FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

BIOMETRIC SMART CARD BASED TECHNOLOGY SOLUTION

FOR

FINANCIAL INCLUSION

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD. C-401, Business Square, Chakala, Andheri Kurla Road, Andheri (E), Mumbai-93, INDIA

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

Financial Information Network And Operations Ltd. is incessantly working towards its vision of making banking available to the unbanked masses. In FINO, we are committed to ensure the most reliable, transparent and fast yet secure mode of financial services to reach to the remotest of the areas in the Nation. In a matter of 2 years we have become the only technology solution provider in Financial Inclusion with more than 1.5 Million customer base. We have covered one third part of the country with 200 districts with in our reach. We think our work has just begun with our focus on development of a transaction platform and robust back-end to capture and maintain customer demographics and transaction data. With the scaling up of FINO operations, FINO envisages a goal of enriching the services provided to clients with as many utilities as possible. FINO believes in making itself strong enough in its service efficiencies that it proves to be a source of immense value addition not just to the Financial Inclusion as a field but to the Nation as a whole.

All men dream but not equally. Those who dream by night in the dusty recesses of their minds wake in the day to find that it was vanity; but the dreamers of the day are dangerous men, for they may act their dream with open eyes to make it possible -T.E. Lawrence

Copyright (2006) FINO Ltd.

All rights reserved. This material is confidential and proprietary to FINO Ltd and no part of this material should be reproduced, published in any form by any means, electronic or mechanical including photocopy or any information storage or retrieval system nor should the material be disclosed to third parties without the express written authorization of FINO Ltd.

Trademarks
All trademarks used in this document are the property of their respective holders. FINO expressly retains all of its right, title and interest in its trademarks. No one shall use FINO trademarks without obtaining prior express and written consent of FINO, PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

except already expressly granted in a different written arrangement between the parties. TABLE OF CONTENTS EXECUTIVE SUMMARY COMPANY OVERVIEW ORGANIZATION STRUCTURE SERVICES OFFERED TECHNICAL SOLUTION TECHNOLOGICAL DEVELOPMENTS Annexure 1 Annexure 2 Annexure 3 Contact Details 4 6 10 12 14 21 23 26 35 36

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

EXECUTIVE SUMMARY Financial Information Network & Operations Ltd (FINO) proposes to offer its Biometric Smart Card based Solution which has been successfully implemented for various public and private sector banks as part of their Financial Inclusion project. The solution has been designed to address electronic delivery of banking & other financial services in the urban / semi urban / rural areas by adopting forward-looking business & architectural principles built on advanced technologies and products from world-class vendors. A right blend of social concept, practical business scenarios, advanced technologies, skilled people and matured processes has enabled superior feature set of the proposed solution. FINOs solution primarily consists of following components: Enrolment System o o Capturing demographics data, fingerprints, photograph and other required details Application form sourcing / printing and processing through authorized Business Correspondents o o De-dupe check based on Fingerprints Account opening in respective banks system through customized interfaces

Smart Card Personalization & Issuance o o Central personalization Over the Counter (OTC) Personalization & Issuance

Handheld devices to conduct financial transactions in field in offline mode through smart card based fingerprint authentication and synching data with Server in secured way using various connectivity options like PSTN / CDMA / IP etc.

Central Host Applications

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD. o o o o Card Management System Agent Management System Transaction Acquisition & Switching System

Customer & Transaction Data Management System with customized interfaces with banks core banking system along with MIS Reporting

Automatic Fingerprint Identification System ( AFIS)

The salient features offered by FINOs solution are: A fast & effective delivery channel to reach the underserved / unbanked citizens Better information management, as the data was captured at the grass root level in electronic format, transmitted electronically in a secure manner. Better monitoring of transactions and reducing fraudulent activities by usage of biometric based authentication A single point Delivery channel for various Banking products (Saving, Loans, Remittances etc) & Govt. Programs (NREG, SSP etc)

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

COMPANY OVERVIEW

Financial Information Network and Operations Limited (FINO) was incorporated in June 2006 and launched on 13th July, 2006. The company was founded with the single objective of building technologies to enable financial institutions (FIs), Banks, Micro Finance Institutions (MFIs), Insurance Companies and Government to serve the underserved and the unbanked sector to achieve the goal of inclusive financial services. FINO has since then been developing Financial Services Delivery Systems at very affordable charges to enable Banks/MFIs and above mentioned institute. FINO aims at being sectoral entity with stake holders being Banks, Financial Institutions, Insurance Companies and Foreign Financial Institutions. FINO endeavors to create a financial and information supply-chain into the customer last-mile customer household and bring the vast majority of the underserved Indian population, currently estimated at 500 million, into the economic mainstream. FINO has built a platform based on cutting edge technologies including, Smart Card system, Core banking system, ID management system and interfaces to 3rd party systems. The platform is very flexible and modular and new technologies and requirements will be added on to increase the robustness and utility of the system.

