if somebody has a connection with the Paytm you should actually go and do that because Paytm is something which commonly uses today across the board and I almost use it every day, okay? Especially when I ride on the Uber I just prefer to use my Paytm link with Uber and also I use them with big basket, yeah? Now another problem with wallets is you have a food court here, right? So how do you know what wallet do they accept? Do keep every merchant keep telling you I accept Paytm, I accept Moby Quake. When you go to the counter will they tell you? It will actually displayed there. But what if a person who is blind how would they know what wallets are being accepted with? So there is a technological solution I'm proposing which is actually, in fact we are trying to do this kind of a hack, part of a hackathon which is upcoming in the month of May. So if I'm standing around a food counter I should get a push notification saying that oh, yes, Barista accepts Paytm, Moby Quake, et cetera. I should be able to get that push notification. Using what APIs we need to figure that out. How much time do I have? Okay. So we're talking about electronic transfers like NEFT, IMPS, RTGS and so on, all these things. It's again self-serviced and people, it's actually far more easier for even for people including cognitive disabilities because you'll have a familiar interfaces. You don't need to deal with new interfaces every day because you might end up using one bank or two banks but you don't, every day you don't change banks, right? So, and thanks to whatever reasons, but nowadays if you look at something like SBI, HDFB, HSBC and ICICI, lot of bank interfaces are fairly, usable if not really accessibility compliant, but they're fairly usable. But what we need to keep in mind is that these channels are actually growing. These channels are modernizing, in the name of modernizing people are actually forgetting the basics and standards. I'll tell you accessibility is not a rocket science. Accessibility is all about writing a semantic code and adhering to the standards, okay? And now I will tell you one simple inaccessibility problem of this conference, okay? Christian has mentioned the people who wear the red linears are not to be what? Photograph. Do you know blind people can also take the photograph? Yes, but the technology, it will tell you there are one person, two people, three people or hundred people, but it will not tell you which person is wearing the red linears, okay? So, if I have taken a photograph of any of the red linears, it's your choice, I can't help. It's all about standards and basics, right? So, what people need to keep in mind is that when they're developing the interfaces, they need to make sure they meet the web access, web content accessibility guidelines or if they are developing the mobile applications. Interestingly, lot of these mobile developer frameworks, like if you are developing for Android or iOS, there are a lot of accessibility features which are inbuilt, all that our developer friends has to leverage on them. With due respect, but I have seen at least two good extent of developers, their mindset is they want to complete the building the product. Can we just pause and see, am I writing the right code? Or even if I am copy pasting a code, am I copy pasting from a right source? There is nothing wrong in copy pasting unless you are going for an exam. There is nothing wrong, okay? But you need to copy paste from the right source. That is the reason you have all these open source, frameworks, open source projects. You are free to copy paste, but please copy paste from the right source. There are a lot of accessibility plugins. There are a lot of accessibility components written which people can reuse. The problem with these electronic transfers is interesting. It's not the problem of our developers or technologists. It's the problem of banks. So I have a friend who happens to be blind and who is a advocate. So if he is an advocate, practicing advocate, do you agree that he is a decently, decent educated person? He goes to a bank and let's try to open an account. And they tell him, you do use a thumb impression. So we consider you as the illiterate. So we cannot open a bank account. What do you do with them? So there are, it's also essential that bank finding institutes has to sensitize their employees in dealing with people with disabilities. They're not necessarily, they need to give them an extra banking facilities. Nothing really, nobody's asking for it. But whatever you're giving it to everybody, you should actually give it to people with disabilities as well. And there was also one time banks were saying, okay, if you want to avail a bank account, you come with somebody else and we open a joint account. Well, I'm a single, not really, I'm married, we have two kids, but what if I'm a single person who is living only in my family, right? So this is the situations in the banking sector, but when the whole, if the facilities are given and electronic transfers are far more easy, assuming our interfaces are accessible, are there any developers in this room? You know, all you need to do is, very simple thing. Well, in the next slide, we're going to talk about using the automation tools and all that, but before that, all you need to do is that, when you actually, at the testing time of your product, for 20 minutes, you let the, as good as your tea break, unplug your mouse and use your product just using the keyboard. You don't need to experience a screen reader or anything. You don't need to become blind. You don't need to become a cognitive disabled or anything. The first thing you use is, use your own product just using the keyboard. And you will be able to address at least 60% of the accessibility problems. Okay, the major problems are, in this modern application development area is, we all use model dialogues, right? The alert dialogue boxes and all you use, right? But, do you set the really tap focus onto that boxes all the time? Though the model dialogue, firstly it cannot, if it can be accessible, activated using keyboard well and good, once it is activated, that your focus has to come onto that model dialogue. Not, it should not remain on your parent window, right? So, your first testing tool will be your keyboard. Forget your mouse for about 30 minutes and use your own product or whatever you are using. Accessibility of real time messaging, so something like, because in the gaming gateways, everything happens in the real time. Like, in between you will also show a message saying that, do not wait to refresh onto your browser, do not use back button and all that, okay? If that messaging is not accessible, somebody who is using a screen reader, and if he tries to, if he says that, okay, nothing is happening. If you use a refresh button or back button, the transaction is gone. Maybe money must have detected already, whatever, right? And another thing is that, when you actually showing up a dialogue, something is happening. Even when the transaction is successful, or when you are actually asking him to do an additional level of authentication, that messaging has to be exposed to assistive technologies. Using whatever code you are using, if it is a model dialogue or a real time, new page or whatever, that has to be exposed. And the reason why I mentioned about accessibility of promotional material. How many of you do receive emails from all these payment gateways, 80% offer, 50% offer, 30% offer, whatever, or 5% cash back? Do you all get this email? Yes? Have you ever seen that email in a browser which did not load the images? What will you see? Will that be useful? Then that is how a screen reader user will see your promotional material. If you actually send out an email like that, an entire content embedding onto your image, and sending it to a user, and if user is a blind and using a screen reader, all they will see is a one line of single chunk code that talks about a part of your image. That's it. If you call that as a promotion, I'm sorry, I can't use the promotion. So if you want to really, I'm sure there are a lot of marketing teams also sitting here out here. If you want to reach out to more customers, you have to make your marketing promotional material accessible. And let me tell you guys, to make anything accessible, either your promotional material or your website, you don't need to compromise on design. You can use as beautiful things as you want. It can be as fantastic, as beautiful, as nice looking everything. All you need to do is use little brain, take little time, and you'll be able to produce accessible material. And it's also important to generate the accessible invoice or receipts, because as the invoice is as important to you, it could be important to people with disabilities as well. It's not about only the payment gateway, the providers to make their products accessible. It's also important, the people who are actually implementing it. If I'm using pay you money's gateway, I have to make sure that button that they provide or the interface that I create using their platform, I create a accessible interface. It's not necessarily that only my cart is accessible, but the button, I will just embed a image of pay you money and leave it there. It's not going to be accessible. So it's important for both the parties, whoever is using the payment gateway and whoever is providing the payment gateway. And especially the reason why I've chosen to talk about pay you money as a name is because I also see a lot of nonprofit organizations, especially working in the disability sector, do use pay you money quite a bit, and especially to raise the donations and all. And I believe they have an interesting thing to use this as their payment platform. And another reason to use their name is, thanks to them for sponsoring this event. Okay, the redirection. Redirection also need to be seamless. If you are actually redirecting a page which is taking minutes and hours together, it's going to be a problem. So during that process, it has to send the messaging. What state is it? Like if you are actually installing a Windows software, you keep listening to some buzz, right? Why do they do that? Because they want everybody to know what is the status of the installation. So quickly about automated testing tools. There is something called, all of you know about JSLint, right? So similarly, there is also something called JSLint.org which will let you test against your code while you're actually coding on the fly. Or other simple tool is something called AXE, Axe. It's by Deque systems. All you need to do is right click on the page, go to inspect element, click on Axe. It's a plugin for Chrome and Firefox. Once you enable that, you use that Axe from your developer console and it will show you the number of accessibility issues. Very simple format and very simple language including links to the techniques. So these are a few things which you can do for the accessibility evaluation. These are the simple things. Use the WCAG checklist, which is available on many websites including mine. And run the automated testing tools, something like Axe. And as I said, use the keyboard alone. Then use the screen. If possible, there's a final thing. You also, you can also start using some screen rating software. Like NVDA is non-visual desktop access, the free screen reader available for Windows. And if you're using Mac, voiceover comes for free. So we can have a couple of questions if you want. Or I'm available in the office hours from 11 to one. So we can also talk there. Even if you want to look at something, the demo or something, we can do that. Okay, any questions for now? No questions? Oh, we have a question here. User can use just the keyboard to check his website. Do you suggest something similar for apps? On the mobile device? Yeah. If you want, you can add an USB keyboard and use the keyboard. Okay, our second, because nowadays every phone, you really need to spend an extra money for it. All the phones, the screen rating software comes inbuilt. If you're using an Android phone, go to accessibility and turn on the talk back. And then how it becomes is, usually you activate everything using the single tap, right? So when you activate the talk back, in the single tap, it will announce the option to you using the gestures, okay? When you double tap on the element, it will activate. So you just need to remember that part. But you can start using a screen reader on your own. But that would be the easiest testing for mobile phones. In Android, you have talk back. If you're using an iOS, you have voiceover. Okay, thank you. No problem. Okay, so we're going to talk about resets or invoices. Are there any final points? Like, if it's just a screen reader, readable, because it's a PDF resets or invoices, I mean, it can be read by a screen reader. Are there any other things that could be added? Other things, you need to make sure your font sizes are good enough. Okay, because apart from blind people, they're all the people with low vision who should be able to use it. So you need to be careful about the color contrast of it. Okay? You cannot just put a yellow text on a white background. All right? So other than that, it should be in general good. And one of the problems that I see with a lot of these invoices or the even performance is that they type a lot of terms and conditions. I don't know, even the mainstream users, do you ever be able to read them? There have been such a font sizes of maybe six or seven. So, let's be true, especially when you're applying for a bank loan, have you ever read the terms and conditions on your own? That's where we go. Thank you. Okay, anybody else? Yeah, as part of the WTOG guidelines, there are also, do they also recommend set up for a case in terms of automating this whole processing process? Okay. So W3C's Web Accessibility Initiative group runs something called Evaluation and Format Working Group that has a set of automated tools. That's having said that, including W3C, as an accessibility advocates, we say that you can do the automated testing of only 30 to 40%. You cannot do 100% of accessibility testing. Okay, there need to be a manual intervention, possibly including people with disabilities. Okay, the reason I'll tell you is, okay, accessibility guidelines will tell you, you need an alternate text for image. And if you are using a, if I put my photograph, all text is Abhishek, the automated tool will pass it, no doubt about that. But does it meaningful? So, for accessibility testing, you cannot do an 100% automation. To maximum extent of 40 to 50%, you can automate, but manual intervention is equally important. One more thing when, you know, we were trying to do the accessibility of one of our applications. So, the mobile application, and we were trying to, you know, see that check mark everything what the application is. There were challenges because there were certain things that we should not do in mobile applications because it's in the compacts or anything like that, which was defined as part of the web guidelines. So, is there any, you know, are there any work in terms of defining what should be applicable for mobile? Not sure if you're... Yeah, no. Versions for mobile. Okay, if you are following the conversations, but last week, WCAG 2.1 is becoming candidate recommendation by W3C, which also includes guidance for mobile and so on. So, you can actually, that actually addresses some of these questions because there's a mobile task force which is actually worked very hard and solved some of these concerns. So, and there is also some of us in the industry have put together something called mobile accessibility practices. It's available on my website as well, which we actually written for government of India, but yeah, because WCAG, web candidate accessibility guidelines is not really meant for mobile at that point in time in 2008 because mobile is not that popular at that point. But now, they've also addressed quite a bit about the mobile accessibility in 2.1, which is right now in the candidate recommendation. You can have a look at that. Make sense? I think we've about reached our five. Thank you so much. That was a really interesting talking. It showed me a lot of problems that we're having. Let's give a bit round of applause for the two of us. Thank you so much, everybody. Our next speaker is gonna set up now. And while she's getting ready, I'd like to remind you of a few things that are happening today that aren't really on the schedule itself. In addition to office hours upstairs in room one, we also have the APSECO security clinic. If you want to have your product reviewed for security, you need to register first. We tweeted out the URL yesterday for the signup so we can walk up and I'm sure that they will get you a signup. But they need to have access to your data to look at it first. So please do sign up for that if you want a security check. Don't forget to visit our sponsors. They're all out there sitting at their booths and they're sad and lonely. Today at least there aren't all those lovely, beautiful, shiny saris out there distracting us. But we do have, in auditorium one today, a children's of preschool cultural event. So at some point we're probably gonna have to close the door so that we don't get their joyful noise coming into our auditorium. Do a different stretch. So earlier we did a standing moving stretch. The nine people who were in here earlier got that. And we're gonna do some balance. If anybody stand up please because you can't balance while you're sitting. Fall on the outside of your foot. The outside of the other foot. Really using your ankles here. So we'll get your ankles going today and then you can get them to rest for the rest of the day while you sit. Now if you find it hard to just stand like this because this ankle is actually doing all the work right now. It looks like this one's busy but it's the one that's standing. It's using a lot of tiny little muscles to keep you from falling out. I'm sure you guys all do yoga and you probably do that standing in your seat. Although if you have your shoes on you might not want to do that. It's hard for me to do this with a microphone and talk. Okay, so before you sit we're gonna practice sitting. Not all the way down. So sit, oh, some of you aren't even trying. Okay, go ahead, you can sit down. We're almost ready. See, this is kind of comfortable. I might just stay here. You guys almost ready? See, you guys can't do this. Ooh, the other hall must have let out. Hi guys, welcome. We're getting ready for our lecture. We're not quite there yet. Have a seat, you missed the stretching. Looks like it's gonna take another minute or two. So let me run through announcements again. Let's see. Oh, I haven't mentioned the Chatham House rules yet this morning. So anytime we do a non-filmed session like a birds of feather session or an off the record session we run by something called the Chatham House rules. And the Chatham House rules allow anonymity to people making comments. So what that means to you is that if you're tweeting or sending things out on social media you can say something was said. You can't say who said it. So you can't say, oh, Tink just mentioned the Chatham House rules. You would say something like the Chatham House rules were mentioned. So if we're running a BOF later, which we are, of course, and you decide that you want to tweet or share it on Facebook or whatever, please don't attribute who says what. But you can say what was said. This allows us to, well, all of us, all of us to speak more freely without worrying about the consequences of what you say. Try the series that you speak. I only see two people, nope, three. Three people in here wearing red lanyards. Nope, five. Yeah, there are a few. You're allowed to look at them but you are not allowed to photograph them. Please do not photograph people wearing red lanyards. That applies to us and our official photography but it also applies to everybody's tweets and Instagram posts and everything else that you put out there. So please respect their privacy by avoiding pictures of them. Of course, if they are standing in a big group and the group is getting a picture, I am not sure what happens then. People with red lanyards stay out of the group photos if you don't want to be in them. All right, I think we are ready now. So let me introduce our next speaker. So I've been told that I need to remind you office hours for Srinivasu are 11 o'clock to one o'clock. So if you have accessibility questions, please do go talk to him face to face, upstairs in room one. Now I'd like to introduce our next talk, Rethinking Payment User Experience for Emerging Markets. Chiatra is the president and co-founder of Simple. She's gonna explain how lack of trust is an economic problem and how Indian merchants are making user experience changes to address that. Chiatra. Good morning, everybody. So my name is Chiatra. As the founder of Simple, so what Simple does is we are selling peace of mind to users. That's the business we are in. We are a fintech company. So I thought we'll spend some time today talking about user experience and when we speak about user experience, trust is a very important aspect that often gets missed. So let's just spend some time talking about it today. So just to get a sense here, how many of us in this auditorium would be comfortable opening up our home to a stranger? One person, that's good. What about, let's say you're in a rush and your car is not starting, how many of you would be comfortable hitchhiking or flagging a ride, like a few men in the room, any women, understandably so? So you see that, you know, like speaking about fear, I thought I'll just say this, put it out there. Apparently putting it out there helps ease the fear. Fear of public speaking is supposed to be second to fear of death. I don't know what those guys were talking about. Right now, all I feel is butterflies in my tummy. So please bear with me while we go through this presentation. So speaking of fear, how many of, let's have a show of hands here. How many of you think that most people can be trusted? 15% roughly? How many of you trust the police? Institutional trust, political parties, election results? How many of you think that we would be better off as a society if we were to live in a much more trustworthy society? A lot of you. So I cannot change these slides. The clicker's not working, but it's working for the hitchhiking with the stranger. Anyway, so sounds like the experts at Harvard University academic researcher, Professor Putnam, who is the Professor of Public Policy agrees with you that we would be much better off if we were living in a much more trustworthy society than the one we live in today. In other words, trustworthiness is really a big deal. But when we think about starting new businesses, how many of us think about trust? When we think about design, when we think about applying technology to solve problems, how many of us really think about trust? So that's the one piece that I want to spend some time talking about today. So, you know, social trust is a very nebulous thing. Like what does it even matter? And how is it correlated to startups or the economy? So there is an institute in UK called the behavioral insights institute, also called, the nickname is Nudge Team, right? They help the UK government when it comes to tricky tax reforms or implementing public policy, which is going to find it difficult to gain public acceptance. So they conducted a study and they found that trust was not only them, but many, many economists have conducted a study on this topic as to how trust correlates to GDP per capita. And as you can see, the one that's missing, that the highest dot up there is Norway. And, you know, at the bottom you see Philippines Zimbabwe Ghana. So there is a clear correlation that emerges between trust and GDP per capita. However, please note the interesting deviations here. Thankfully for us, India, despite being on the lower quadrant of GDP per capita, is fairly decent on trust. The interesting thing about India is that Indians have more trust amongst individuals and in pockets as opposed to institutions. As was evidenced by the audience here, how many of us trust our political parties or the government? China, on the other hand, is very high on trust for a country that is fairly low on the GDP per capita. United States, you see, is on the other side. They're very high on the GDP per capita, but somewhat average on trust. What that means is that the designs or the innovation, the psychology of design that applies in China and in the United States cannot just be copy-pasted into India. It will not work here, right? You have to design something specific for India as an emerging market. So when social trust is low, small businesses find it extremely hard to take off, right? That's the friction it creates. New business initiatives, they find it hard to get off the ground. What that means is as a startup, you might be able to get to your first movers and your early adopters, but to really get to scale, you cannot do that unless you solve for trust. So I thought as part of today's talk, maybe we can spend some time looking at some of the startups that have solved for trust in a very unique way and see if there are any insights that we can derive from these companies which are not necessarily in the payment space and maybe they'll give us some food for thought as to how we could apply it in our own lives as payment companies, right? Simple, we like to talk about trust and how we solve for it. So these are some excerpts of stuff that we keep discussing at work often. So yeah, just one more, I guess, quote from David Halpern who is the CEO of the Behavioral Insights team is that trust is a way more powerful predictor of future national growth rate than levels of human capital or skills in the population, right? So I guess India has placed it a reasonably good spot. Okay, so just before we get into the examples of how companies have solved for trust, Abhishek of ASGIC had asked me, what is trust, like what is social trust, right? So I looked it up like what is social trust and the best definition I could come up with was social trust is kind of like dark matter. 