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

The FINO system is a transaction platform that is available to different entities across the financial and non-financial worlds. In addition to providing a range of services, FINO is dedicated to working with its customers and partners to stimulate the growth of the overall market, both in the financial and nonfinancial markets. Building the client base from the current size will require an unprecedented level of partnership and collaboration among players in the value chain. Also, for governments and institutions, to reach out to individuals for providing various facilities and benefits, need a medium to uniquely and effectively identify and record transactions. Rather than simply selling its services, FINO is actively developing a network that includes customers, banks, governmental agencies, agents, and other participants in the value chain that FINO is enabling through its shared technology platform. Participants will derive value from the aggregation effect of the network that go beyond the benefits they enjoy from FINOs services alone. FINO will work with its partners to increase the attractiveness of participating in the network, expand the number of potential customers, and build the base of clients who could then be served by different entities. FINO will ensure that its services and market position allow it to easily engage with new entrants. CLIENT BASE FINO is providing service to end-customers to enable their integration into the system so various stake holders wanting to serve this customer base can use the FINO network to reach out in an effective and efficient way. It is FINO's business to provide services to these organizations that provide financial and other transaction-based services to these clients. FINO is currently working with Bank of Baroda, Corporation Bank, ICICI Bank, Indian Bank, Oriental Bank of Commerce, Punjab National Bank, Union Bank of India and United Bank of India. FINO is also in talks with other banks prominent amongst them being, Axis Bank, Allahabad Bank, Canara Bank, Dhanalakshmi Bank and HDFC Bank. There is currently 10 MFIs operating on FINO Back end platform and another 5 MFIs are under implementation. FINO is working with Government of Andhra Pradesh, Himachal Pradesh, Madhya Pradesh & Tamil Naidu to distribute NREGA and pension payments. We are working in Insurance vertical with ICICI Prudential, ICICI Lombard and LIC.

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

FINO is also the technical advisor to the World Bank and Ministry of Labour and Welfare for Rural Health Insurance for Rashtriya Swasthya Bima Yojana.

OTHER KEY PARTNERSHIPS FINO has partnered with a number of stakeholders that are aligned with its vision. These include: Investors - FINO has raised capital Rs 80.0 crore from diverse set of entities broadly shared equally between Public Sector Banks (30%) Corporation Bank, Indian Bank, Union Bank of India and LIC; Private Entities (30%) ICICI Bank , ICICI Lombard & IMFR and Large International Investors (40%) Legatum Global Development, Intel Capital and IFC-Washington (The World Bank). FINO Board of Directors have diverse experience from different fields and comprise of one person each form Public Sector Bank, Private Sector Bank, International Investor, three Independent Directors and an Executive Director. With strong local and international promoters, FINO will be able to bring comfort to its customers that FINO has a strong financial backing and good corporate structure. FINO with such participation is poised to become a sectoral entity serving the technology needs of the rural customer.

Technology partners: FINO has built a platform using cutting edge technologies to provide services and add value to its customers. FINO has meticulously worked in the selection process and identified the right partners for this innovative project. We are already working with global players like IBM, BGS, Austria and Cogent from USA for our hardware & systems, I-Flex for core banking solution, Smart cards solution from Sagem, Gemalto and Oberthur. We have also

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

partnered with some other vendors and technology players like NCR, VeriFone, and FSS etc. for our new project initiatives in Mobile banking, Biometric ATM, cashless Card etc. And in future, FINO will be working with various partners to identify emerging technologies and integrate into FINO platform VISION The vision of FINO is to achieve a breakthrough in the scale, relevance, and reach of financial services for the un-served and under served clients throughout the world. The core business of FINO will be designing and implementing innovative technology solutions systems, services and networks that will enable financial service providers to reach billions of under served clients, providing them with a greater range of services at a lower cost. Over the first five years of its operation, FINO intends to work with its partners to grow the micro finance base to over 25 million customers and more than 980 million transactions per year. FINO has initiated the journey with a large step of 1.5 Million enrollments. FINO has diverse mix of resources having experience in relevant Technologies (Smart Cards, Biometrics, Payment Systems etc.), Banking and Micro-Finance sector. FINOs operation team has substantial relevant expertise in executing field and central level operations like enrollments, transaction & data management, device installation & maintenances etc. It follows rigorous process while putting resources on project and ensures that adequately skilled & trained people handles the critical activities.

FINO conceives a goal of becoming a complete resource of services in the field of Financial Inclusion and place itself as an end to end service provider for the clients.