80% of the universe is made up of dark matter but we do not even realize that there was something called dark matter and that it really affects our lives until recently. So social trust is kind of like that, right? It's there, it's super important but it's not obvious and we don't give importance to it. How many of you have used Ola Auto? Good, how many of you are from Bangalore or Chennai? Excellent, so five years back if I had asked you, would you prepare for your auto ride? What would your answer have been? You don't trust the auto driver, right? In the scheme of trust, the auto drivers are probably at the lowest, the bottom end of the totem pole. Same here, right? I would have said buzz off, right? Forget about it. However, today we are obviously preparing for auto ride and taxi ride. Five years back also it was not just the auto when I still remember that when my mother used to call for a taxi, she would threaten the travel agent. You guys remember travel agent? The dinosaurs that used to exist before Ola and Uber. So my mother used to call the travel agent and be like, threaten him to send a driver with a clean car, a clean driver who's not going to be irritable and who's going to be flexible wherever we were going to be with us for a few days, right? So however today that's something that we take for granted. And how has Ola or Uber managed to achieve this? Of course they've done many things. They've applied technology very smartly but one of the most clever innovations that they have made was they came up with that two-way rating system, right? So earlier what used to happen was if the guy had a rigged meter like my most vivid memory of the auto and I was discussing this with my colleague Roshan yesterday was like constantly observing the meter. Like is it going to jump? Is it rigged? Is it going to go from 25 to 30 suddenly? Let me catch the guy red-handed, right? Today none of that happened. So what has changed, right? If there was a rigged meter, the worst case, the downside for this guy was at the end of the ride he would get a tongue-lashing from me and we would spend 15 minutes arguing but he would walk away with his money and I would leave. And let's say I had hired a taxi and I had made the guy wait and when I show up late and the guy is obviously disgruntled with me and says something, I would have given him a tongue-lashing saying that how dare you lowly driver talk to me? I have the right to be laid, right? There was no repercussions. There was no down-style for bad behavior. What was the small little hack of having a two-way rating system and making it known publicly and making it kind of mandatory at the end of each ride just the way they designed it ensured that certain repercussions got built in. The layer of anonymity got stripped, right? So now I know that I am going to be judged based on my behavior by this driver. It kind of became an equalizer, right? He was not a lowly driver anymore. He was the one who was judging me so I better behave well with him. And similarly, vice versa, right? He started keeping the car clean, started, you know, being polite. So the whole relationship got incentivized to move towards good behavior. So I think one of the most important things or the takeaways for me when I think about Ola Huber and what they have done today is they thought about the role that incentives play in making good behavior happen, right? There are certain rules of engagement that you would desire in a system. Now how do you ensure that you pay attention that the design that you are creating is it going to adversely select for behavior or positively select for behavior? So if you have designed it for the right incentive, then you are good. Let us take another example, right? At the beginning of the talk, I think there was one gentleman here who said that you would be comfortable letting strangers into his house. Are you a host on Airbnb? Yes, so I'm sure whenever you do have a big house, you'll probably start hosting. So, you know, like, I think it was in 2008 when Airbnb had just started and the founders were going around Silicon Valley asking investors, Sandhill Road to invest in them and their pitch basically was that we'll convince people around the world, like perfectly normal people like each one of us in this room who did not raise our hands, who are not willing to let strangers into our house. These guys said that we'll convince them to put up pictures of their homes on the World Wide Web and invite perfect strangers to spend the night at their home, right? Like, obviously Silicon Valley did not buy it. YC was fairly young I'm sure all of you know the story Airbnb took off. They created the website. They convinced some crazy first movers to create listings on their website but they found that bookings were not coming at the same rate as they expected. So then, you know, they took a step back. They analyzed what was going on. The few listings that they had, they looked at what were the listings that were getting slightly better results than the ones that were not. They formed a hunch. Maybe it had something to do with the pictures that were posted, right? So just to verify this hunch, the founders got onto a plane, flew from SF to New York, took out their DSLRs, went door to door taking pictures of the houses, high quality pictures of the listings that were already there in New York City. Bookings started flowing in. Sandhill Road came knocking and today Airbnb market capitalization is higher than Hilton and Marriott hotels, right? Airbnb, you have a 10 year old company, Hilton and Marriott are 90 plus years old. That is the power of design thinking when you really apply your mind and think about the psychology behind the decision making. So I think what these guys did was they took a step back and they thought what is the psychology behind the decision making of my user here, right? So it is going to be that one thing that will tip them in favor of making this booking. Closer to home, how many of you guys have noticed the quality of pictures on fresh menu, right? You would agree that I think one thing fresh menu did right, especially early on I remember distinctly is the e-mailer would show up in my inbox and I would get hungry. The pictures were that good, right? So pictures matter and that can be a tipping point into creating that trust that hey my food is delicious, right? Creating that desire, right? So I think it is important to understand the psychology of the decision making process. Now Airbnb is a great example and it is hugely inspiration to us at Simple because this is not the only design thinking inside the behavioral insight that they derived. There were many more, right? Simple things like they realized that getting the host to talk a little bit about their personal interest on the profile page is going to help future guests create a personal connect with the person and make them more comfortable and go ahead and make the booking. And of course they too came up with a two way rating system and designed it brilliantly to make sure that you know that is the virtuous cycle of design, right? If I at home I may not even fold my sheets. I get up daily, I get out of bed I get to work, I go back, my bed is unmade. But when I go and stay in an Airbnb I make it a point every single time to fold my sheets to leave my room needs. Because I know that I am going to be rated, I know that I am going to be just and the next time I travel I do not want to be embarrassed by a potential host denying me you know denying me a reservation because I do not have a great rating, right? So just by creating so once again you have incentives aligning the incentive and understanding the psychology of the user's purchase decision. Those are the two takeaways for us from Airbnb. Now let us come Uber and Airbnb are brilliant Silicon Valley based companies, let us look closer to home. Can you guys think like anybody here just trivia question what do you think was that one pivotal hack or innovation that made e-commerce take off in India bingo and what did cash on delivery solve for right? Because the natural order of business was when I make a purchase goods and money they need to be exchanged simultaneously but with digital commerce you make the purchase first and the good show up later obviously there is a tough deficit I like it or not what if the item get damaged it does not fit etc etc the best way to solve for it is to make allow for the customer to pay on delivery. Now when Flipkart decided to implement pay on delivery they looked at what will be options available and cash turned out to have the best user experience, right? Everybody trusted cash users trusted cash tell us trusted cash there was a perceived sense of security around it and more importantly from the user perspective a perceived sense of control right and that is why cash on delivery to this day 10 years from when Flipkart started is the predominant mode of payment online and as people I mean I know in a payment conference talking about cash is probably heresy right but that is the competition that we have to be for all of us here if we are doing digital payment the real competition is cash ok so what are all like just to summarize some of the things that we have learnt till now right pay attention to what behaviour your system design incentivizes think first principles ignore conventional wisdom so like for example conventional wisdom in case of Airbnb was that nobody is going to let a stranger into their home however by applying design cleverly they were able to incentivize and create value for the same thing that went against conventional wisdom right when you know when we were starting a simple conventional wisdom was that all Indians are crooks do not give them credit right but that is exactly what we have done and we are successful today so conventional wisdom does not necessarily mean if the truth I think it is important to figure out what is the psychology behind the user's decision and how can you design your technology end to end again when you think about design I think one mistake that we make is the only thing about UI right it is not about the prettiness of the design it is about end to end system design like every little detail that goes from pre purchase during purchase to post purchase if you are talking about payment right so now let us look at something so basically what we have established till now is Ola, Uber Twiggy, Flipkart Freshmenu etc they are all continuously innovating on design to solve for right and I think the question in front of all of us today who are in the payments of the digital money space is how can we work with merchants very closely to solve for some of this so let us look at something that you know when Twiggy and Zomato well Zomato came much later but when Twiggy had started and they were looking at they were getting people to order food on the app to me it sounded like it is the most convenient thing to do right like you are sitting at work why bother getting out let me just order but then there were a lot of people I was one of the first movers or the early adopters but there were many like Twiggy at that point where they needed to scale they needed to capture that next level of customers and when they looked into what was it that was stopping some people from ordering they realized was that 45 minute window from order placement to the guy coming to your doorstep with the food was a black box right there was just no and the one of our merchant partners in fact told us that about bulk of the calls that they get from customers is asking about order status during that period right so what they did was they solved for it by giving a little more transparency now on Twiggy you can see when the order was accepted whether the order was accepted by the restaurant or not when the delivery boy showed up what route he is taking to get to you the whole thing so one is not only did Twiggy by doing this give more comfort to that user who was reluctant because of this black box situation but also they saved on cost the load on their customer support team decreased and they could use it for some better purposes so they like their customers in other way so I think one thing for us in payments to think about by taking the example of Twiggy is that often times when you think of payments you think about just the point of sale like you complete the payment and you are done but truly speaking the transaction itself has a life cycle right there is a pre-purchase purchase and a post purchase scenario to the transaction now what if those of us in payments just open up our minds and think is there a possibility to weave payments into the fabric of the transaction can it be woven into the life cycle of a transaction what if instead of a point in time you could place a hold on the user's account in terms of money when the transaction is made and only once the order is delivered the money actually leaves the hold is released and the charge is made in the name of the customer will that inspire trust will that get that next level of customers to start using digital money maybe what is the other source of where currently it's a little bit of a black box right again another merchant partner told us that 30% of their post purchase call are when a return or a refund has happened people call up to ask where is my money where is my money so now is there a way to solve for that can we give transparency or visibility into the post purchase life cycle of the transaction because the payment is attached to the transaction always right what if you could allow if there is a refund or a return similar to the you know similar to this one where you see the life cycle of a delivery right the status different stages of delivery you could see the different stages of a return right ok sugi has initiated the return the gateway is processing it today the bank now has it it should have shown up in your account right it would give us so much more comfort what if another source of I guess concern or concern for most people is what if and again this is particular to India right this is where I would like to just remind us of that graph that we saw earlier where the difference between United States and India in America commerce evolved over a period of 60 years what that meant was like in 1950s and 60s when Visa Mastercard actually started the form of commerce was just moving from mom and pop shop to big format retail and from big format retail it moved to television catalog buying from catalog buying it moved to internet buying and today it's moving to mobile commerce so in that process what happened was over a period of 60 years customer laws facing customers and reading customer like a king evolved gradually in the United States right therefore there is a lot of peace of mind that comes because there is trust in the institution whereas in India now you guys go to court like if you are unhappy with Flipkart you think the studio over try and go to court like that's never gonna do it right it's such a waste of time so the responsibility of innovating for trust falls on the shoulders of private company, entrepreneur, startup right so we need to when you think about innovating when you think about solving for social trust in the absence of systems that give your customer peace of mind I guess something that you can think of is how do I give my customer peace of mind when they are you know when there is a charge back scenario of course it happens very few times but when it does happen kind of messes with your mind and maybe is there a way to redesign or go back to first principle ignore conventional wisdom and rethink of what that experience could look like where you could convert an unhappy charge back type emotion in a customer's mind and convert that into a delightful moment because you actually problem solve for that customer right one simple thing as a payment company we do payment companies or people in the digital money space merchants who are trying to move from batch to digital could think of is you know giving more control sense of control to the user where they can initiate a charge back from their dashboard and transparency into its space right maybe instead of billing them put it on hold while the merchants are looking at it and why should we think like this right I mean think about it the I'll just tell you an interesting anecdote last year so I moved back to India from the U.S. a couple of years back I'm still paying my student loan so I had to figure out a way to transfer some funds from my Citibank account in the U.S. to my Bank of America account also in the U.S. and last year I was like getting on the I went online and I tried to do it and I realized there was just I spent 30 minutes because I was so sure that there has to be a way to transfer that money right I'm so accustomed to doing Interbank transfers here in India like there must be a way maybe I'm not able to figure out the interface finally gave up called up Citibank customer care and they told me sorry ma'am you cannot do it there is no physical way for you to transfer money online from your Citibank account to your Bank of America account in the U.S. I was flabbergasted like I was impressed with what's happening in India so we in India are in the last few years if you look at what is happening in financial technology banking innovation even the RBI right there is everything that we talk about today whether it's Wallace, UPI technologies like simple everything has happened only in the last few years so we have an incredible opportunity in front of us to think first principle to reimagine what a payments tax could look like reimagine how to solve for trust ignore completely set aside conventional wisdom and rethink how we can create the future of payments and basically it's money flow right at the end of the day transactions are the most granular entity are the atoms of the economy and if you are able to figure out a way to ensure that commerce is all about value creation as opposed to money transfer alone right if that becomes our goal there is so much for us to do in India and we have the opportunity to leapfrog the rest of the world right we can take this innovation and take it to the rest of the world where there are which is still dealing with a lot of inefficiencies thanks to the broken ancient rigid banking infrastructure that currently exists in the rest of the world and in India today the payment companies that's both our opportunity as well as our responsibility and by applying some of these basic design thinking principles I guess we can create a new future and set an example and create billion dollar companies for the rest of the world thank you so we also have a bar at about 4.15pm and I guess we'll spend some time there are a couple of our merchant partners also coming there we'll have a freewheeling discussion around specifics of you know some solutions that we've come up with and at simple what are the frameworks that we've used if anybody's interested please do come and I believe you have office hours as well from noon to two you're on the schedule I have office hours that would be in room one if you want to bag your office hours just scratch yourself off with does anybody have any questions ah one in the middle there hi there's a great talk thank you sorry so in this talk we've got great insights on the design for B2C applications for products that are there how about B2B I work in a B2B environment and it has been very very difficult environment for us to think about how the designs can be better for our merchants we didn't really work in the business because a lot of it is driven by how the other business wants to be right so there is not much opportunity I would say to see how it can be better right at the front but of course there will be opportunities and I'm sure you can guide us through that how B2B space can be can actually consume that kind of things you know which company I would imagine you would have many more experts at your disposal than me so I think whether it is B2B or whether it is B2C my thinking or the best that I can offer is it again goes back to being able to look beyond what the customer wants to what is the underlying problem that is making them say that they want it I mean maybe we can discuss specifics of what you are talking about later offline but just to give you a different example you know when Henry Ford was asked how did you come up with you know how did you figure out that you needed to create a car and you asked your customers his answer was if I had asked my customers they would have said that they want faster horses the customers will never know what they really want it's the role of the entrepreneur or the business owner or you in this case to really understand what are the underlying needs if it is if speed the underlying need if speed is the underlying need giving them what they want may not really solve for that problem and then it's about going back and educating them about this so I think it's about really looking beyond I think we tend to get tunnel visioned around what customers ask us for I think it's very important as innovators to be able to look beyond what they want and understand the underlying needs that's probably the only source of insight for us to figure out for this presentation my question is primarily around low amount credit my question is related to that so how has the response been and how has been the conversion percentage I'm sure you guys do some logic on the previous orders and all that but how has the general market adapted both like you said people perceive that there would be a lot of prevalent people who would not want to pay and what learning really came into that because that is a perception if you see Uber or any other company their programs have been heavily abused so how has it been into the credit specifications Ola and everyone has entered into the space your name Saurabh Saurabh that's a great question it again I think goes back to the incentive structure and ensuring that you don't design for adverse selection I think one thing that simple as we've done from the beginning is figure out how do we ensure adverse selection does not happen there will always be some amount of adverse selection that happens but you want to make sure it's minimal but you need to design, we've tried to design the system to ensure that it stays at that minimal so to give you an example I guess for us the inspiration our design inspiration has come from the urban merchant all of us are familiar with the local neighborhood store who gives us a kata or a tab where you just buy, buy, buy and settle once in two weeks or once in a month now there it's about it's less about the credit it's about the relationship and the value that you get on top of that relationship so at simple any of our customers one thing they start realizing as they start using simple is it's not just about that one click it's not about the credit alone you get the credit but you also let's say there is an issue and you reach out to us we are able to work very closely with merchants to ensure that you get treated fairly and you know you get your money back if there is a start back type scenario so that's why we talk about end to end peace of mind and it's not just about the credit and when you're offering that end to end peace of mind then and the customer realizes it the value of that end to end peace of mind compared to being able to run away with a 750 rupees or 1500 rupees you're incentivizing them to choose this as opposed to this of course there is a possibility in the beginning that there will be some people who may choose to still not pay simple because simple is still small we are not yet present on as many merchants like you know the big four etc it's only a matter of time as we scale and as we get there we get to the point as we develop the size of our network grows the utility that simple adds the value that simple adds to the life of the customer is going to start outweighing the benefits that a customer might get by running away with that 1500 or 2000 rupees and that's how we are thinking you know solve for long term value creation as opposed to being afraid of people actually behaving opportunistically in the early days to give you a very simple like you know like this is not something we had even thought of right there was a customer who once wrote to us and how I guess this talks a little bit about how are you treating the customer when you ask the customer now imagine the neighborhood