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

10

ORGANIZATIONAL STRUCTURE The board of Directors of FINO is a consortium of highly skilled professionals, who have gained expertise in their respective fields over the years. The Board of Director consists of professionals of Chief Executive and Managing Director level from fields like Banking, Financial Services and Information Technology. The strong association of the pivotal people in FINO with the Banking and Finance arena, has brought FINO to competitive edge in the field of Financial Inclusion. FINO Management Mr. Manish Khera, Chief Executive Officer, FINO Mr. Manish Khera is the CEO of Financial Information Network & Operations Ltd & is responsible for charting out the Companys growth path and sound base. Mr. Khera had 13 years of experience with ICICI Bank. His work experience in Banking has exposed him to the entire gamut of client base from large corporate clients to the micro clients. In his career span he has gained experience in areas of corporate banking, government business and mass / rural banking. Mr. Khera is an engineer with a Master's degree in Business Administration and MPhil in Environment and Development from Cambridge University, U.K. specializing in the field of Climate Change.

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

11

Mr. Khera's exposure to the developmental issues commences from his training in the basic aspects during his education in Cambridge and got enhanced in his exposure as part of Government Banking Team at ICICI Bank where he understood the several developmental challenges that various government departments were trying to address through policy level and financial intervention. Mr. Khera has exposure to Micro-Banking since year 2003 across areas ranging from business to technology. Mr. Khera is very passionate about serving the underserved through the FINO Business Model which he thinks would change the approach that has been adopted to serve the under-served and bring about large penetration in customer base and operational efficiencies to the institutions focused on inclusive banking. Email: manish.khera@FINO.co.in

Mr. Rishi Gupta, CFO & President (Sales & Marketing) Mr. Rishi Gupta is the CFO and President - Sales and Marketing of Financial Information Network & Operations Ltd. He is responsible for Corporate Finance, Funds raising and Investor relationships. He is also responsible for business development and boarding new clients. Mr. Gupta has vast experience of more than 13 years in Manufacturing, Banking and International Organizations. Prior to joining FINO, Mr. Gupta was working with International Finance Corporation (Largest Multilateral agency in World, The World Bank) in their Regional Office in New Delhi. He was responsible for project finance and corporate finance function of the office. Prior to IFC Washington, Mr. Gupta was part of the team which studied the banking operations prior to merger between ICICI Limited and ICICI Bank Limited (Largest Private Sector Bank and 2nd Largest Bank in India). This stint in the bank exposed him to handling an array of general banking operations for retail customers. He has worked in the project appraisal department, which encompasses detailed appraisal technique for project lending and short term lending of the leading Corporates of India. The portfolio consisted companies in Finance, Consumer Durable, Textile, Sugar and Real Estate. Prior to ICICI Limited, Mr. Gupta was working in Maruti Udyog Limited (Largest Car Manufacturer in India) where he was heading the Budget and MIS Department, and working closely with the senior management. Mr. Gupta also undertook special project assignment on the modernization cum expansion programme for 0.1 million vehicles. Mr. Gupta began his career as an Article Trainee at Price Waterhouse Coopers, wherein he gained a stupendous exposure to accounting systems, review of internal controls and checking compliance of legal legislations of the top Corporates of India. Mr. Gupta is Chartered Accountant & Cost & Work Accountant with an all India Merit 33rd in CA Final and 32nd in CA Intermediate. Mr. Gupta graduated in B.Com (Hons.) from Shri Ram College of Commerce (best commerce college in India).

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD. Email: rishi.gupta@fino.co.in

12

Mr. Rajeev Arora, President (Projects & Implementation) Mr. Rajeev Arora is the President - Projects & Implementation of Financial Information Network & Operations Ltd. At FINO Mr. Rajeev is responsible for strategizing and overseeing the operational aspects of FINO. He has a rich experience in operations & maintenance spanning over 14 years. Prior to joining FINO Rajeev was associated with ICICI Bank in Corporate Banking. Prior to ICICI Bank he worked for 3 years with NTPC taking care of operations and maintenance. Email: rajeev.arora@fino.co.in

FINO Workforce FINO started with a group of 20 professionals. Now FINO has grown up to a direct workforce of 200 people by the end of two years of its operations. The company is all set to meet its growing needs by continuing to operate under an outsourced model. It has grown to more than 1000 outsourced workforce on the field. The potential and competency of FINO has been developed over the time with the help of selected professionals coming from best of the institutes in India.

FINO Offices FINO head office is in Mumbai and 9 zonal offices in Bhubaneswar, Bangalore, Chennai, Delhi, Hyderabad, Lucknow and Navi Mumbai, operational across India. We have a multilingual helpdesk active at Bangalore.