store scenario if that guy had told you that sir you live nearby why don't you give me 10,000 rupees at the beginning of the month whatever you buy I will start knocking it off of your 10,000 rupees and you know we will settle accounts in that manner like a prepaid scenario versus a postpaid which one obvious that the postpaid one is where the merchant is trusting you right so you get a sense of obligation towards that merchant there is a psychology there is a human behavioural psychology involved here and that was something that we had thought about in the beginning and it turns out to be true like we got innumerable emails from people telling us and one I will share one of them with you was from a student from Andhra Pradesh he had written to us saying that all my friends are asking me not to pay your bill but you have trusted me and you have given me money you haven't even asked me for KYC if I screw with you guys I will have bad karma for the rest of my life right so I guess I mean obviously we simple does not want to rely on the goodness of people's hearts or bad karma coming back and biting them we rely on technology and finger printing to make sure the system is more robust but that is I guess you know when you think about adding value to the customer's life I think our entire focus is on making sure over the journey of simple we continue to add more and more and more value to the customer where it goes beyond one click goes beyond credit it goes beyond just this piece of mind we are thinking of various other things which I cannot talk about today but the whole objective is to add more value to the customer's life which will ensure that the incentives get aligned so the incentive for fraud is low and the incentive of following the rule is high. Thank you so much that was a fantastic talk very interesting to see hand raises of who trusts and who doesn't trust the bof this afternoon is in the other auditorium so don't come back here if you want to be part of the birds of feather discussion on trust it is time for tea break or if you're me it's time for coffee break we will be back here at 1145 with a talk on web payments so we'll see you then enjoy your tea welcome back to Audi 2 we're going to start our second session of the day with a talk on web payments Hemantz is going to take us on a deep dive into the WC3 web payments browser API including use cases, advantages and a very interesting demo please welcome Hemantz okay hello PPP again let's buy something online we have done this many times so we have done this many times we probably have done it on mobile web too you go to a site you add something to your you know checkout card then go in add your card details then proceed then buy you probably get an OTP and do some two factor authentication and finally you have your products there which is ready to ship probably you just wanted to buy some fruits online and you had to build some shipping address and the payment options what is your shipping address what your payment address should be what's your payment type and things like this so here's a study done the second most reason where people were abandoning their checkout card was because of the complicated checkout process the first one of course was like creating an account which kind of solved now with many ways to authenticate and log in the user can you make a guess on how long the average checkout time is measured in terms of checkout steps 5 to 7 steps I was seeing someone flashing a 5 there that's almost close 5.42 I think those guys who have done a lot of checkout on different websites that was a very good guess it's around 5.42 steps and the checkout length measured in terms of form fields the number of form fields you have to fill before your checkout is unformed it's around 8, 10, 20 15 shall we average it out 14.88 what if we had this suppose our site makes a call to some API and then that API orchestrates all our pain points of filling a checkout form which already has your shipment address it has shipment mode like can it ship path can it do a normal shipping or can it ship on a drone or something or make it faster than you or it also has your account information the user information mobile number and the card the user already has and there is no form to fill just go and click on the checkout button and there is an API which takes care of all this headache and the user just clicks pay and you get the card information and then you pass the same data to your payment gateway and you are good to go wouldn't it be good if we have such kind of one button checkout experience welcome to web payment we are talking about what web payment is in general what payment request is there chapter one the structure of the payment message I will probably try to dive a bit on what the API looks like what are the structures like and then we will probably look into a demo to get more so I think most of them are aware of this beautiful JSON structure which we use in our day to day for data exchange right so I am just giving a quick overview for people who aren't really at their life it's just a key value pair you have a type and you have properties and you have something like required which is on a rate of basically suggestion of that so before we see what the API looks like we need to get few key terminologies or key jargons right nothing very complex there this is the term called pay pay is the entity that receives the funds right and then we have pair the guy who is paying to the pay and there is the payment service provider that can be your card institutions but that is very key so these are the key terminologies that we need to keep in our mind so how does the payment request look like so payment request basically will have a type a description, payment terms payment details and payment options this is how it would look again it's an object so we have a type we are saying it's a payment request and the description like payment to ppp.in and payment terms we have a payment method that's just like legacy card payment on my site it's an endpoint and then the payment amount 4.35 dollars it can be INR or it can be any currency value you want to set and then you would get a response from the API what would the response look like the response would have a type description payment terms and payment options so something like this where we have the type description payment and the payment methods response details will be plugged in there and we have the payment options chapter 1 the payment roles what are the payment roles so assume that this API is like a mediator so you see sitting between your browser and your payment gateway and he is taking care of all the hard work that you would have normally done probably saving the card on your site securely or having a less form field or trying to use autofill form field to make things easier and faster so assume that this API is like a mediator who is sitting there between the payer and the payee and helping things get smoother so what basically happens is the payer comes in and adds something to his card and then goes to checkout so then we mediate the checkout process to this mediator API which kicks in and helps to identify the card and gets the card details and passes it on back to the site because he is a mediator he doesn't really work as a payment gateway he gives the details back to your site you just validate to whatever you want on that and then pass that information on the back end to the gateway get it authenticated and get the payment here so on the front end for the user these things are very opaque he doesn't really see all the complex of that going behind it just clicks for him and the mediator takes care so if you see here we have your payment app sorry to the problem we have a payment app and we have the mediator we have the payee and the payment network so the payment network can be any of it can be either those cards before cards what we have or it can be the external API like probably like Google Pay, Alipay or like even Apple Pay these are kind of fundamental payment networks supported on the request API there are proposals to integrate other services probably even I saw a few thoughts here on Razer Pay or PU guys even they could probably integrate only thing is it's a bit of a complex process everything to all this payment the app should be PCA compliant there is something called PCA compliance where if you are trying to make an online transaction using a credit or a debit card you should have some compliance rules you should adhere to some rules so that you are assuring that the card is secure and you are not doing something fraudy on that card so there is also a proposal which says we could also get in cryptocurrencies as one of the payment methods so as of now we have credit cards as basic card and the Alipay whatever so here is a flow of the pair registration of a new app which I was talking about so there is the mediator operated by the pair so that makes a request to the payment app the payment app gives a registered true or false like what's the registration of the full and then the payment app says the payment app registered I was registered with this mediator the end rolled payment instrumentation that goes in and the payment instrumentation end rolled gives a handshake this is the handshake that happens when you are registering a new payment app this is the flow where the pair buys from the merchant website or maybe a web app or a normal app the whole idea is to have the you know the checkout process on a browser where mobile browser smooth and effective here is the example where the mediator the pair clicks on the buy button on the website and then the payment request is sent to the mediator where the mediator makes a check on select payment app for transaction details and the payment request is sent to the payment app and there is again the payment response the dance that happens and the payment response goes to the website and then the payment instructions goes to the payment network that's like your visa or credit card and it goes validate and say hey it was successful I was able to do the request what you sent to me and then finally the purchase is successful this is the whole dance that happens but for the user as I have been mentioned it would just be I want to pay this amount and then you would probably hit his CVV or CVC number and that's it so at any point of time if you have some clarification here you can just stop right away I wanted to be more of a conversation just one way and then the Q&A I will have a Google Pay or Alipay I will probably show it when I talk about the API in the test so the question was is Alipay or Google Pay already integrated with the spec just the WP spec is on payment request API is a WP spec it's a standard it's not like a Google API or anything it's open and it's integrated I will be talking about what process supports it because they are CTI compliant and then there is a process for getting the Google Pay you can have it I'm sorry if you are going to ask a question you need to have a microphone otherwise our live stream viewers cannot hear you so raise your hand if you want to ask a question I'll be happy to bring you a mic that's why I repeated the question chapter 2 is the payment request so here summarizing everything in one picture this is from the edge document where we have our web server web page in the browser and the wallet so we have this method called show on the API which we will dive in right after this and that will show a dialogue box which is within the browser you need not worry about making your own dialogue box for getting all the user input so it's basically about form less check out sounds a bit cranky but that's how it is there is no form that the user will right and the user chooses a shipping address he can choose where it should be shipped and if it's saved in his browser's autofill the same list will be shown here in the dialogue as well there is a shipping address he can modify add things like that and then the payment request API goes in he makes a purchase there is a successor failure so you have a control whether there was a successor failure say what would be the different cases where the successor failure happens say the user selects an address so you have total control when the user selects or changes an address so you will get a callback which has the address in it and then you can decide whether you have the ability to ship to that address or not and right away show there in the dialogue box itself that you can't really ship to this address rather than the user fails everything and then goes to check out and say sorry we can't ship to this address it is pretty instantaneous there because you get callbacks on each and every change there is an address change and there is a shipment type where he wants to check and if it's a some kind of a prime kind of service so it clicks on that and you get a callback again and you can check whether for this address for this item I am trying to ship or not and decide on the fly and show him that sorry we can't really provide you this and the payment button itself wouldn't be active. So APIs and demos these are the ingredients that goes into the API first of all you need a modern browser then you need the method data details and options or what do you mean by modern browser to answering to the question that the gentleman asked here these are the browsers that are supported now like Firefox has a plan to ship it and Chrome and Safari is there online so these are the the red ones are not there but there are they have they haven't given approval to implement this API so it's on its way. So can I have it how do I check whether I have the payment request API support in the browser or not it's pretty simple you can just do a window.payment request check for that if that exists well and good you have the payment request API with you or else you should fall back to your legacy payment process so we're talking about the method data right so the method data would have supported methods then it would have data data would have supported networks and supported sites. So on the supported methods we say basic cards so basic cards include visa and master card there is also mx or there is also a proposal for how do I handle gift card suppose I have a basic card and doing the payment with visa but I have a gift card I need to apply a gift card on it how do I do it so there is a proposal on that there is some discussion going on with that as well and supported again on the method data you can have multiple supported methods and the supported networks for it the second one here is example.com.bop.pay so this is where Alipay or Google Pay URL endpoint would come in and then the data would be very specific to the merchant so if you have your Google Pay setup then you would have your own merchant ID or specific that's what you will pass it here in the data that API needs some options you could pass it in the data in the method data so details, details is where we say what are all the items that we are, is there in the checkout so you can say like the subtotal is this, the total is this I am giving a discount of this and these are the summaries like hey I am shipping you some noodles from my restaurant or you want to say some message or you want to say we have a discount for you because you have been buying with us for consecutive 3 weeks or something like that all these descriptive messages that you want to show in your show in your checkout process goes to the details object so in this example there is an ID for the store and the display items what are all the items that needs to be shown in the invoice so you have the subtotal, the sales tax and the total due so here in this example it's like 55 dollars for the subtotal but then at the total amount you see that it's 65 that's because we need to add the shipping so select the shipping cost so if you want to add some cost whatever you want to display what's your for us it's like a legacy or something you can mention that there and it will show up in the invoice and we can add some shipping options too like I have been mentioning you can have shipping options to be like standard or draw on or whatever different type of shipping options you have and once the user clicks on the shipping option you will get a call back again to get the index of which shipping option that was selected so you need to say the user suppose the user selected drone and that locality doesn't have drone support then you can go through the index quickly see what that gets selected and check the location which you already have in your request call back and say hey I am not shipping I can't ship to you because my bot is dead or something like that so you can give that customized message also update your shipping options to the details of it and finally you have the options argument where you can decide what to ask during the checkout process whether you want to ask the payer email ID, name, phone and shipping details all these are options you can skip all of them then just the card will be there and you can decide based on what to do say for example on the card you know where to ship already because the user's address is there with you and you don't want to ask him on the checkout process so lot of edge cases have been thought through this API and it's pretty flexible and you have total control on what you want to show on, what happens when the user clicks on so you need not have to write any extra logic to handle the different selection so all of them are very neat promise based API talk is cheap show me the scroll so I want to do a demo on my mobile we try connecting it my pixel 2 is a bit spanky why it is not able to detect so I got an idea of showing on my web cam and pointing my phone to the web cam so that you guys can see it on the screen I haven't tried this before let me see how it goes here is a simple demo which I have posted on my site so you guys can see it at least you are able to see the red checkout button very bright, better now I think this is fine if you have a checkout button you could do a thing as well if you have a mobile device or probably on your desktop also you can just go to hcman.com demo-payment-request and this will load up you just use a second so when I click checkout you basically see this dialog which says payment API request demo that's the site like even and what is the card I already have view the card so it shows the card which is there and I can go and edit or add a new card so adding card is pretty neat and it says these are the cards I have to validate for you whether the card is valid or not so you need not worry about doing all those validations and after you add the card you just go ahead and hit the pay button and it says processing this I am just taking I don't have a server to process your card information but you could definitely give your card information that would be helpful so I would just here's a deal it's asking for the CVV I would show you my CVV 123 and I just go and confirm and here we would see the JSON cluster of what the response is so that was the demo experiment I will bring up the same here on the desktop it is not just the mobile web it has the same experience I just wanted to show how would the pop-up look within the mobile device on the desktop is the same experience you have your payment option you can select the card and here are the details order summary in your friends and family discount I was talking about CVT it's in INR and I have given a discount of 500 rupees then we just go and do a pay and it asks for CVV I hit the confirm this is what the response looks like so the method was a basic card the details had billing address address line 123 I was lazy to fill all the address so I just did that and city was bangled over you get all the information you get my phone number as well and the card I have just masked here so basically on the response you would get the entire card number I have just masked it here for the demo you could just go ahead and play it and let's see the code now should I just bump the font so the magic happens with init payment request so we are checking whether we have the payment request support in our browser or not if we have the support we will go and init the payment request in init payment request we have networks like amix, dinners, discover all this mark the card, visa and the types we have debit credit prepaid and the method data was taken array now it's like we have to just give a string which is like basic card that's what we are supporting in this use case and the data with supported networks with all the networks as mentioned above and supported types are the types like debit credit and prepaid and the details object looks like this this is where I said buy some food from manindal restaurant and the currency is INR the value is so and so and the display items, original amount you know a structure so suppose you would get all this response from your service so you are making a call your service gives you a json so you could just massage it and put it in your details object so it is very light on the print and then you have the payment request with method data and details I have not passed in the options here as the name says options is still options where in options as I mentioned you could ask for the email address or phone number and things like that so I have a button here so on clicking on clicking of that button we would pass in the request so we would get the request here and request.show would result in this dialog box so request.show would result in the dialog box and that is a promise with api so you would get the instrumented response that I was logging there you could pick up that instrumented response and pass your server that is what you have to do to know whether the transaction went through or not so I am just taking the response taking the server call here and then you get a complete success failure whether the transaction was successful or not on complete you will decide and pass a success on success I am just in this case I am just updating the DOM show the response so it is a pretty easy thing to do so to cancel the payment I am logging like a boarded request so you could also just hit an escape and that would result in a cancel as well so any queries on this part of the code so in this use case I have not used options so you could add options and see how it looks like definitely ask you to fiddle around with the code I just got a bell on the time box so I am not really clear on where the payment actually happened like you got the response from the payment api was the payment already done by then that is a good question it is not done so as I have been speaking this payment request api is just mediated does not do any payment for you so you are just selecting the card certain the UI yes it does not yeah you can assume that you had a big check out form basically where you would validate the card and everything all those clauses handled by this and you just filling your card and if it is already added you can just select the card and then in the response you will get all the information the card what was the amount and everything and you pick that and pass to your server and the payment gateway will send the response the payment was successful or did it fail so I have also created a fiddle so I mean when you mention that the payment service provider has to be easy ideas is compliant easy capturing the card details on the screen itself and then it is getting sent over the wire or how is it going to work there are two options here you enter the card details and it stays on your client it does not get stored anywhere it does not get stored in some server or something and it passes to the website so there is there is no man in the middle attack I can expect that what you are saying so if your site is already api site obviously the provider if your site is already you would not be doing that and if you see all this online site where you can purchase there will be a certificate saying these are the complaints we have so if that company is there they will make sure that it doesn't kind of leak over the abstraction or can get can happen a man in the middle attack and someone can see your details that won't really happen and the other thing is you can authenticate with your say google account and then you have saved your card details on your google personal that details you can fetch up and say hey this is the card I see it will just be the last four digits and it will last for you for the cvg and you can hit there and it is like the token waste application that happens so you have two different ways to do that but I have created one more fiddles where you can go and play around in this fiddles and try to add different options and see how it behaves in this case compared to the previous one it is bit more verbose where you can choose the shipping address these are all the shipping address that I showed in my google chrome browser so these are all the shipping address and I can also choose my payment mode I can add a card the same process and then I have my contact information here after I choose my shipping address this is the error scenario we can't shift to this address in this demo I wanted to show how you can show can you shift to this address or not so it is not like after paying to the payment process you say