SERVICE OFFERED
BUSINESS CORRESPONDENT SERVICES (FINO FINTECH FOUNDATION)

In order to ensure wide reach along with lower transactions costs, timely MIS, information consistency to bring more transparency in Financial Inclusion business, it is of utmost importance to create a technology platform for unbanked customers to obtain various financial and non-financial services with efficient

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

13

operations. To overcome the above hurdles, a new company, FINO Fintech Foundation (F^3), a Section 25 under the Indian Companies Act of 1956 has been incorporated on June 26th 2007. An independent executive board comprising of well-known names in micro finance, financial regulation & administration, banking and technology sectors govern F^3. F^3 has been established to carry on the activity of promoting sustainable livelihoods for the rural poor and underserved classes by helping them becoming economically self-reliant, through the provision of Financial, and Insurance services and technical assistance in an integrated and sustainable manner. The activity of this Company is not for profit. F^3 is working with the partners of FINO to establish an end to end distribution platform thereby ensuring reach to Financial Institutions (FIs) in those geographies and amongst that section of the population which has been considered as outreach. F^3 would achieve the above objective by partnering with organizations like Corporate, NGOs, standalone retail establishments, Government affiliated organizations like KVIC etc., Customer Service Centers established under the NREGP programme of the Department of IT. Details of FINO Fintech Foundation are attached in the Annexure.

FINANCIAL SERVICES FINO provides a complete range of financial services to the un-banked and under-banked populace both in urban and rural areas. The range of offline Financial services offered to the Banks are:Savings, Loan, Insurance Premium collection, Fixed deposit and Recurring Deposit. The range of the services is consistently becoming more exhaustive with addition of new services like Remittances etc. the scalability of the service NON FINANCIAL SERVICES Government Applications: Biometrics on card provides positive authentication opportunity to serve as delivery channel for various government programs such as Rashtriya Swasthya Bima Yojana and National Rural Employment Generation Scheme (NREGS). CREDIT RATING OF AN INDIVIDUAL FINO is in the process of designing a Scorecard with international expert on Credit rating LiSim, a specialized consulting company, which orients its LiSim Scoring Solutions towards institutions that are focused in homogeneous massive markets. It also has the PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

14

objective of bringing support and effectiveness to the automation of processes of application assessment, recovery actions and analysis of marketing. FINO in collaboration with LiSim is working toward fulfilling following objectives: To develop statistical Scoring models for approval new clients applications regarding payment behavior forecast (Evaluation Scoring LiSim). To develop statistical Scoring models to improve effectiveness at the collection process with lower use of resources. To develop statistical Scoring models to increase the profitability of current portfolio trough an efficient and accurate renewal and crossed sells process. To develop statistical Scoring models to make stimulate institutions population to increase the transaction volume.

TECHNICAL SOLUTION Solution Overview The Smart Card Solution for the Financial Inclusion project involves a Customer Enrollment System, Card Personalization & Issuance and Central Host consisting of Card & Transaction Management System and Point of Transaction (POT) Terminals with SAM cards for the authorized agents to carry out financial transactions. Central Host enables data exchange with Banks systems over well-defined interfaces and also provides various MIS reports required by the bank. Each beneficiary will be provided with a Smart Card personalized as per the bank approved artwork, which would be an ISO 7816 compliant Smart Card. The Smart Card stores securely the Members personal details and four Fingerprint data for authentication, the financial product specific data like Saving account balance etc., latest transactions and any other details as required by bank. The data to be stored would be limited to the size of the memory available on the Smart card.

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

15

The biometric based Smart Card system enables agents (BC) to verify the customers and offer the services for the products provided by Bank at the various transaction locations located in the villages. At the transaction locations the Point of Transaction (POT) Terminals would first authenticate the beneficiary card by using symmetric key mechanism (3DES) and then checks the validity of the card by comparing with the hot listed cards data stored in its memory. The Beneficiary would then be authenticated by matching his/her fingerprint with the one stored in the Smart Card for availing the benefit / payment offered by the scheme. The Smart card terminal would also register the details of the beneficiary and the transaction details in its memory and the same would also be written into the beneficiary Smart Card memory. The Smart card would thus be like a portable passbook / job card in electronic form. As the transaction points may be located at the remotest of village, there is a high possibility of connectivity issue and hence the solution proposed is an offline solution. In such a case the POT terminals at the transactions locations need not be connected to the backend server for performing the transactions. The transaction data are securely stored in the memory of the terminal and are also backed up in the SAM. At the end of the day the transaction data would be transferred to the Central server located at FINO via the transaction processing and settlement switch for the purpose of reconciliation and posting the same to CBS of the bank. The transfer of data can be done either by connecting the terminals to CDMA / IP or through PSTN Dial up. The same mode of data transfer would be used for transferring the information like, Transaction updates, Hot Listed Cards, Activating Products etc from the server to the POT Terminals. The banking products envisaged by the bank like Saving, Loan, Remittance, Insurance, Pension distribution and other third party products as part of the Financial Inclusion initiatives of RBI can be included and activated as and when required. The below mentioned diagram provides the conceptual view of the FINO Solution:

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD. FIGURE: Overview of FINO Solution

16

Service Management (External Agencies)

FIGURE: Logical Architecture of Smart card system

Card/ Ter. supplier

FINO Enrollment System

Smart Card Management System
(Admin, Supervisor, Agent, Customer & SAM Cards)

Terminal Management

Agent Management System

PRIVATE & CONFIDENTIAL Automated Fingerprint

Identification System

Core Banking System

Infrastructure Management

Key Management System

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

17

Third party Host / System

T = 0, t= 1
T=0, T=1 ISO 7816 based extended length APDU Support

PSTN Serial Sync ISO 8583

T = 0, t= 1

Network Access Controllers

SWITCH Transaction Acquisition System INTERFACE SERVER (Transaction Acquiring) (Host Updates management)

System Architecture logical components

Enrollment: The enrollment solution is a standalone Client Server application with a local database installed in the PC / laptop. The Enrollment kit includes a Fingerprint Scanner, High resolution web camera and a signature pad (optional) connected to the PC / laptop. The data entry operator will capture the beneficiary data from the application form submitted by the beneficiary and the photograph & Fingerprint using the enrollment station. Alternatively if the data is already available in softcopy the same can imported to avoid re-entry of data during enrollment process and only missing data, photograph, fingerprints can be captured.

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD. Salient Features: Capture the digital photograph of the beneficiary using a Web camera Capture the digitized signature of the beneficiary using a signature capture device Capture all 10 fingerprints of the beneficiary using a High resolution FP Scanner Capture demographic data to be maintained in the local / cardholder / central database MIS reports Day wise / Month Wise Enrollment details Beneficiary details Any other report as required by Bank

18

Account Opening: Access to enrolled data is availed to the Bank officials as per the defined process. Bank officials authorize the data for which bulk customer addition and account opening activity is carried out. Interfaces with CBS are well defined so as to get new account opening data in seem less manner. For all the approved customers, personalization files are generated containing required enrollment and account details. Card Personalization & Issuance: Personalization involves printing card holder data on the card and loading data into the chip that would uniquely associate the beneficiary to the smart card. We proposes that the Personalization to be done at a central location (FINO personalisation center) using high end personalization printers to support mass card personalization and distribution. An automated interface will reduce the potential for manual errors. Security is also a factor to be considered, as the secure transmission of data is critical, particularly since the automated interfaces will be used to transport card personalization data from card management system. The personalization processes include combination of the following: Loading basic demographic information, fingerprint, account and keys on the chip Printing card graphics Printing a photo and signature image on the card Printing demographic data on the card

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

19

The process of distributing personalized cards to cardholders is called card issuance. As a security measure, the issuance agency shall compare biometric that is stored in the card with the beneficiary biometrics using the POT terminal and is activated before the card is handed over to the beneficiary. The issuance information is stored in the terminal memory and then transferred to the central server for activating the beneficiary. Central Host: The central host consists of various sub-systems and is primarily used for the Customer & Transaction Data acquisition, processing, storage & management. Card management System Key functionality of card management system comprises of system processes related to management of whole life cycle of smart card issued within the system. Currently FINO Smart Card Management system supports following card life cycle functionalities: Card Issuance Card Replacement Card Reissue Card hot-listing

Following types of cards will be issued within the system. Client provides the authorization for issuance of these cards: Agent Card To be issued to Customer service agents / operators of the BC End customer card to be issued to end Customers of the Bank SAM card for POT Devices stores the system keys and end Customer transactions

The card management system will cater all such card replacement requirement. A new card is issued to the Customer and card updated with the latest data. The data is obtained from the Customer account profile which is stored in the Central host / Back end system. Following types of cards will be issued within the system. Client provides the authorization for issuance of these cards: Agent Card To be issued to Customer service agents / operators of the BC

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD. End customer card to be issued to end Customers of the Bank SAM card for POT Devices stores the system keys and end Customer transactions

20

The card management system will cater all such card replacement requirement. A new card is issued to the Customer and card updated with the latest data. The data is obtained from the Customer account profile which is stored in the Central host / Back end system. Terminal Management System Terminal Device management is currently a CRM application that enables POT device installation, deinstallation and replacement at various sites (stationary and mobile). Terminal Devices are traced using the Terminal Device ID and MFI/BC parameters. Agent Management System Agent Management System is used for generating & managing Agent Codes, Terminal IDs, MFI / Merchant Codes. Apart from this, it also processes the PTLF files generated from switching systems so as to provide Transaction Files for the transactions settled by terminals deployed in field. Automatic Fingerprint Identification System (AFIS) (Bio-Deduplication) AFIS is primarily used for de-duping of customers based on their fingerprints. All 10 fingerprints of a newly enrolled customer are compared against the existing database of already enrolled customers. Suspects thrown by this system are sent for manual verification based on other demographic parameters.