hey sorry it says they are instantaneously so you can add a different address or choose a different address and after choosing you would get a payment method the fiddles I will probably tweet or you can just go to the fiddles and you will find it there and probably you can take the conversation further offline I am definitely happy to help and if I can't get right answers I know folks who are part of the development I can get interested so if you like the payment frequency and the payments and hope you guys will use it on your mobile browsers and on your PWAs and make it even more sexy if I can call it thank you thank you very much as we get Chris set up for his talk I would like to remind you that your schedule is your feedback form and we would love to get your feedback and I think the next thing only has four binary questions was the content relevant was it at the appropriate level for you was the speaker prepared in your opinion and would you recommend this talk we put all of our talks up on YouTube and haspeak TV so you can review them if you didn't see them here for example if you wanted to see something in both auditoriums at once you can choose and then you can watch the other one on the video I would like to remind you that flash talks are today at 3.40 we have slots for four talks I have no sign ups yet but I sure would like to see some people yesterday I had to get up and give a flash talk because we had too few of them so please don't make me give another flash talk because today I will probably say this is your incentive to either not attend or to sign up and do something more interesting talks are five minutes long they can be pretty much anything payments related as long as it isn't a sales pitch or a hiring pitch you can come see me and I will write your name and your topic down and I think we are just about ready maybe not quite just about ready this afternoon after lunch at 2 o'clock is the UPI workshop if you have a workshop ticket your badge will be marked they're doing check ins starting at I think 145 the workshop begins at 2 and it's 2 hours long they're still testing the next talk is listed as one way on your schedule but actually it has been renamed turning morality into math AI ethics for India was just too straight too dull for the man who is about to give this talk so he's renamed it write this on your schedule the loans for ladies stags pay extra that's a little bit more conflicting and confronting than turning morality into math but the topic is still the same Chris is the head of data science it's simple and fairness in AI is the intersection of analytical philosophy and mathematics what happens when an AI begins behaving in an unethical manner good loans to us ladies it sounds good but it really isn't good what does morality in AI even mean can mathematics solve the problem but Chris is definitely going to open some eyes today I'm unmuted hi everyone so yeah I'm going to be talking about AI ethics and I'm going to focus on the lowest level of AI ethics so we're not going to talk about terminator situations here we're going to mainly talk about the one that is relevant to payment and whether whether our lending processes or our fraud detection processes are going to be unfair to some groups in society this is a pretty hot topic these days as people are starting to realize that a algorithms don't always do what you want them to do so we'll sort of just talk a little bit about how that happens so about a week before this talk I discovered the simplest algorithms that can do something bad so this is not actually in payment this algorithm is used to prevent shoplifting in a supermarket so what you do is you go to your point of sale system and what you do is you calculate the shrinkage rate so the shrinkage rate is how many items you purchased to have in the store minus you basically look at how many of these items you sold you count how many are left in the store and if they're the different that means someone stole some of them so you make a spreadsheet you put the skews number that represents a particular item you look at the shrinkage rate you look at the price of the items and then here's a very simple ai you multiply the shrinkage and the price is this not working very well then what you do is this third column you kind of see represents how much money you're losing to theft on that particular item so you sort the spreadsheet by by this amount you're losing and then what you do is you look at the top items so the ones I've marked in red have the highest rate of loss and what you do is you put anti theft devices so these are those little boxes you see in Indian supermarkets they're usually on chocolate and if you were to try to take it out of the store without taking it out of the box it will flag an alarm and you need the shopkeeper to take the box off so in most ai we can possibly understand and everyone here understands what it's doing can this ai behave in a racist or a sexist manner that will make people unhappy and the answer is yes so this is a real example that happened in the US the retailer Walmart is being sued for it if you are a white person there are no anti theft devices on your hair dye and if you're black it's in a an anti theft device a lot of people find this fairly offensive and Walmart certainly has egg on their face from this example and all this happened just from literally taking a spreadsheet and basically sorting by the highest rates of theft so there's a lot of reasons to think this is bad first of all it offends a lot of people most of your black customers have no plans to steal whatsoever they still have to deal with the hassle of going to the cashier getting them to take this anti theft device off it slows them down in the checkout and it also perpetuates racist stereotypes and in part it does so because they have an element of truth according to the point of sale system this was one of the most stolen items but on the flip side let's think about why we might actually want to do this anyway so stolen it costs the store money and they have to make up the money somehow they make it up by raising prices on either the item that's being stolen they can raise prices on all the items and the cost of theft has to be borne by customers somehow another thing a store might do is stop carrying items that are stolen a lot this can also be very bad so my ex-girlfriend she's born in Mozambique but she lives in Pune so every time I come from the US she asks me, Chris can you bring me some shampoo for black people just because in Pune she can't buy it it's very annoying to her so if the store stops carrying the products you want because they're stolen a lot that's also bad and similarly these anti theft devices are limited so another option is to put them on everything but now you're inconveniencing 100% of people instead of a much smaller fraction of people this is the fundamental this one example kind of illustrates the fundamental take away I want everyone to get out of this talk which is that there's a lot of relevant ethical principles here and you cannot actually satisfy all of them in most cases there's no way to simultaneously be utilitarian and also to avoid stereotypes and to treat every group fairly and also every individual fairly so to begin with this talk is going to be both math and computer science as well as a bit of philosophy so we're going to discuss the four major ethical theories that I see as playing a role here and one thing I want to emphasize is that most papers you read about AI ethics are written by someone in San Francisco and I interpret the San Francisco broadly it might mean Seattle it basically means tech companies on the American West Coast Microsoft, Google, Facebook and then a few universities mostly Stanford so the ethical theories they have are very much informed by that context and are quite likely not super relevant to India so what I really want to encourage everyone to do is both understand where they are coming from if you're interested in this topic and also to ask whether the algorithms and the processes they've come up with really apply to India maybe we need if India has a different ethical system than San Francisco does then we would need different algorithms as well so the first sort of ethical principle is individual fairness and what this means is that there are certain traits that we consider protected so gender is typically one in India caste would probably be one in the United States race would be one there's a variety of traits that you feel it's unfair to condition a decision on so basically here's what shouldn't happen we're sort of deciding let's say state of origin in India is one of these traits I should never say you're from UP I will not lend you but if you were from Maharashtra I would lend to you individual fairness says that should not happen and you have to pre-specify these traits but whatever they are it's a thing you need to consider now another more San Francisco idea is group fairness so remember in individual ethics we said I should not make a decision differently depending on let's say your caste whereas in San Francisco ethics you sort of say you look at each individual caste and you say some statistical property is the same across these groups perhaps my loan approval rate should be the same for upper caste and for lower caste or perhaps the false positive or the false negative rate should be the same so fundamentally when one of these statistical properties is not equal it's called an allocate of harm it might mean you're making loans predominantly to people from let's say a higher caste than to people from a lower caste so this thing that becomes really important if you are considering group fairness is what is the definition of a group so that's a question on the board what is a Marathi I've not seen a clear definition we all have a general idea but there's no clear definition and I've listed a bunch of edge cases of people who you could kind of consider one and might not be depending on how you choose the definition that would affect these statistical traits including some people from your class and that could then fundamentally change whether something is fair to a group or not San Francisco virtue is not noticing things that are I use the term problematic because it's popular in the US and again I'm really focusing on the US because that's where most of the work on this field is done so certain things if you're a good person you will just not notice certain facts so this is a screenshot of Google can you read this in the back okay so this is a screenshot of Google's auto-complete and I typed into Google why are camel so and it gave me quite a few things that people are frequently searching for I've been to Singapore that's a good question there are a lot and then you can there are many things that are true that are listed for Punjabis having spent a fair amount of time in Delhi I can they don't seem crazily wrong this is American Google if you type in why are black so why are Hispanic so why are white so there are no auto-complete suggestions there's not even there's a lot of search results you just won't get so in San Francisco ethics there are probably things you could observe you would observe and you might want to be searching for but Google is not going to help you search for those things you're just not supposed to notice this this is a quote from Urz Khosley he's a senior VP at Google he basically says as engineers we're trained to pay attention to details think logically on topics of fairness this is bad because questioning exact details might actually question the overall narrative he's basically saying there's a long quote but he's basically saying thinking logically and questioning fairness and justice is bad because it might lead you to think in a bad place like here's a really concrete example from the field there's a paper that studies a word embedding and what it does is it observes that certain words like computer programmer have gender associated with the word this is just in terms of vectors and a word embedding and what it does is it discovers there's a almost perfect correlation between the gender content of the word and the number of people of that gender who work in that profession so an AI trained simply on reading words can suddenly discover lots of computer programmers are male and lots of nurses are female this is considered a problem that needs to be solved the AI has noticed something it should not have noticed so the ethical principle is don't notice these things and the final ethical principle that I'll discuss in this talk is utilitarianism and what this is about is just your product is useful let's say you're lending which is mostly what I'm going to discuss if I lend money to someone who repays it I get the money back I lend it out again the person who repays it spent it on something useful so it was beneficial to him and this process is useful for society essentially we're allocating capital to productive uses and I give it to someone I've named Freddie the fraudster who just spends it all on ganja and then doesn't repay his loan that's not so good for society so the assumption here is that whatever we're doing stopping fraud lending money to people who will repay it this is productive the fundamental assumption here is that your product who you're choosing to either allow people to use or reject is a valuable your product is not valuable get a new job but if it is valuable then obviously it's good to allow people in and it's bad to reject them and then we're also sort of assuming that your product should be doing its thing and it's we're sort of assuming capitalism works in the sense that lending should be about who's going to repay and if you want to give money to the poor that should be done separately by the government or by an NGO and it shouldn't be secretly funneled through a lender let's say like it should be funneled to people who need it by the government as opposed to people who are good at fraud by a lender and if you believe that then utilitarianism makes sense key questions when you're considering ethical issues that have to be considered are how much utility are you going to sacrifice for one of these other virtues so how much utility will you give up for fairness how many extra defaults or extra fraud will you allow in order to avoid using a protected trade or how much individual fairness will you sacrifice in order to get more group fairness these ethical principles will come into conflict and I'll sort of illustrate how shortly the key point is you have to answer these tough philosophical questions before you can even start building an algorithm that's fair you have to define what fair is how much of one thing you'll give up for the other thing let's talk about what AI and machine learning systems actually do there's no strict AI and neural networks in this talk I'm sticking to the simplest possible algorithms so that we can all understand them the one algorithm was sorting a spreadsheet the next one I'm going to discuss is linear regression I'll get to that in a second so the key point here is to build simulated worlds so I know what the world looks like because I built it in some Python code and then to see I'll take my algorithm I'll run that algorithm on the world on the fake world and I'll see what the algorithm outputs so that helps us understand if the world looks this way will the algorithm behave in a manner we find acceptable or unacceptable so here's our simplest model we want to predict something we have an input which is a set of things we know before we issue a loan before we do a fraud check and so on so in this example it might be income in North India which would be one if a person is in North India and zero if they're not mobile or desktop which would be again one if they're on mobile, zero if they're on desktop how much money they spent in the previous month and the thing I might want to predict would be how much they're going to spend in the current month so given this information I want to predict it so there's an algorithm called linear regression which basically says I know that y is going to be the dot product of some vector alpha which I don't know and x plus a constant term plus error which I'm going to assume doesn't matter for my purposes so concretely what this means is in case for those of you who are unfamiliar with the dot product alpha is a vector of numbers there's alpha one alpha zero alpha one alpha two it's the first alpha times income plus the second alpha times whether they're in North India plus the third alpha times mobile or desktop and so on you just do that multiplication add the results together and that's your prediction of y it's the simplest predictor but it's really understandable which is why I'm going with it in this talk and actually in production you should always start with this because it works a lot better than you expected to so let's look at how this works I've got a simple model where I'm assuming the true alpha is one two and three I'm generating my data by taking random input and I'm setting the output equal to one times the first plus two times the second plus three times the third plus other errors so it's not the data doesn't fit this perfectly but it comes close to a Python function called the center least square and it basically says given the data it doesn't know alpha anymore it only knows the data and the output estimate me an alpha and when you run this it fits out something that is pretty close I mean 0.98 instead of 1, 2.03 instead of 2 it's not perfect but it's pretty good and the reason it's working so well is of course every example in this talk is linear regression because that's easy to explain so now the first question to ask ourselves is linear regression is going to become biased or unfair in the sense that it's going to systematically make wrong predictions based on information it should not be so concretely we sort of have a mental model of a racist human this guy just doesn't like for whatever reason so this human is sort of evaluating a loan application and if someone from Karnataka comes along he's like okay I'll look at your income I'll look at your financials I'll look at your debt to income ratio and I'll make a lending decision and then if a Bihari walks in he's like go away I don't like you this is really not a nice person but this is sort of our mental model that's going to behave so the question is what will an algorithm do so what I'm going to do here is I'm going to make the third feature whether a person is Bihari or choose your favorite protected class something we're not supposed to look at and what I'll do is I'll just make 25% of the people be let's say Bihari and what I'm going to do is I'm going to make the true model be not dependent on so I'm going to assume that Biharis pay their loans back the same as anyone else just dependent on the other two features which are their financials so you can see that when I generate the output like in the simulation I'm ignoring whether a person is Bihari then when I run the model the model rediscovers exactly what we put in that it doesn't matter if you're from Bihar your income and your how much your house is worth so what we've done in this case is we've discovered that simple linear regression will not behave like this racist bank manager we imagine who is going to behave unfairly and then essentially what it's discovering is that everybody lives along this line we've got blue dots I guess you can't really see it too well we've got blue dots which represent the minority group and they're all clustered along this same line so this line is our predictor saying the higher the input is the higher the output is according to our ethical principle this algorithm is completely ethical reds and blues are going to be equally represented in the positive set being issued alone any individual red or blue person is going to be treated the same because if we go back a couple of slides and that number is so close to zero it won't really change your decision the utilitarian because we're accurately predicting reality if not noticing anything we shouldn't notice because in this case there is nothing to notice there is nothing Bihari is just an arbitrary label it has no impact on the data now a lot of people say things that are kind of anthropomorphic about what AI will do like here's one that was in the New York Times a long time ago this was discussing using AI to predict crime the police have discriminated in the past predictive technology just reinforces and perpetuates this problem and it's basically what they're saying is if racism happened in the past the AI is just going to keep doing what happened in the past so let's see if that's true so what I'm going to do is I'm going to simulate a world in which past data looks bad and then I'm going to see what the predictor does when it comes out so what I'm doing here is again I'm going to say 25% of people are in the protected class let's say I don't know choose a different group, gujarati what I'm going to do is for people who are gujarati I'm going to say their income is lower their house is worth less money so minus two is a lower number than zero which is what everybody else gets and then the output is predicted as before so if you do some descriptive statistics you discover that almost every gujarati has lower income his house is worth less than almost every non-gujarati so this is far more stark a difference than what you see in the real world and this is what your data set looks like the non-gujaratis are up here they perform well they have good input and they have good output and the gujaratis are down here they're performing badly so as a human heuristic you could easily just say you know what I'm not going to lend to any gujaratis because they're all down here but linear regression doesn't do that linear regression observes that actually the protected class still doesn't matter it discovers the underlying reason why the gujaratis were performing worse here is just because their income was lower and it predicts that if a gujarati had high income he would also repay his loans so it actually discovered that these predictive factors matter and this other information does not this is still allocatively unfair because the algorithm is going to correctly predict gujaratis are not going to repay their loans just given that they all have low income and it won't lend much money to them so from the perspective of group fairness this is not good but it's individually fair it's utilitarian and it's also noticing something that is a bit problematic another thing that's often said is so ultimately what other things that are often said about AI is that it's going to learn human biases and one thing it might learn is that let's say the input data is actually biased so imagine again the situation where people come into the bank they give you income they give you other financial data and imagine now that the bank manager rather than just being like yeah get out of here he puts it all on a form and he's like if you're Bihari I think you're lying about your income and he's like okay I'm going to essentially what he does is he biases the input he subtracts I don't know 30k a month from your salary only if you're Bihari now the input data is fundamentally biased and it looks like this so it's sort of a shift so everyone follows the line Bihari follow a different line but other than that the same pattern exists there and if we run linear regression what we discover is actually the algorithm rather than perpetuating this bias it corrects it so it discovers that if the input data is biased in this way it subtracts errors what the algorithm is going to do is put them back it's only desire is to predict whether a person repays a loan it doesn't care how it gets there and if the most efficient way to do that is to correct the bias in the input it's going to do that because it's not like a human it's very different from a human it only cares about accuracy and we can observe that so I checked the residual which is a measurement of the error and the algorithm which adds the bias back performs a lot better on the other hand it's a bit unfair because what the algorithm is actually doing is it's saying if you're Bihari I'm going to give you two extra points on this scoring system just because I've observed your ethnicity I'm going to give you these points that's not so fair on an individual level this gives us a recipe for checking whether an algorithm is kind of biased in some way what you can do is you can make a new data set which has the algorithm you want to test and the protected class you build a new algorithm by taking this as training data and if protected class changes the output that'll actually tell you the old algorithm was biased and if it doesn't actually change the result it means it was probably not so fundamentally things like bias in your inputs and whatever these are hidden features that predict your data and machine learning is about finding those kinds of patterns and this again is allocatively fair now because essentially Biharis and everybody else are going to be issued loans at the same rate but it's individually unfair and it's a big complex whether it's satisfying the virtue of not noticing so here's a real world example where this was done and this is where I've taken the title from so some people were