Transaction Acquisition System

FIGURE: Transaction Acquisition system components

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

21

Interface Server

Agent Registration Module

Terminal Registration Module

Product / sub product Registration Module

Card / Terminal Upload Module

Terminal Terminal Profile Set up Initialization & configuration

Network Product / Switch Centre Management Transaction Transaction set Routing configuration

The transaction acquisition system comprises of two core components: 1. Interface server which is part of ASP set up within the transaction Acquisition system and handles core system functionality of managing remote back end updates sent to Point of Transaction Devices deployed in the field. There are three types of backend updates which can be pushed to terminals Financial (New account opening / Financial Transactions (Dr/Cr) / A/c blocking Dr freeze Cr freeze / Update in acc level parameters like change in sanctioned amount of loan etc.) Administrative (Change in customer level information like change in address / mapping code etc.) Hotlist

2. Switch which is responsible for transaction aggregation from field Devices and routing of back end updates coming from back end HOSTs (CBS and third party) to field Authentication Devices.

Customer & Transaction Data Management

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

22

It is the central repository of Customer data with corresponding Accounts & Transaction details. It has well-defined interfaces with various external systems. Data from Enrolment Stations get imported to this system and sent for Card Management System for personalizing & issuing cards. It also exchanges data with Transaction Acquisition System and carry out required processing / massaging before exchanging the same with Core Banking System. At present, system has interfaces defined for Flexcube, Finacle & BANCs for posting account & transactions data with corresponding banks CBS.

TECHNOLOGICAL DEVELOPMENTS FINOs efforts towards technology development in Financial Inclusion are ceaseless. FINO is working with various experts across the world to develop technological supports like Contact less cards, Money Deposit Machines (MDM), Mobile based systems, PC based systems. In the coming future, FINO is ready with resources to develop itself according to the Industry requirements and technological advancements. One of the technological research and development is going on in the field of Mobile Transaction terminal development. Brief description is attached in Annexure 3. Micro Deposit Machine (MDM): MDM has been designed in partnership with NCR (National Cash Register) to target the urban unbanked populace. The proof of concept (PoC) was conducted from 8th Oct to 2nd Nov 07 for around 500 customers of HCCS (Hindustan Cooperative Credit Society) at Jarimari and Thunga Gaon, Mumbai. TISS (Tata Institute of Social Science) did the survey to understand usability of MDM by the end customer. According to the report published by TISS, the response was very positive. The machine shall be piloted by Oct 2008 before final roll out.

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

23

ONGOING PROJECTS-PAN INDIA

Sr No

Name of the Client

Mandate

State
Maharasthra/ UP/ NewDelhi/ Chandigarh/MP/AP Gujarat Maharasthra/Tamil Nadu/West Bengal Rajasthan/ Chandigarh/HP Rajasthan/UP Punjab Goa/TamilNadu/Karnat aka Orissa/ AP/ Bihar/WB/Tamil Nadu West Bengal Rajasthan,Haryana Andhra Pradesh Himachal Pradesh

Product/Service

1 2 3 4 5 6 7 8 9 10 11 12

Union Bank of India Sewa Bank Indian Bank Punjab National Bank Bank of Baroda Oriental Bank of Commerce Corporation bank ICICI Bank United Bank of India ICICI Lombard ICICI Prudential LIC

>5 Lakhs < 5 Lakhs <5Lakhs >5 Lakhs <5lakhs <5lakhs <5Lakhs >5 Lakhs <5 Lakhs >5 Lakhs <5 Lakhs <5 Lakhs

Savings/ NREGA/LOAN CBS Implementation(Iflex) Savings

Savings Savings Savings Savings/NREGA Loan Savings Health Insurance Life Insurance Life Insurance(Group insurance)