studying microcredit in Bangladesh and they did exactly what I'm describing here they ran linear regression on lenders and looked at various characteristics of the lenders so they looked at whether they were Kasi or Patro which are the two major ethnicities in the area education, married, whether they're a farmer and one thing they discovered was highly predictive because if you're a female you're much more likely to repay a loan and this has actually been replicated quite a few times here's another study that looked at lenders instead of borrowers and it's covered that lender with more female clients is going to have a much better portfolio this has been done in the US as well in a couple of cases so this was a study that discovered that religious people are much less likely to repay a loan than non-religious people would submit a loan application and if there were religious words like by God I will repay you the person was actually very much unlikely to repay another thing they discovered is that medical words like angioplasty were also very much correlated with not repaying possibly because the person dies and then they don't get to repay and religion is also another thing you're generally not in the US it's considered a protected class here's another example where in terms of repaying a home loan in the US black Americans are discovered to be significantly less likely than Asian Americans to repay a loan and Asians is just a broad category that includes Indians, Chinese and Filipinos and everyone perhaps should be more granular but it's not it's a little more uncomfortable so if we think about this example a lot of us are going to our instinct is yeah we should maybe offer ladies lower rate loans because the algorithm said so and it kind of seems okay in the religious example we're a little more uncomfortable and in the racial example this means we should be offering black higher rate loans just again if we're following the data these all people tend to react very differently depending on which of these examples they're considering what the answer what one should do about this so the issue of noticing of you know the virtue of noticing is a bit complex in the following sense maybe there's bias in the input data so there's other predictors here like age and education maybe we're mismeasuring age and education for women like maybe women just don't report that they went to school and dropped out of grade so maybe we're correcting a bias like that but also maybe we are observing something intrinsic maybe women are just naturally more responsible than men are and they're just naturally going to payback loans at a higher rate than men so we might be observing one of these things that we're not supposed to observe according to this ethical principle and I don't know the answer to this it's hard to determine whether this is an intrinsic thing or a bias in the input data but nevertheless you've run this algorithm you have a prediction of whether someone's going to repay you've got to do something with this you have to make a decision and the question is what do you do one key point is that protected class is another feature so here's another quote about how AI is going to behave badly this is from Kathy O'Neill who's been a huge critic of using algorithms to do anything which is that we allowed a statistical model to use for college admissions in 1870 we still have 0.7% of women going to college so her intuitive idea is that the algorithm is going to sort of observe that everyone going to college is male so male is an important trait in college now let's imagine so our AI just treats these as columns it's a boolean true or false so let's swap out the meaning of the column in the same state but simple we have for a while the tomato and book my show were a couple of our customers our merchants so you can make payments there we had no training data whatsoever on grophers who's still a very new merchant who uses us if we allowed a model to be used for credit approval on tomato and book my show we would still today have 0% of grophers that's kind of a silly statement to make right it essentially says you can never if you're using a statistical model you can never onboard a new merchant because I'm not having too much time I'm going to gloss over the math that kind of illustrates why this just doesn't happen what I'll do instead is I'll just illustrate a couple of examples where the exact opposite happens so historically in the Maharashtra area most auto wallahs were Marat it's just at the time almost everybody there was now relatively recently Uber and Ola started to exist and they used an algorithm to predict who should be an auto wallah who should drive an Uber, who should drive an Ola it was basically like look at your predicted star rating if it drops below 4.3 you get kicked off the network the net result of this is that suddenly there were a lot of Bihari's driving autos in Maharashtra the exact opposite of what Caffeoneel predicts that it should reproduce what happened in the past instead it discovers it has discovered that anyone can drive an auto all that matters is how good a job they do whether they get where they're going and the net result is that the people who dislike algorithms want to both stop Uber and actually pass laws saying only Maratis can drive an auto and then a similar thing happened in the U.S. in college actually around the time she was talking about it I guess she was just not aware of this example colleges started using a model for admissions in 1908 and it was trained mostly on white Christian men who were also rich when this model was put into action the number of Jews the Jews are a religious minority in the U.S. about 1% of the population they suddenly skyrocketed in college because for various cultural reasons Jews study really hard like studying the religious text is a major part of the culture at this point what the colleges did is they dropped the model and instead put humans back in the loop at the time this happened again keep in mind this is 1922 nobody liked Jews called it a crisis he dropped the model and then after they went back to having humans do it they got the number of Jews back down quite a bit which in my mind is not particularly fair but at that time their ethics said you should not have so many Jews so fundamentally like a lot of what you read about AI is in a sense it relates to this quote it relates to George Bernard Shaw so he was in Ireland and in Ireland there were a lot of religious conflicts between Catholics and Protestants who are two slightly different varieties of Christians an old man asked him once can you tell me are you Catholic or Protestant and George Bernard Shaw is like I'm an atheist I don't believe in any God and then the old man who lives in Ireland asked him but is it the Catholic or the Protestant God you don't believe this old man had probably never left Ireland he didn't know anything of the world other than Catholic versus Protestant so what he had to do to make sense of this atheist was to just bring it back to this world of Catholic versus Protestant a lot of people talking about AI they don't understand how a random forest works they try to bring everything back to how would a human behave humans are born with a lot of intrinsic like we've evolved to be tribal creatures we like the people who look the same as us we dislike people who look different whereas a random forest or just a spreadsheet that sorts by a column doesn't have these same issues so here's the unpleasant tradeoff and I found one paper that has two graphs that illustrate it very nicely so what this graph illustrates is the percentage of people of different groups that have a certain FICO score so in the US FICO is a risk score the higher it is the less likely you are to default on the law so imagine we want to choose a fixed cutoff and we want to we basically want to say we're not going to lend to anyone below this cutoff if you were to choose a FICO of 600 which is this relatively arbitrary because there's a tick on the graph there you would be rejecting 75% of blacks which is this and 25% of Asians and then about 30% of whites would be rejected and something like 50% of Hispanics would be so if you choose one cutoff for everyone you will be individually fair but you'll be violating the principle of group fairness and if you choose different cutoffs what you could do is you could choose a cutoff of 600 for Asians and then slide over to identify the point on the black people graph where it matches the same number of rejections which is about 4, 10, 4, 20 based on eyeballing it this is now individually unfair but it will give you the group fairness and you can't have both the other graph shows the default rate as a function of FICO score so the x-axis is FICO score and the y-axis is a non-default rate so we discover at a FICO score of 600 about 80% of Asians will repay alone whereas about 60% of blacks will repay alone so this shows that the FICO score is actually biased in favor of blacks one thing we could do is we could charge both groups a 43% interest rate and that will just allow us to break even so if we want to make a profit we have to up it to 45, 46 something like that this is individually fair but it's non-utilitarian because there's one group that's predictably just like blacks in this example they're going to predictably get more money out than they put in and the Asians are going to be putting more in than they get out on the flip side we could charge them different interest rates but now we're violating individual fairness but we're being more utilitarian like loans are being allocated more accurately and it's also violating the virtue of not noticing because we've noticed something that makes a lot of people uncomfortable like this is something we wish wasn't true but it does seem to be there in the data key point is there's no choice of cut off, no choice of interest rate which can satisfy all of our principles whatever we do something we're going to have to make some unpleasant choice so all we're left with from this analysis is some uncomfortable question how many bad loans should we issue in the interest of fairness how much individual fairness should we sacrifice like how much should I actively discriminate against one group in order to make the group treatment fair I don't have any answers for you in San Francisco they tend to prefer two of these principles and they tend to ignore the other two but the question is but I don't know if that's right so ultimately like this talk sort of comes out of the fact that over here I don't know what to do about fairness I kind of see the trade off but I don't know what Bangalore ethics are and this is sort of something I'm hoping I'm hoping to start a discussion here I'm hoping to find out what have people here help decide what Bangalore ethics are so that I can actually follow that's all Thanks Chris, that was very interesting I've never thought about things quite that way before we are up for lunch break unless somebody has a question we'll have two minutes we're going to have two very short questions or one long question I'm just curious why do you think your linear regression model generalizes to like or you are like linear models they are very different from very common models right so the basic idea is that linear models are able to find one type of pattern now in principle the reason one can also always imagine other kinds of patterns for instance you can imagine a bank manager who is biased against Gujaratis unless their income is above one lakh a month in which case he stops being biased in that way now that sort of bias is not something that a linear regression model would capture but that is something that a random parser or neural network would capture so the basic idea is that whatever the bias is looked like the model can learn the biases as long as the model has features that represent the biases so if the bias or the features you want to discover look like something a random parser is adapted to a random parser will match it because ultimately it's just a matter of finding the features that are there the key reason it's going to generalize is because these algorithms are trying to maximize accuracy they are not trying to maximize they are not trying to do what a human would do so what I'm assuming is that you've done your statistics well now that is not always true like there's a world out there and I don't believe currently our statistical models have captured everything the point is the ethical issues are not the issues of my algorithm is not accurate enough like here's the fact I've got simple people sitting over here some of them are on my team they come to me tomorrow and say I've made accuracy go up there's no ethical question here I'll just be like okay put it into production and then we make more money so the point is everyone's incentive are aligned to make accuracy go up so once you've made accuracy go up as much as you're able the trade-offs come into play so the point is we may not capture everything there may be biases that we can't detect but the point is whenever we whenever our models get good enough they will detect these things because these things help us predict the world better and that's ultimately what the model tries to optimize does that make sense hi could you throw some light on could you throw some light on how the regulations especially in the US because you have federal as well as state laws then there's an ending act how these are adapting to address biases in models here so that's a complicated question and the short answer is you have I believe 535 congresspeople who don't understand any math making broadly written laws that sound good this is then interpreted by a bunch of agencies who are more technical but have less leeway to make changes and then they essentially will try to they generally just sort of gesture in the direction of doing the right thing the answer is there's sort of some mix of both group rights and individual rights and you can never quite know in the US you can never really know if you're on the right side of the law I mean I'm not joking about this so once I was working on I was consulting with a project helping some guys copy some Python code over to Scala which by the way was not a good thing to do as a technical matter at least for this kind of statistical code so at some point I observed that I could improve their model by using certain traits which were correlated with ethnicity but were not ethnicity it was things like location so I went to them and I'm like hey guys I'm the consultant but I just noticed you can make your model much more accurate so then they told me oh but that would never pass regulators then I asked what the regulation was because I was hoping I could take my original idea and then do the maximization but subject to a constraint that satisfied whatever the regulator's demand so a constrained optimization problem instead of an unconstrained optimization problem but then they said yeah no one knows what that constraint is it's just sort of as long as you look good the regulators won't hurt you too hard unless you get on lock I think you have office hours today I think I believe they're right about now two to four I have written down so you have time for lunch maybe that's a place where you can get your question what are Bangalore ethics answered if anybody wants to go and talk to Chris on one ask some questions he'll be upstairs in room one from two to four and possibly available during lunchtime if you are hot to ask some questions thanks so much Chris before we break for lunch I have an announcement for anybody who's going to the UPI workshop this afternoon you will have received an email with a link to a form you need to fill that form in otherwise you won't be able to actually run the dummy account during the workshop so please do fill in that form if you haven't enjoy your lunch we'll be back here at two o'clock with a talk on data protection followed by a panel on regulation for innovation welcome back to Audi 2 I hope you all had a nice lunch this afternoon we have a talk and a panel before we get started I want to make two short announcements one is that Epicor is giving away a Kindle today so go over there and have your badge scanned it's just a lucky draw you want to win the Kindle and the other is that we don't have any signups for flash talks which means you're going to have to hear me sing and I wrote a song at lunchtime that is a Gregorian chant about bit points now I really don't want to have to sing it so I would very much like for some of you to sign up for flash talks you can see me at any time between now and 3.40 when the talks begin well with those announcements out of the way I'd like to introduce our next speaker who is old school and has no slides so that's kind of cool and definitely I believe he's the only person in the entire conference who's not using slides Sunil Abraham is the executive director of CIS when you're an executive director you don't use slides he's going to be talking about five different models of intermediaries in data protection do any of you read the Deccan Herald? okay you told me nobody would if you did you would have seen his article about this topic last month so if you want something to look at while he's speaking you just go ahead and see if that's online you can read along while he talks Sunil it's all yours thank you so it's a thousand word article in the Deccan Herald and the title of the article is data protection colon we can innovate comma leapfrog and all I'm really doing at this talk is taking you through the article with one modification the article has four models I'm going to introduce the fifth one which I left out when I wrote the article thank you for coming for this talk this is a policy talk not a technical talk and it's immediately after lunch with most policy talks we have the me go syndrome which is my eyes are glazing over and with the lunch demanding blood in your tummy your eyes are going to glaze over so my apologies for doing this to you I'm basically talking about privacy enhancing technologies and perhaps the best way to think about it is the introduction of digital cameras in Korea and Japan 20 years ago and with the introduction of the technology came the phenomena of upskirt photography and then you have lawmakers in both these countries respond to the social harm by requiring the principle of notice to be implemented in the digital camera so they said you must go out and make an MP3 recording of an analog shutter and every time the noiseless digital shutter moves you have to play the MP3 file of the manual shutter and that is the implementation of the principle of notice within a device and it is the requirement by law to turn it off or if the manufacturer gave you the option to turn it off that would be illegal in those two markets in India we see that legal innovation at play but we don't really know the 20 year history behind that so that is what we are dealing with privacy enhancing technologies and the unique proposal we are making at least in the Indian context is that even that about 27% of our population is illiterate and only 10% of the population can read and write English and even within that 10% of the population most of us are unfamiliar with legal vocabulary so therefore even though we know English we might read a privacy notice so we might read the terms of use and we may not understand its import completely so how much are we supposed to read my friend Pat Walsh looked at the video game Tetris and he found out that behind Tetris there exists 123 ad networks 13 online analytics companies 62 mobile advertising networks and 14 mobile analytics companies and if you put the privacy policies of all these corporations together which is what you are signing up when you sign up to play Tetris then it comes up to 4,7,000 words which compares with Lord of the Rings which is 4,50,000 words so it is not something that most of us are going to read and therefore in order to protect those of us who don't have the ability to read or cannot read in the right language or are unfamiliar with legal terminology the proposal in India from a variety of sources is that we should have intermediaries in the data protection regime Justice Sri Krishna and his committee after doing a series of open house discussions are now working on what this draft law should look like so it is a high probability that one of these ideas might enter the draft that Justice Sri Krishna produces so the first bunch of people that started thinking about intermediaries where the folk at iSpirit and when iSpirit thought about intermediaries they called them Consent Collector and the Depper team at iSpirit has published the specification for a Consent Collector what does iSpirit hope that there is a data consumer and the data provider so they are not really thinking about the data subject which is the individual they are thinking about a bank which is an institution that can provide data and they are thinking about a FinTech company that could potentially consume the data that is provided by the bank that is the the map that they are looking at if the data subject provides consent then the consent artifact can be collected by somebody called a Consent Collector in their view the Consent Collector can either be the bank which is the data provider or it can be the data consumer the Consent Collector could be the FinTech company as long as the Consent Collector collects the consent which has a particular data structure and can be represented in XML then those transactions are kosher and fine and that is the scheme that iSpirit proposed the first version and the iSpirit version is called Consent Collector you move on to the next bunch of people that take the iSpirit idea forward so the first implementation Consent Collector idea happens by the Reserve Bank of India and the Reserve Bank of India instead of calling them Consent Collector now calls them Account Aggregator there is a slightly different name and what RBI does is it publishes non banking financial company account aggregator directions that is the rule that RBI publishes which gives these entities legal foundation and this is published in September 2016 the schema is in these rules so it is identity, optional contact information, nature of the financial information request, purpose identity of the recipients if any URL address for notifications whenever the Consent artifact is used Consent artifact creation date, expiry date identity signature and digital signature of the account aggregator so each Consent artifact is doubly signed it is signed first by the data subject using the eSign infrastructure and then there is the second signature provided by the account aggregator and any other attribute that may be prescribed by the RBI that is like most employment contracts final clause which says that everything else is booked so this is interesting addition to the work that was already done in iSpirit how this is different from iSpirit is in the original iSpirit vision they didn't really think of the account aggregator actually holding on to your personal data so here there is some amount of personal data that financial information in particular that the account aggregator can hold on to again there is no prohibition who you can make money from or who can be an account aggregator but what RBI has done is they have introduced another key concept which is they have said that this should be a competitive oligopoly just like the telecom sector if you are unhappy with one telco there is a finite number of players in the market and you can churn and you can take your business to another telco so that's very much part of the RBI idea which wasn't there in the iSpirit idea as far as iSpirit was concerned you could have infinite number of consent collectors so that was the second version of the idea the third idea doesn't build on idea one and two it's an idea from a legal scholar based in Bangalore his name is Navi or Na Vijay Shankar he has a blog which is navi.org and you can see most of his research on this blog what Navi does is he builds upon the idea of an escrow agency in cryptography and I'm assuming some of you at least have followed the cryptography debates especially the first phase of the crypto war in the US escrow for people who talk about cryptography is always a bad idea but here this is not key escrow that we are discussing what we are discussing here is PI or personal information escrow so you give all your PI to the data trust your data trust again there can be infinite number of data trust and whenever the data controller whenever the fintech company the bank wants your personal information you instruct your data trust to give that information on to the data controller so that's the model so it's a real time system and in his proposal he believes that we should be firms with enough computing and storage power to be able to in real time process requests from the data subject to send data to the data controller so that is Navi's idea very interesting idea Navi says that there should be 3 requirements these data trusts must have public performance reviews so that people can choose the right data trust they want to deal with they should have audits by the regulator and an arms length relationship with data controller that means data controller they shouldn't be able to make money from the fintech company and they shouldn't be able to make money from the bank they should have some other revenue stream though Navi does not tell us exactly what that should be Navi sees them playing other roles as well such as translating privacy notices into local languages canada for example or just making them accessible and issuing tokens or pseudonymous identifiers these are all the roles that Navi sees for these data trusts so that's perhaps the most recently proposed idea because Navi did this a day before jashashree krishna came to Bangalore for his open house discussion an earlier idea that has been put together by the Thakshashila institution or published by the Thakshashila institution more accurately but authored by a Bangalore based lawyer called Rahul Matan who is the founder partner of one of India's most well known technology law firms Trilogy I'm not sure maybe they would like to characterize themselves differently but one of their one of the things they are known about or known of is their technology practice so Rahul is not so much concerned with the privacy harm that might emerge in the ecosystem he is looking very particularly at the discrimination harm that is what he is particularly worried about that big data and artificial intelligence can be used to discriminate against certain vulnerable populations so he thinks that learned intermediaries will be able to solve these discrimination harms by raising the amount of awareness that the customer has so it is very much like caveat emeter in many parts of regulation the government will not do anything the government will say all we expect the regulated parties to do for example tobacco company is to put warnings on their labels or food companies to tell you how much sodium or sugar is in their products and a knowledgeable customer will be able to choose in the marketplace so that is what Rahul is aiming at fixing according to his problem statement there is an information asymmetry and the best way to deal with the information asymmetry is to make these black boxes and these corporations more transparent the practice is more transparent so there are three stages of review for both big data and AI products the first is a database query review all of you are technologists I want you to think how feasible this might be the second are black box audits without knowing what is in the box you tested from outside and the third is algorithm review which for me was even harder to fully understand because there is many a slip between the algorithm and the code implementation the same algorithm could be implemented in many different ways algorithm gives us amount of abstraction which when you finally do the implementation you might have flexibility there so this is what he hopes will happen and he hopes that these intermediaries will be certified by the regulator so there will be a finite number of them not but anybody who meets the certification requirements will of course become learned intermediary so finally my own model which I have been cooking up at the center for internet in society building of the work done at iSpirit and what I am really doing is and the RBI really because that is one historical trajectory what I am trying to do is just make two fixes the first fix is I want to borrow from Nabi's idea that there should be an arms length distance so in my fix there will be a clear prohibition the consent collector or the account aggregator cannot make money from data controllers they can only make money from the data subject of the citizen that is fix number one and fix number two is what RBI has already done which is you have a competitive oligopoly you have only 50 consent brokers in the country and this I hope will solve the problem that the account aggregators face today so we have I think 18 or so account aggregators that have been given the license all of them are not sure at all what their revenue models should be and as far as I have heard as far as I have heard none of them have broken even none of them have revenue streams that they are happy with so with the consent broker we could potentially start off with the other ecosystem so there is direct benefits transfer to vulnerable populations it is basically a reinvention of our welfare state previously welfare was provided in products and services and now we are shifting to a regime where welfare will be provided as cash in your bank account directly put into your account using cashless mechanism so everybody that gets 100 rupees of welfare from the state they would have to necessarily give away 1 rupee to the consent broker so overnight the 50 consent brokers that exist in the market will all have revenue streams at least from the bottom of the pyramid because they are now dealing with these people as paying customers then they can start doing the innovation I'd like to see which I never hear at FinTech conferences and conversations usually the innovation at a FinTech conference is the innovation where a firm will make more money and that's why everybody is excited about these innovations I'm interested in the innovations that result in firms making less money that's the kind of innovation I'm interested in for example I have borrowed 12 years ago from a bank and I'm still paying my bank loan and I'm certain that my bank is gouging me as far as they can for various interest rates I have never met in my lifetime a single person who has taken a loan from a bank and is happy with the way the bank is treating this person so I would love if all the 5000 people who are upset with my bank in Bangalore come together thanks to our consent broker and the consent broker on my behalf and on the behalf of the 5000 or 10,000 people agreed customers of this bank what the bank can say we want the historical interest rates if you ask your bank to give you this piece of information which is directly connected to what you're doing it's very difficult to get this information what was the interest rate at each point across the 12 years of paying the interest back to the bank and then the banks can say we noticed that the bank is treating the following customers badly we can as a block take your business to another bank so it's raising the collective negotiating power of the consumer so I believe there can be a whole range of innovations that are possible if the intermediary thanks to their bottom line has to first pledge their allegiance to the data subject and not to the data controllers so that is how I'm trying to reorganize the incentives within the proposal that iSpirit and the RBI have made the incentives work to ensure revenue streams for these intermediaries and so on so that is my final addition there are some other proposals that people at internet democracy project there is a woman in Bangalore called Nayantara she's at least at the Shri Krishna Justice Shri Krishna committee meeting she made a proposal that we should have collective redressal systems so the scenario that she's painting is there is a bunch of citizens that have been wrong either discrimination harms or privacy harms and once they have been wronged they should be able to approach the regulator or the court as a collective and then get redressed for their for the harms that they have suffered when we introduce an intermediary it's not a post factor measure really they're not trying to deal with the problems after they've happened with an intermediary what is really going on is you're trying to empower the customer or the citizen on a daily basis so suppose there is a particular data controller and they have managed to compromise your accounts then a consent broker should be able to proactively protect my interest by requesting for my data to be deleted or my account credentials to be changed and so on so that is the vision that we have why is it that we are talking of such strange ideas in India because we have an advantage unlike the European Union which has a 37 year history behind its data protection regime from its very first data protection law we are starting with what you could call tabula rasa or blank slate so therefore there is an opportunity to leapfrog ideally what we need as a nation is a data protection regime that is considered adequate by the regulators in the European Union but the European Union has gotten there through some really heavy and onerous regulation that type of onerous regulation may be inappropriate in a jurisdiction where data protection regulation has just begun so therefore there are some creative approaches that we should explore here what I would call regulatory innovations because as long as we can demonstrate to the European regulators that in spite of taking a different route the customer has similar protections or the data subject has similar protections I am almost certain that the European regulators will consider us data adequate and then the trade in personal information personal information flowing from Europe to Indian BPO's KPO's and other types of ITES organizations will continue so that's the goal to take a different path than the path taken in the European Union so that's my talk I think I'm even shorter than what I thought I would take my apologies but this is perhaps an opportunity for you to ask any questions that can be connected to intermediaries and if you don't have questions I'm also happy to get out of your way looks like we already have some questions Hi Suryanth so you mentioned the EU if you look at the general data protection regulations what do you think are the main challenges India will face implementing something that's close to what the EU has in mind which is I believe coming into force in a few months that's a big question I think the best way to respond to your question is again to go back to the historical trajectory that I drew they have 37 years of history so when they decide to take punitive measures against data controllers the data controllers have had 37 years to be prepared for those punitive measures so big fines etc are wholly justified in that jurisdiction in India we've had almost no data protection law we've had 43A of the IT Act which is really data security law which was doubling up as our data protection law and therefore most data controllers in India have no experience of being under the regulatory hammer if we start from day one with all the teeth that the European regulator has investigations, audits corrections to design and so on the and fines etc the trouble is the regulator will get overwhelmed because immediately anybody who has any punitive action from the regulator will start to go through the appeals process and that always will get the regulator in trouble so what I have also proposed and what we have proposed in our submission to the committees that they should have something called an orchestrated sunrise so for the first one or two years of the regulation they must be merely awareness raising activities and then followed by certain incentives then nudges to these firms asking them to shift in the right direction encouraging them to come up with bottom-up standards which in the European market has greater maturity bottom-up self-regulation standards that have entered a co-regulatory regime so that we should give each sector the fintech sector must be given time to come up with its bottom-up security standards, privacy standards and so on and only five years from now should the first punitive action by the regulator be taken because only then will we have a sustainable long-term life for the regulator if the regulator uses all its firepower too early we might just end up with a dysfunctional regulator because everybody will go out to get the regulator so look at the competition commission today and google that took some time commission to actually enter that space and carefully and I haven't read the order yet but I hope it's a good one yes so I have a quick question about so you mentioned this proposal about these data brokers not being able to make money of companies so one quick that I had about it is the fact that the guys who are a data agent or a broker that you're talking about the incentive for them to be able to make more money from by selling of this data to other companies is significantly higher than probably the money that many of these people the data subjects would probably pay them because most people don't really realize the value of the data in nominal terms in reality second is the other one is that so do you think it would make probably more sense especially with the way with the way profiling works generally or with the way big data is this one is that when you have larger heaps of data sets drawn from multiple sources that is far more powerful than having smaller data chunks so do you think it would be wise for these data brokers to be limited to very certain sectors or maybe certain number of people that they can probably deal with sorry sorry I forgot to explain one other key part of my fix my apology I want only a one on one relationship between a data broker and a data subject so let's go back to the iSpirit vision of account aggregators so you have insurance portal that helps you get the best from multiple insurance companies you have a education portal that helps you get admission in the right university for the best price and so on and so forth so each of these portals could potentially be account aggregators or consent collectors in the iSpirit vocabulary and what I saw the problem there is one you will lose track of how many consent collectors or account aggregators you are dealing with so what I wanted as part of the fix the third fix which I didn't mention is that there should be only one on one relationship that at any given point of time as a citizen you can have only one consent broker so whenever you want to solve your problems you go only to one person they will solve your problems across all so the point you are making is absolutely valid the bigger part of money lies elsewhere and the bigger part of money lies elsewhere in many other types of transactions as well so suppose you are my wealth management advisor then the bigger part of money lies on the other side from the funds in which you are putting your wealth in the Netherlands for example if you want to be a wealth management advisor you cannot make money from those institutions where you advise people to invest you can only make money from the investor so obviously if the market is unregulated people will just choose economic behavior that suits the bottom line and then you may not protect the rights of citizens if the proposal is being introduced to protect the rights of citizens then we have an alternative business model for them maybe if there are 50 companies they will only make 2 or 3 million dollars a year maybe that is all their revenues are but I know funds of SMEs in Bangalore they had those kind of revenues and as they take it up the next notch with helping you renegotiate loans or get better deals from other types of data controllers they could get additional revenues so it is not a vision where the data brokers or consent brokers have massive revenues like the data giants it is a different vision and therefore with different expectation levels I hope the response makes some sense what do you think about the other the fact that if you think it makes sense to limit a data worker to only a no because I want a one is one relationship it should not matter who I am having the problem with whenever I need my right to privacy defended I call only one number from a usability perspective it is a much simpler proposal and then if my consent collector treats me badly then I churn and I hurt the consent collector or broker by taking my business to the competition so we need competition also to work within that scheme otherwise again the incentives are wrong hello hi my name is Amul I am from Cuts so you talk about collective action from consumers what do you think that this is possible now because the company is at 2013 talks about for the first time last section suits and as I was reading the provision section 245 says that depositors in a company are authorized to 5 class section suits if they can come together so have you thought about implementability of your proposal so again the proposal all 5 proposals they do not envisage a world with class action suits a look in the audience a look will be the best person to comment here as far as I understand as a non lawyer the history in India for damages and class action is nonexistent so to have class action especially where the harm has no financial component your HIV AIDS status was in a database the database is breached the only harm is to your reputation there is no financial dimension to the harm then courts maybe consumer courts have acted differently but regular courts apparently there is no history of this so instead of trying and again what I am worried about is if everything has to go to the regulator and if everything has to go to court what we will have is a distributed denial of service attack on the regulator and on the courts that is what we really have in India so to avoid that we want the market to punish data controllers that do not behave properly and for the privacy needs of data subject to be articulated through these intermediaries maybe the data subject is not as hawkish about their privacy as people like me believe so then these intermediaries they can reflect that position that is what I am hoping so I am fully unfamiliar with the section of law that you just quoted though I only focus on I think look here we may have run out of time though very very very quickly just on the point of class action class action requires a certain set of procedural rules it is not just about allowing 1% of file on behalf of like 100, 500 or 1000 we do not have those procedural rules in India and I do not think it can be put in place only for case-independent privacy unless our general civil procedure reforms class action is not a thing in India for a moment but to just come back to what I had sort of thought and I actually just before coming here I read that competition commission Google judgment it is actually a data protection judgment Google has been held to be in violation of the competition act for using its search engine to collect data in a manner that it can squelch any rival possible so even though they accept I just realized and I thought I just point this out that at some point even if you have a one to one and that is the thing that the competition commission points out even if you have a one to one relationship with the data broker because Google is a search engine it will have a relationship with all of them so for instance if I search on maps I will get to Google maps if I search for flights I will get to Google flights in that way Google perhaps poses a kind of challenge or maybe Facebook does possibly this particular model is sort of what I just wanted to see the what the competition commission has done right is it has not looked purely at the question of at the question of maximization of consumer welfare right and it is not trying to look at other tests that have evolved in competition law like predatory pricing and so on that what I am saying is there is this common infrastructure that multiple advertisers are using and because this is common infrastructure it should abide with common career obligations I do not know if they actually used that type of language at all because that is what American competition law is going towards so that is why vertical integration becomes a problem and here the vertical integration is compounded by the PI that they are able to harvest so that is so even though it looks like data protection order I still feel that where competition commission decided to act is because of the harm that those actions are doing to competition I am hoping at least that if there is a bunch of children that have grown up and their parents have uploaded their photographs on Facebook without their consent then one of the consent brokers in order to get more market from the young people will say if you come to us we will go and make sure that Google deletes all the pictures that your parents have uploaded of you you know so all sorts of value added services will emerge where the power of Facebook Google could be tempered but you are absolutely right the reason why we need the hard law and the regulator is because those kind of transnational giants will be unresponsive to this kind of collective action through intermediaries so therefore we do need but for everyday punishing of one factor we should not have to go to courts and regulators to propose yes sir hi so just a quick query on your perspective on things so currently for the telecom industry the regulators like department of telecom and tri they are not fully independent from the clutches of the executive regime like the government you have appellate authorities on top of them so at least pay them off and then you have the judiciary coming on top what is your perspective on where the regulatory position should be and how independent they should be from the executive clutches because currently we see that our own current government is mostly targeting towards you know a position towards privacy and they say it's a statutory right and not a fundamental right they actually filed an effort of it and which triggered the whole commotion here so what is your personal perspective should the government and rightful should these regulators be and who should they be reporting to actually on our submission we ducked those questions because we haven't spent a lot of time on regulatory design if there was anybody here from NIPFP they would have given a full answer to your question I am looking at when he took to see in their response they commented did you all comment on regulatory design at all somebody give the lady a microphone please is this better so in terms of the regulatory design that we proposed we believe that there should be sufficient dialogue between the regulated entity and the regulator fourth incident and sorry pre-incidence and fourth incident also there should be a set of rules we come from a financial sector perspective and there have been draft laws and the FSLRC which has actually set out proper procedures as to how investigations should happen and how cases should be escalated and I think we have sufficient guidance existing in the Indian jurisdiction that can guide us when it comes to escalation of regulatory standards itself but generally we are more pro responsive regulatory kind of posture where you have all the enforcement tools available to the regulator beginning from collaborations to punishment and penalty so I think the board elements that you are looking for is one appointment how are these regulators appointed the second is what their what the provisions in law are that guarantee their autonomy or independence that is perhaps the second element that has to be actually configured their revenue streams how they because if you do not have money you cannot be autonomous or independent so where do they get money and how much money do they get so that is another aspect that you might want to focus on we have not thought about all of that very carefully so we did not do any of that the other thing is really try if perhaps the gold standard for regulation the development of regulation at least so when the regulator the privacy regulator privacy commissioner decides to issue sectoral rules or bless a fintech privacy standard that has emerged from a self regulatory organization at that point consultation paper submissions uploading the submissions to the website inviting counter submissions organizing open house discussions then giving the final regulation with a reason the arguments why certain submissions were ignored and other submissions were accepted you understand so then the regulator has to demonstrate almost in a public fashion why they are taking one regulatory option over the other and you can see the regulated entities and non-regulated entities what views they are presenting so you get a sense of how conflicted the regulator is when they are regulating a particular industry so but the kind of holy grail we will never have 100% independent autonomous regulators it depends on the personality of the gentleman or woman that has been given the job so I think it is a work in progress there is no secret sauce that you can put in the law and say here now you have an autonomous and independent regulator just to add a comment on what you said and by the way I am from NITFP oh please sir you should explain your submission I guess there is a secret sauce and yes so one of the things which we do not understand or we have not yet come to grips with India is the balance of independence and accountability and the distinction between the two and that is where things get murky so any question on the regulator sometimes it is treated as a question on the independence whereas it is really about the accountability putting that balance is what is one of the pillar of regulation design is and the FSLRC report is one of the works which sort of has put out a draft model law which is has its genesis in the financial sector any increasingly that anybody who is interested in lawmaking can take pieces of that and implement across sectors and actually it is happening in some way or the other for instance in the banking side like UCHD