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

24

ANNEXURE 1

FINO FINTECH Foundation

FINO FINTECH Foundation (F^3) is a Section 25 under the Indian Companies Act of 1956 has been incorporated in June 26th 2007. F^3 has been established to carry on the activity of promoting sustainable livelihoods for the rural poor and underserved classes by helping them becoming economically self-reliant, through the provision of Financial, and Insurance services and technical assistance in an integrated and sustainable manner. The activity of this Company is not for profit. F^3 is working with the partners of FINO to establish an end to end distribution platform thereby ensuring reach to Banks in those geographies and amongst that section of the population which has been considered as outreach. F^3 would achieve the above objective by partnering with organizations like Corporate, NGOs, standalone retail establishments, Government affiliated organizations like KVIC etc., Customer Service Centers established under the NeGP programme of the Department of IT. This list is only indicative and shall be enhanced under the guidance of FINO and its partners. Role of FINO FINTECH Foundation: Creation of Distribution framework Establish a distribution network either through its partners or its own across the country Use the network for customer solicitation for Banks Ensure proper branding and collaterals is displayed Ensure a pool of resources who would work in tandem to Banks to elucidate customers of the nuances of product and services offering of Banks Managing a training, and audit calendar with the Banks to ensure that the entire distribution network works in alignment with the overall mandates given by the Banks Ensure that the Banks have a touch point with end customer in the geographic location of choice

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD. Creation of an Operation framework

25

Leverage the distribution network established to enable customer solicitation Leverage the distribution network to enable transactions for withdrawal and deposits for the customers of Banks Leverage the distribution network for cash management for Banks

Method of operation: Identification of the locations where Banks would wish to commence the BC/BF activity Identification of the various components of the activity which encompasses the role of a BC Identification of joint and individual responsibilities between F^3, Banks Identification of locations to commence the initial dry runs Mapping of the locations of the desired BC locations to the Bank locations Training, audit, and reporting formats Identification common personnel between F^3 and Banks for escalations and other operational requirements Initiation of the dry run and benchmarking the performance

Why F^3?? A Pan India reach through its closely monitored and nurtured distribution network A choice of locations and distribution options to choose from A single point access to the entire distribution network, thereby ensuring that the Banks are able to ramp up quickly and focus on its core business A delivery point whose processes and technologies are open to audit Training and setting up the technology infrastructure for the BC with regards to the technology and the services offering being offered by the Bank Ensure a monthly visit to all the 50 BC locations

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD. Ensure availability of complete branding as per Bank requirements Be a first level of escalation for all the BC points to address issues

26

Ensure that BC comply with all the reporting requirements mandated by Banks Be a single point interface between the Banks and the BC network Identify training requirements and escalate the same to FINO and Banks Ensure that all issues related to cash management and reconciliation between local branches of Banks and the BC locations is handled as a first escalation and also a redressal point Ensure that all necessary technology infrastructure, and the logistics support is made available to the BC points to facilitate the transactions Ensure that the BC locations are suitably equipped through a process of training on a continuous basis to manage first level of technology, customer education and service issues Ready F^3 points for Bank to tap: Presently F^3 is working with multiple partners in different states. Please find below the existing network of FINO FINTECH Foundation:

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

27

ANNEXURE 2 Technical Parameters and System Architecture Security Model: The solution has been developed on a well-defined and robust security platform which ensures the end-toend security of financial data. Security mechanism adopted at different component levels are mentioned as under: The solution uses the 3DES symmetric cryptography with 112-bit effective keys All payment transactions are executed after secure trust is established between User Card & SAM(Security Access Module) as a result of successful mutual key authentication process The Terminal equipment as well as other workstations do not keep any secret information. Data integrity is ensured while uploading data from terminal to server Application components of the server software and workstations have complex access control system aimed for preventing: Un-authorized Access of applications Direct connection and usage of Database

FINO & its technology partners have put a stringent security policy in place while offering a solution on ASP model with shared resources. Data pertaining to different banks / entities resides in different logical partitions. The proposed solution will have various security controls viz a viz. Management controls Infrastructure controls External connectivity control Platform / OS controls

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD. Application controls

28

Management controls: Well defined process is in place in our Information security policy for the system. The customer data is accessible to authorized person only with proper authentication mechanism. PWC has completed an independent audit of the system (FINO components) for Union Bank of India. Our Transaction acquisition system & related components are ISO 9001:2000 certified by Bureau Veritas Certification and currently undergoing PCI DSS Compliance. Infrastructure control- Transaction Acquisition System Logically the network are segregated into three security zones External Zone - This zone consists of PGS network connected to internet cloud. DMZ / Server Farm Zone -This zone consists of Web Server with cold standby Web server in place. Internal Zone - This zone consists of Database servers and application servers only accessing the Web servers which is located at DMZ Established Firewall standards o o o o o o o o A formal process for approving and testing all external network changes to the firewall configuration Documented list of services/ports necessary for business Justification and documentation for any available protocols besides HTTP and SSL, SSH, and VPN Periodic review of firewall rule sets Build a firewall configuration that denies all traffic from un-trusted network/hosts, except for Web Protocols- HTTP(Port 80) and Secure Sockets Layer (SSL port 443) System Administration protocols( E.gs, Secure Shell (SSH) or Virtual Private Network 9VPN) Restricting inbound internet traffic to IP address within the DMZ( Ingress filters) Restricting inbound and outbound Internet traffic to Ports 80 and 443