amendments related to the monetary policy committee there is a bit of accountability that has come in which is fairly new as far as the law related to banking are concerned maybe it is not enough thank you so much think that is the end of the question are there any questions we still have four minutes ask a question or I will get on stage Mark Person actually I am Ramesh actually you had told that we have problems with banks and interest rates all those things actually we have come up with the idea how we can work on this and for this there may be some requirement of some regulation that we need somebody to review and get us approval I will show you this particular material I have and maybe later on you can help us yes ma'am ma'am sorry just wanted to get your perspective here so how would you characterize the trade-off that say China has made in terms of filling a distribution gap when it comes to core access to services and especially in financial services with the kind of data aggregation consent issues that they did the trade-off between which competing imperatives so the imperative of access to basic services which is effectively what India is debating today right in justifying certain breaches on security and privacy with what they were able to achieve in terms of solving a distribution gap which certain two or three internet companies you can argue took that proactive and went far with it but how would you kind of make that comparison with India what is your view of perspective so I am not totally sure if you have two questions there maybe one of the questions has to do with the protectionist stance that China took to ensure that domestic giants arose which didn't happen in many other geographies I mean if I were to answer that question purely from my training that sounds like a bad idea but in retrospect you are always wiser in hindsight it looks like China did the right thing protectionist to some degree so that is perhaps part of the question the second question is in a polity like China the citizens were used to that level of coercion by the state and therefore maybe citizens see that trade-off as an acceptable trade-off in India it's a very different world and Indians are not used to be coerced by the state like that so all we really need to do is ensure different types of access to the very same services if possible so if there is a fintech company and they are willing to loan to me at 1% higher just because I am not willing to give the data I should basically have that choice that is the point I am making and if the legal framework allows for such choices to emerge then it is fine that many other people decide to give large amounts of personal data in order to get access to cheap credit so I think it's a trade-off that individual customers should make rather than the nation state and it is the opportunity really once there is a choice for a variety of business models to emerge so why does WhatsApp have customers because the USP in WhatsApp is that the payload is end to end encrypted so similarly in financial services if I don't know if everybody knows I mean in Karnataka there is this idea of dodmane chikmane that means if I have two wives first wife is in the dodmane and my chikmane is for the small wife so suppose there is a bank that is willing to give me a service that allow to mask all my transactions in the chikmane the privacy enhancing service then I am sure customers will be there for that particular type of service so the vision that we seem to have is perhaps homogenized because we don't have wiggled room in the regulation ideally when we have the regulation there should be enough wiggled room for a variety of creative business models apologies if that was not very politically correct I think we are out of time that was fantastic you guys sustained a 25 minute Q&A which means you are probably awake and ready for our panel I am going to ask the my grinders to bring down some chairs and get the panel to come up so we can get their microphones to them and I want to make sure you truly are awake so stand up please you know I love making you move we are going to play a movement game called 5 4 3 2 1 so we are going to do 5 motions and then 4 and then 3 and then 2 and then 1 and it is going to speed up as we go so we are going to start really slow so that you can get the motions the first motion is 5 jumps so in place 1 2 3 4 5 that is not so hard right the next one is 4 waves 1 2 3 4 and then we are going to move our hips 1 2 then we are going to punch the person in front of us 1 and then we are going to turn around 1 alright do you remember that 5 is 4 is 3 2 1 so we are going to do it a little faster now we are not going to stop, I will count the numbers you guys do the motions 5 I think you guys can go faster ready 5 that is probably enough our chairs are here our panelists are over there you guys ready to come up? come on up the panel isn't quite like a bop like we did yesterday where it is open free discussion the panelists are going to have things to say you can ask questions this is live streamed so please make sure you have a microphone before you ask a question thank you Tink earlier in the day Tink and I we had no way that I don't really enjoy running panels which is that I will give the introduction to all my panelists that's purely in the interest of editorial choices had to be made because we have a lot of meat on the panel so quickly my innovation and it's interesting that who can be resolved and should be resolved as finance is more human right and it's interesting for someone who has been an economist all her life to come into a room full of techies and pretend that she gets half of it the reason that I am doing all of this is because financial space is now increasingly getting tech led way we have seen it happening all along actually that's the point we as consumers haven't really interacted with technology until very recently it was something that banks did in their backyards that kept the system going there was some reporting that was happening to the regulators but as consumers our interfaces were usually managers people whom they had come to know and trust and that's what the mediation really was but increasingly there is a disintermediation of banking services as the court goes much of banking is happening outside of banks today more and more technology led companies are providing efficient solutions which are reducing transaction costs which are helping scaling up the delivery of financial services as well as also impacting the distribution of finance itself many people who were formerly excluded can now get credit even if they don't have sufficient financial history or records simply because alternative lending is now happening and is now bringing the excluded into the regulatory perimeter as well as the perimeter of formal finance a lot of both on the regulator's end because now financial regulators have to regulate technology in a way that they never have and there is also a lot of unfamiliarity end of entities a they don't know if they are regulated or not and b should they be regulated or not and how should a financial regulator respond to someone who is driving on algorithms who is providing payment systems is really not a part of the risks of the payment system but is a crucial gateway so there is this warming up that still needs to happen and many of the regulatory stances which earlier accounted only for financial risks now also have to account for the impact it may have on innovation and therefore the panel today Regulation for Innovation I actually am in the company of giants as I understand so I have with me Amol Kulkarni he is from Cuts, Cuts are consumer unity and trust society they work on the issues of consumer protection with a special focus on competition and the adverse impact when markets are inadequately competitive I hope I have done justice I have with me also Ashish Agarwal from NIPFP thanks to Sunil we all know NIPFP now so particular interest to this audience I think is Ashish was also one of the big contributors to the VATAL committee and we will pick his brains as we go along on the visions and implementation of VATAL as well I also have with me Rohit who is basically a payment service provider into the application of social payments and he is the provider on the panel therefore his views are going to be very interesting I have already overshot my time so I will hurry up so before I actually begin about what regulation has looked like, what it should look like, what are the big barriers I just want to start with asking what should be the principles for a financial sector regulator are there any core non-negotiables that each financial sector regulator has to look out for regardless of the entity that they are regulating and I think Amol we will start with you we will start with you, what do you think should guide a regulator generally and more so a financial sector regulator I think I am audible ok thank you for that introduction and for keeping of the panel so beautifully I think the question that you have posed is right at the heart of how policy making and regulation should happen while you have talked about or you in your question have mentioned regulation I think we should ask we should take a step back and look at the policy or the law itself before talking about regulation just for clarity purposes a policy or a law is made by the parliament regulation is a delegated legislation so to speak and is made by the regulator so a regulation by RBI would be a regulation per se but a payments and system settlement act or some act would be a law and a policy would be say national compensation policy or some other policy while some policies would be framed at the regulator level itself so it should be the basic principles or the first principles of law making or regulation I think we can start from where Sunil had left in his last panel while he talked about the construction of regulator and who should man the regulator it is also important to think about not only why what should the law look like or what should the regulation look like the first question is why there is a need for law or why there is a need for regulation so therefore what we are essentially asking is that what is the problem that is being targeted as what is the defining the problem is most crucial aspect of starting with law making or starting with regulation making if there is lack of financial access if we want to have financial inclusion or if delivery of basic services is not happening through modes which is which it is envisaged currently the problem is what is wrong with the current system and perhaps not what could a new system will look like so the first question is what is the problem that we are trying to solve the second question when we are clear about the problem and when we have defined the problem I think the most important question is what are the possible mechanisms to solve the problem and are these the cost of these mechanisms outweighed by the benefits of these Amul can I request you to hold that thought Ashish so what really determines if there should be an intervention either legislative or regulatory one one feature of the payments market is the network effect right so if you allow the network effects to kick in such a manner that you end up with monopolies in certain manner then that's not going to be official another thing which is not peculiar to financial services is the fact that there is information asymmetry in many markets and you have that in the banking and payments market also so you need to intervene then consumer protection is the purpose all laws are made competition is also a subset of consumer protection so essentially it boils down to this another thing unique about payments is that the faster and better and the efficient payments for them to move it depends on the payment systems on which they ride on and I am talking about payment systems like the RTGS and EFT and so on and so forth therefore how do you make sure that these are running to the optimum level is an important consideration so this is the basic problem and if you permit can I talk about the existing situation actually I just want to weigh in one question so coming back to Amol's point is financial inclusion a cause enough for regulation okay as I think we should not mix up purposes so regulation is an independent function which has to be done for the market failures which exist or market failures which should not result in various kinds of problems now development is a great goal and agenda we should have development but that's not a regulator's agenda that's not the industry's agenda so the development is a state agenda so when state when the government wants to do development they should do so and that should happen in such a manner that the provider of those services are able to be paid for those services so ideally a market led development model is a good model otherwise what you end up doing is that you mix up regulation and development and then you have a kind of a murky world where you don't really know whether we are having efficient and effective outcomes and we can go in detail but that's Rohit coming to you as a service provider do you see the role of a regulator as that of a developer of a market Rashi I think I agree with you on the front that you mentioned mostly what we have seen again being a fintech founder the industry that we have seen and the way industry is evolving has evolved in the past and is evolving at the present financial inclusion or even in general market development and reaching out to the masses is unstoppable like it's not the role of the regulator to do financial inclusion that's the way I see it and I have very strong views on these on these fronts the way I see it I think technology in itself is such a powerful force that there's no way you can stop financial inclusion from happening no way the only thing is you can probably delay it for sure and actually regulations might actually end up delaying it if the regulations are not suitable for that market so I think financial inclusion or market development will happen no matter what irrespective of whatever regulations we have the regulations might end up delaying or speeding it for sure but they won't stop coming back to the point of regulation can either delay or encourage a market so what are the current mechanisms that we have for regulation and how do you think they are playing out so I think you have made a very important point that yes regulations can actually delay achieving regulatory outcomes and I think that is what is happening to a large extent currently as we see payments regulation it is it has been largely a bank-led model and the genesis of this is because banks for a very long period of time have been a provider of a store value as well as payments and credit so all the functions were into one entity and if you thought of bank you thought of everything which is good financial system but as you pointed out that now we are looking at this demodularization of financial services deposit is a different entity different activity payments or transferring money is a different activity and credit is a different activity so perhaps because of legacy issues regulator has not been able to come out of its original mold of bank being good for the society non-banks or other players which are not regulated at the level of banks are not regulated properly so they are still stuck with their old mold of entity-led regulation rather than looking at the brave new world of activity based or risk based regulation. is that there is a bias towards regulating institutions versus regulating functions so maybe there should be a higher and higher move towards functional regulation. Does the current landscape actually show any signs of functional regulation are we missing some big points or what are the big lacunae in the current regulatory landscape? let's take a step back you guys are all technical people right so but I am still going to ask this question how many of you have read the PSS Act or ever opened it and browsed through it the payment and settlement system act? so it has all of less than 40 sections it's a thin book just like this so I think it's important we should look at the law and if you the law came in 2007 this is the first law in India which set up the ground for a payment regulation specifically now what did this law intend to do it intended to just achieve three main things one it gave a legal basis for settlement and netting procedures which are otherwise coming out through some procedures guidelines of RBI so legal second it provided a legal basis for regulation of non-bank entities because RBI was a banking regulator so it did not really have a mandate for non-bank so that was the second purpose the third purpose it provided a legal basis for regulation of clearing houses and setting a ground for regulation of NPCI because again a non-bank entity these were the three things now if you think of a payments law and we think of broadly these three things of course it has 30 or sections and there are other items so one immediate assertion is that this is a very basic foundation so it's like okay let's get going let's put something together so that is great now we have something sitting in 2017 and 18 10 years so we have passed not just 10 years but in terms of technology I think we have leapfrog generation and sitting in 2018 this does not work so we need to reimagine this second when you think of the regulator RBI so now RBI juggles many stuff so RBI is the regulator it is also the settlement institution it is also the payment system operator and it is also a participant it also runs the government business of monetary policy so when you are doing all this then obviously payment is one of the things but then it is just one of the things and also your main incentive is about protecting the financial stability and making sure that the monetary policy is well carried now that at times is that conflict with the essential requirement of payments which is how do you speed up payments how do you make it more innovative so that is where I think the basic landscape sits thank you so two broad points that the PSSA the law itself needs to be reimagined so currently as I would understand most fintech and in fact I should give a shout out here so the Sudarshan Sen committee report for those of us who are in research it is an inter banking regulatory report not inter banking I am sorry inter sectoral regulatory report that brought down all sectors of the financial sector financial regulators the insurance regulator pension regulator SEBI and of course the RBI to see how digital services can actually be kind of encouraged in what are the regulatory barriers right now so the Sudarshan Sen committee report actually says that going by the definition of payment systems most fintech would actually fall out of the ambit of the law currently so is there a need should we just regulate them for the sake of regulating them or what are the points or the functions that they perform that they need regulation to kind of keep the system going exactly so what is the risk that we are trying to regulate so there are broadly 3-4 kinds of risk one is the risk of anti-money laundering terror financing that is one kind of a risk then there is a risk of operational risk or technology risk you know and should not blow up in transit there is a fit and proper risk I should not run away with somebody's money so these are various kinds of risk now who can run away with the money one who has your money but if I am not having your money then I cannot run away with your money therefore that is not the regulation you want to burden me with so if you put this on x-axis and y-axis and then come to a kind of a fair balance you can come up with the risk which you want to regulate but the current pss act it has a kind of an omnibus definition of payment system so practically anything can be part of the payment system and practically anything could also not be part of the payment system so what you want to do is you want to be little more clear on what kind of services you are trying to regulate and then put those risk in context and accordingly have a risk based regulation like amul initially mentioned so amul do you have so there are several examples at present which defy the logic of regulation or the logic of risk based regulation perhaps I can give some examples and then also talk a little bit about how things should be taking from where Ashish has said so for instance let's start with pss act pss act has a section which says that only banks can own settlement agency and all public sector banks should have at least 51% and that is why npci is owned by banks and all public sector banks have more than 50% now npci should in an ideal world be a platform to at which non-banks can directly link up and it is just a payment platform which is facilitating payments from point A to point B it should not matter whether a banking linking up to it or a non-banking is linking up to it which is technically known as interoperability which is also a problem at present and a non-bank has to because of this problem in pss act has to link through a non-bank to link to npci for ensuring that payments happen so this is an even playing field between banks and non-banks when we think about payments and despite both of them bank payment provider or a non-bank payment provider running with the same risk providing same services performing same functions but treated differently and banks being unfairly given unfair advantage as compared to non-banks is it unfair though because banks also undergo a prudential regulation which many payments so do you think exactly so the question is not whether non-bank should go through prudential regulation are they providing some functions which are worthy of being prudentially regulated that is what has ashish pointed out if banks are providing some functions which are worthy of being prudentially regulated they should be but to the extent they are providing payment related services the risk which is to be regulated to the extent payment services are provided basically identity and authentication risk only to that extent non-bank should be also subject to regulation you are actually maneuvering the space as a provider so what are your big kind of takeaways from the current regulatory landscape what's working what needs to be done better so I think what NPCI and even RBI has done well to some extent is regulating the P2P landscape and so we are predominantly in the P2P space so that is where I have most insight so in the P2P space you know like back in the day when wallets came around PATMs and mobile clicks and likes people used to think now we have solved the P2P problem now we can just upload money into a wallet and boom it's P2P what people did not realize and still don't realize many of them that wallets were not meant for P2P wallets actually came around for remittance functions even though remittance is sort of you know one very small sector of P2P the broad P2P that is happening right now is just friends and colleagues and all those people sharing amongst each other casually or friends giving each other loans and all that and then of course the most sophisticated P2P lending sector which is coming up the wallets were actually meant for remittance it's just that they modified it for an urban use case using recharge as a hook and then you know got the people on for other services and that's where RBI and these people have to jump in hold on it's like you were not meant for this purpose we need to regulate the space something weird is happening and of course when the limits around came around so I think that has been a good timing from RBI's and MPCI's point of view for purely for P2P regulation and that is working well so now wallets have sort of shunk away into a relish which they were always meant to be because you know like if we speak about if we compare them to generations of beings they were the amphibians while they were reptiles behind them and now they mammals are coming out so the amphibians will not stay for long and they will always vanish away so that's for the P2P regulations but I think in general especially given what I'm also saying that you know giving access to non banks through NPCI or even other service providers that is something that the government is still lacking on and I think we can discuss that on length in detail how the UK providers like us or other companies as well have been slowed to some extent even though we have managed because of our hustling start of nature but we have still been slowed to some extent just because of these regulations and not getting access to NPCI or such services because of not being a bank Ashish, I see you have an interest yeah so do you know in early days when RBI was up even individuals could have accounts with RBI directly and those checks were treated with greater value than non RBI checks so that's the ultimate of access to banking so in my head there is no fundamental problem with an entity having why not Ashish having an account with RBI okay I may not need it that's a different matter what's the risk we are trying to solve so there are two risks right or one risk the settlement risk so settlement risk predominantly is a risk of payment not going through now in a gross settlement that risk is practically zero because I have my money with RBI I am transmitting that money to Amul and RBI can see my money sitting in its accounts and it will transmit it so there is practically zero settlement risk in a netting system there is more of a risk because the transactions are cleared on a net basis so if something happens then you need to take care so you have the settlement guarantee funds to take care of it also in 80s it was not very efficient to make all transactions go on a gross basis because technology was expensive so you came up with this nice idea of netting it why do you route the same money five times when you can net it out but sitting in 2018 I think computing cost of trash we can even think of routing more payments on a gross system so in effect I don't see a great risk in opening up access as long as the fit and proper criterias are met and if that being so then what's the problem and on that I just want to highlight one point see one thing which has changed is the business model why are we talking about payments outside of banks earlier there was no business model of payments outside banks so what's the traditional model so I am a vendor I supply raw material to a bank which is my savings account now the bank takes that and gives it to a person as a loan so he makes a sale and that's where it earns a net margin now that's the business model of banking so I am the supplier and customer is actually somewhere else now in a payment ecosystem the business model is again the same similar I supply raw material the money goes into a wallet or something and then instead of lending it I am using it for e-commerce and make you shop, make you do transactions and that's the model and that's where I earn my money now the incentives are different in the first model one of my incentive is to slow the money so I want float in the system because I am lending it in the second system I want to speed up the money because if you can't spend your money when you want it and you can do it quickly you are not going to put your money there so I think that's the business model which has changed and which has permitted non-banks to come in and do a business around payments and this is what the law needs to recognize and I think that's the move forward as a service provider I am sure this is not your business model though but it's very close so why don't you take us through what you do and then we will have set of questions around it we started as being more of a B2C company though now our focus is 90% shifted to B2B side we primarily started by helping people collect money amongst each other more like group payments for specific use cases like events, movies, parties and those kinds of things it's a very fun friendly app and diverting away from the boring gambit of payments because this is like a known fact that nobody likes to pay cash out or give it to someone else payment is painful and even asking friends for money is painful and it's awkward so the idea was that how can we make it fun and we saw a couple of models working in the US and the West as well with Venmo and VChat we realized we need to do something different here because this is India it's more like a hybrid of the West and China the way I see it so that's how we came out with our consumer app so we started with group payments we went into P2P over UPI UPI has been a strong base as the backbone and recently we started provisioning out these individual solutions so individual parts of the individual parts of the app as APIs and microservices to other vendors and businesses SMEs, corporates whole bunch of stuff so that has been the journey what would this look like without UPI yeah I think without UPI I would say we won't have 90% of our business and because we based our business solely on this thing and we realized very early on that UPI has to be the future the way it was being designed at that time and wallets as I mentioned were just passing by waving at us and so yeah so we could have made a hybrid app or hybrid business which was doing so so not so good just using wallets or PPI's which were like intermediaries but if we did not have UPI the real business that we have right now not just monetarily but more in terms of the impact that we are having would not have been good and I guess this is also true for many payment apps and other business models that are solely kind of leveraging UPI yeah absolutely I mean if you are leveraging UPI I mean the way I see it UPI gives you ultimate freedom in terms of banking access to a person so I think the person also feels very powerful this is something that people don't realize initially they actually feel like sort of afraid when they are not aware of the whole litigies or even just how to use it they feel afraid that an app has access to a bank account what does that mean and all that stuff but what they don't realize is that you own the app you own the device so as long as you are in control you should be powerful and they are giving power back to consumers that's the way I see it so what are its unique vulnerabilities allegiance to devices is one right right so I think that's actually yeah they are always closing cons of any any direction that you take so given that it's linked to uniquely to your device so that's the benefit that nobody else can use it but then if you use your device then there is a high potential risk even then there is a second factor authentication which comes in which is your MPIN which ideally people should not reveal and they should not even keep it same as ATMPIN which is again an education part people think of UPMPIN as an ATMPIN people think of debit card as an ATM card like 80% of people use debit cards for ATM cards that's it no other use case so you know that shows you there is like a lack of education which is a big problem not the security not the security okay so as I understand most payment providers are they currently regulated do they fit into the payment systems or are you regulated by the third party guidelines of the bank yeah so mostly depending on what infrastructure you are using so if you are using UPI then definitely you come under the bank guidelines NPCA guidelines and the way RBI structured the whole UPI as an infrastructure so those guidelines need to be followed so those are predominantly well as I said UPI as an infrastructure is pretty well designed like I think there was a recent article as well by Wharton if I'm not wrong how UPI is literally like breaking literally breaking leaks and bounds in terms of the whole world not just India no way in the world can we do instant bank transfers from one bank to another bank 24x7 free of course and you know using just one single switch so no way in the world so yeah so I think those guidelines are there for us but depending on again your infrastructure so there are some companies that use white label PPI solutions, white label wallets from banks then they come under the PPI guidelines if you are just using you know pool account or nodal account so those things then you come under DMT which is the best money transfer guidelines so yeah depending on those infrastructure there is a set of guidelines that you will come under so clearly UPI has been revolutionary Ashish what's your take on the revolution of UPI we only know how good we are when we compete right I'll always win the race if I am the single guy running and I don't say it in a I don't mean to take it lightly in fact I completely agree with you in terms of just having a 24x7 payment system IMPS and UPI is revolutionary in fact when we look at the laws in many other countries which are maybe far superior to Indian law they still don't have the systems that we have managed to develop and that gives us confidence US is so complicated because of their legacy systems we have to fix things it's going to take them a lot of time to make payments in US it's actually not so easy even within Europe it's not so easy to do payments while they have the EU and things so in that sense I think we are really making a lot of progress but I think there is a lot we can do and for instance I was just putting down some questions and these are all wise so why do we not have a zero KYC low value digital card which is equivalent of cash and which I can cash in anywhere in the world I can go to a grocery shop and cash in and when I want to exit that card I surrender it and I get my money back it happens in South Korea I use it so I think it easy is a lot of things why is it so difficult to do an outward foreign remittance I had to transfer 70 euros and it was a struggle unless I decided to go to a bank branch and actually get it done why does RTGS system go back home at 6.30 or 8 in the evening and takes weekends off it's a software it should run 24 by 7 public holidays also what's the risk in allowing the non banks to access RTGS directly I just quickly complete there are more than 26,000 NBFCs in India we started in 1960s why can't complaints against NBFCs be filed with the banking ombudsman I mean we are talking about PPI's complaint but look at them Ashish I'm sure we have a time for this in just about 5 minutes but quickly coming back to UPIs so I think that many of the things about portability and few of the other questions they are being addressed by UPI in some way it doesn't take weekends off you take UPI's procedural guidelines which says that non bank access can happen through sponsor bank and then you go and sit with your sponsor bank and figure it out there are no API like guidelines which are objective which says that if you follow ABC you will get access that's what you want that's like the PSD2 directive that you have API based access lay down the rules that's it how are consumers perceiving UPI do we feel are there any challenges I'm an economist I really kind of like numbers so we have a lot of bank led UPI's I'm sorry but if I include WhatsApp then I guess it's about 5 today which are non bank most of them are backed by formidable capital and they have the luxury which many players won't is it a symptomatic of something some underlying regulatory stances that have been taken are we kind of preferring one kind of players over others and what is the consumer experience like okay so I think yes when we take a look at different types of players in different payment services made be P2B lending or PPI's or other such things I think it is predominantly dominated by bank led service providers and while non bank service providers are there they are catching up fast but they are still small and a lot of way to go you had mentioned WhatsApp and Google so for instance I was just looking at some of the numbers and we all know that UPI has three major players are basically BIM then there is a phone pay and TES so while BIM was leading both volume and value since 3 months ago but after the launch of TES and phone pay has also caught up and both of them had dislodged a BIM to the number 3 slot and they are leading the transactions by volume as well as value which basically is also significant because of these non banks or independent providers are not being incentivized by government if you see government regulations or government incentives they have launched a lot of cashback schemes they have launched a lot of promotional schemes to promote UPI and BIM which is NPCI owned so I was looking at some statistics around 3000 crores have been budgeted to be spent on promotional schemes for 3 years to make UPI and BIM functional and despite that bank led UPI models are not in a position to provide user interface or provide stickiness which non banks can provide which is basically shows what experience and what is the comfort level when innovation and consumer interest come together this raises a very interesting facet that when NPCI itself has a product that comes out and tries to compete in the market I am not sure if it is competing and I mean things that they have been able to do let's say add BIM to the name of every UPI player and similar things do there is competition issues right at the outset is it in some way subtly kind of impairing the balance of the field? Absolutely and this has been one of major pain points on what exactly is NPCI because you said that you are following NPCI directives but NPCI is not a regulator NPCI is just a bank owned as Srikanth had mentioned yesterday we are in an environment which is owned by banks and NPCI should ideally be regulated by payments regulatory board which was supposed to be made last year which hasn't been operationalized as yet NPCI is a systemically important entity to my mind but it has not been treated as such and then it has launched an app which is competing with other service providers and banks who own NPCI have to change the names of their apps to BIM app and government is incentivizing that BIM app so there is a lot of fuzziness which is happening and the most important problem is that NPCI doesn't give it numbers there is no transparency on what are the failure rates what is the success rate what are you charging, what are you not charging what is the level of security you are providing I hate being a moderator because of bells like those and I will quickly there are two important questions that I really want to take on this panel one is on the ecosystem level there is this whole question of data protection and while we see that UPIs are privacy enhancing with respect to some transacting parties but not all and there is this differential not differential privacy as we understand in the world of data protection but there is this whole concern about privacy that's one and second is consumer grievance that where does the consumer go a lot of layers are being added transactions failure can happen at different levels is it time that we had a unified redress once and for all for financials actually I will now just go alphabetically because I am just doing a rabbit fire now so I think Sudarshan Saiyan committee had talked about grievance status mechanism and monetary policy statement of RBI has in one of the press releases of development objectives they have said that yes they will come out with a non-banking ombudsman but I really don't understand what is this banking ombudsman how would a consumer know which entity to approach when we talk about grievance status and that is why there is a need of financial redress agency we already have a FSAT which is across sectors so there is the earlier we think about unified redress agency and therefore a unified service regulator not a entity based regulator then it will complete the circle just having a unified redress agency won't fit within the broader ecosystem quickly your thoughts on data protection so in the financial space data protection in the financial space is very important the legitimate purpose test is required despite there being a consent or not there has to be in our submissions to the committee there should be no and then the consumer should be prompted to take over on options of what data it should be willing to share but then despite consent the purpose limitation should be there and there should be grievance redress at all levels I am sorry for rushing this yes Rohit grievance redress and data grievance redress I think has been sort of covered to some decent extent in the matured systems like PPI's and wallets have covered to some extent because they have been there for like 5-6 years now UPI UPI you are right is still very new in terms of these because people are still coming to terms with the fact that how do I use the system rather than let alone solve an issue it will take a while just like any system has go to standard S curves and there will be a three stage cycle earlier doctors later doctors same cycle and I think this is in the first so I would expect grievance redress to catch pace and come in the limelight when we reach the second slope what would a good grievance redress look like according to so I think in this case like if you take an example of if I am a customer of a beam branded app like a bank app so the first level of redress should be the bank because the bank is providing the front end to me obviously even though there has been just a label of beam but then beam won't listen to me there is no entity as beam it's just a brand of all so the bank has to be the first point and the bank needs to take owners and I think banks are already taking owners on that RBI is very strict about that and RBI makes sure that banks are always on the toes so I think that is the first step and then if need be then the next step would be the bank would obviously the customer cannot interface the bank needs to pass it to NPCI or whoever the authority might be in that and data protection so data protection I mean just from being like founder of a company I know that privacy or just like protecting data pure transaction data which is of supreme importance or even user that details of profile data both are equally important for any consumer but I think if we talk about the user profile data the user profile data as a generation we have reached a point where privacy has become a myth for user profile data that's the way I see it and as soon as we accept it the happier it will be that does not mean that user profile data is not important just means that yes it's literally everywhere and also I mean being a payment service provider someone who personitates payments how important is security like what is the security arrangement like what are the vulnerabilities so in this case the good thing is that if you are riding on a strong system like UPI because I will speak only for my example the vulnerabilities get down drastically by default because there is only so many evers that you can pull because you can't like customize the whole thing again and again so the only vulnerabilities that come around are from your front-end system your application not from the server itself so the idea is that okay your application designer should be well suited first of all to make sure the bugs are not there in the first phase itself and then you need to have an audit internal external audit to make sure those vulnerabilities go away purely but application level that's what is you guys recall the Uber incident in London when Uber was trying to sidestep the regulators right so I just want to say that where is the regulatory capacity in India to actually supervise a lot of these issues about privacy and data protection so if I put an owner so new as a regulated entity that you should do this this this what is my ability to actually check and verify that you are actually doing this so I think that is a cause of concern and where the regulation may to develop and what is the solution to that I think regulatory capacity partly that is the solution I mean you can have great laws in future also but the regulator needs to develop that kind of supervision on the consumer address as Amol mentioned when I buy a service now I buy a multiplicity of service bundled into one so where is the payment and where is the mutual fund and where is the insurance and where is the banking they merge so I think I was also the technical secretariat to the financial address agency and I think the time for that is there that we should have a single agency I agree with Amol that the challenge of having a single address agency in a multi regulatory environment is not necessarily great but which just means that our regulator need to coordinate even more thank you I think job of saying that I am afraid I can't give you time for concluding remarks because think will de-chair us all here so quickly the big points of the panel are the regulator before entering into the financial space regulation should always be careful about what is it that they are regulating in ownership neutrality irrespective of who runs the institution is a big regulatory principle that regulators need to follow functional regulation guide your regulatory requirements by the function that they are providing in the financial value service chain as compared to having a omnibus regulatory requirement is really not desirable then there are of course competition issues when you know when government entities and other entities actually compete in the same space and it's not just about ownership again it's also about most of them being backed by formidable capital and that may actually work to the detriment of the consumer in terms of limiting the choices that are available Ashish made a point that if I am the single person running and I win then that is that really a victory so the point is that of course more consumer choice which automatically means more players and that is one objective that the regulator should have it's time that we had a unified redress agency most importantly one touch point for the consumer regardless of the medium that they are using so more and more what I am hearing is that regulation needs to be technologically agnostic institutionally agnostic and less and less burden on the consumer because we are all nice people here quickly coming to data protection side of things yes to the extent we can and just to say this that in my own capacity to the fullest extent that we can legitimate processing, proportionate processing of data and consent not being a kind of a means to circumvent responsibility on the provider side is really that will help encourage the confidence of the consumer when entering digital financial services thank you for a great panel thank you for upkeeping the academic rigor also great shout outs from Amol last night regarding the Sudarshan Sen committee report and a few other things that we haven't been able to go to thanks and I open for audience questions you have just a minute if anyone has a question raise your hand one okay quickly guys just a couple of quick questions one is to Ashish specifically because I know you are part of the Watli committee and generally along the lines of why do you what was the exact thinking about recommending a PRB structure within the RBA as opposed to another option which was clearly referenced on having an independent regulator all together and in general now that's happened now that legislations are loved for the fact that you have a PRB now with adequate or maybe too much RBA representation in it what do you think is probably the structure in which it should go about and what are the predominant functions it should address that is one and secondly it is to Amol just to this is not a nitpick just to understand what is the exact nature currently in the system do you think is not functional or risk based because in the payments industry I feel we can't say it's completely risk based or completely functional but there is a definite movement towards it and clearly we see that with the PPI guidelines moving to say that there should be full KYC before you know you want to increasing the transaction limits so in general just to give you just to ask you about where the largest pain points lie in terms of not having a functional or risk based regulation the short answer to your question is that a committee has a group of people and the final recommendation represents a consensus view and it does carry all the individual views so that's where we are so you talked about PPI regulations I think in PPI regulation and you talked about full EKYC we need to take a step back and think about why there is a need for fully EKYC in case you have if you are okay with functioning with 10000 rupees a wallet why do you need to provide all your details which are on par with 10000 rupees a wallet so that itself is a question second question if you go a little bit deeper is non banks have to park all their money in an escrow with banks so why is there a need? because banks are their competitors so to speak so can there be no better mechanisms to save to save consumer money and to ensure that non bank PPS can also earn interest or can also earn income on their stock which is happening so there are several issues on PPI and P2P platform regs which distort the level paying field and which perhaps are not ideal in nature we can I think discuss thank you very much Denny that was an incredible panel and thank you to all our panelists so about those flash talks still don't have any sign ups which means you have to hear the song and I actually need some help so I promise I'm not sure which but I would sing a song if no one signed up for flash talks and no one did so at lunchtime I wrote a Gregorian chant about bitcoin but I need some help because I can't sing both parts myself so audience is going to get to be the one note drone against which I sing so can you guys sing let's see oh okay ready oh today I found I had no bit yesterday I'm sure that there were ten did somebody go shopping my smart contract says that I can spend up to 0.004 per transaction that's the same as one of those pink bill did I buy a 2BH in my sleep better check my ledger since there are no flash talks you guys are free to go and have a little bit of an early tea break there's a bof upstairs in the circular area with all the chairs on data protection that Sunil is running so if you want to have a random chat and ask questions and answer questions please do go upstairs to the first floor we will be back here at 4.30 for a birds of a feather session on security and fintech so if you're still interested in talking to people about security come back here at 4.30 for a 45 minute session enjoy your tea