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

29

All components are loaded and hosted separately. Our Transaction Acquisition solution has the industry standard high end firewall namely Juniper Network NetScreen-408 Advanced Model Firewall Appliance in active-active mode addressing the high availability. Net Screen delivers ICSA certified state full inspection firewall security and the highest level of data security (3DES IPSec/AAS encryption support).The Net Screen firewall compliances with the below Security certifications Common Criteria: EAL4 and EAL4+ FIPS 140-2: Level 2 ICSA Firewall and VPN

The Firewall appliance has restricted administrative network access level Firewall for enable the traffic to permit or deny based on access control deployment on the firewall. Detecting and protecting the network from attacks

The infrastructure for the FINO owned components is protected via. Fortigate 100A The Terminal equipment as well as other workstations do not keep any secret information. Application components of the server software and workstations have complex access control system aimed for preventing: Un-authorized Access of applications Direct connection and usage of Database

External controls: Routers/Switches deployed at our transaction acquisition centers are configured and security hardened to prevent the following general threats: o o o o Unauthorized access, Session hijacking, Rerouting, Masquerading,

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD. o o o Denial of service (DoS) Eavesdropping Information theft

30

The ISS Proventia IPS is configured to alert the following: o o Stateful Traffic Inspection IP Defragmentation and TCP Stream Reassembly, Detailed Protocol Analysis, Asymmetric Traffic Monitoring, Protocol Normalization, Advanced Evasion Protection, Forensic Data Collection, Protocol Tunneling, Protocol Discovery, Signature Detection User-Defined Signatures, Realtime Signature Updates, Anomaly Detection Statistical Anomaly, Protocol Anomaly, Application Anomaly, DoS Detection Threshold-Based Detection, Intrusion Prevention Stop Attacks in Progress in Real Time o Drop Attack Packets/Sessions, Initiate TCP Reset, ICMP Unreachable, Packet Logging, Encrypted Attack Protection Stops Encrypted Attacks in Real Time, Granular Security Policy Enforcement, High Availability Stateful Failover Centralized Syslog server continuously monitor for alerts received from Firewall and IDS system. Suspected incident are currently attended to as per the PCI standards. Application control: Standard user name and password are used for authentication. Actions like data upload, download, update / modification etc. are being logged and reviewed periodically by authorized operations team. Database control In the Transaction Acquiring and Processing system the SQL Server is configured to Monitor the specific probe constantly monitoring the internal performance and space allocation throughout the SQL Server database and feeds essential information based on pre-defined criteria to the Availability Manager for appropriate alert notification. An extensive range of pre-defined alerts are configured in SQL Server Monitoring Probe. Monitoring of SQL Servers address the following log monitoring: Server uptime Size of database Buffer cache-hit ratio

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD. Log-file cache-hit ratio Free log-file space Number of databases, active users, logged-in users, deadlocks per second etc. Database reads Database writes flush waits latch waits Full scans Transaction log growth Transaction log shrinking

31

System Components Enrollment Station Self contained mobile unit containing the below mentioned items to capture beneficiaries demographic details, digital images of photograph & fingerprints.

Laptop Web Camera Fingerprint Scanner Signature Pad Customized S/w application to capture details as desired by Bank

Smart Cards Contact microprocessor Smart Cards conforming to ISO 7816 standards with the following specification are being provided with: EEPROM of 64 KB with Java OS Protocol: T=0 & T=1 4/4 color offset/silk-screen printing with Unique Registration Number (URN) printed Applications on Smart Card.

using dye sublimation/laser process

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

32

The smart card will has 15 different pockets which can be used to enable the same no. of different products onto the card. Last 10 transactions for each product are stored on the card. Few applications are mentioned below:

Savings Account Loan NREGS SSPS Pension disbursement Wage disbursement Insurance

Other applications as required by SLBC can also be loaded on the card through backend application updates Hand Held Terminals EFT Sagem Bio930M The offline smart card terminals consist of the following features: 32-bit RISC ARM9 (200 MHz) microprocessor Built in security coprocessor Memory 32 Mb Flash + 8 Mb SDRAM [Optional : Extended SDCard Memory] EMV Smart card Reader Thermal printer SAM (Security Access Module) reader-2 Swipe card reader: Track I, II Optical Biometric Module Acquisition Time < 1 sec Recording < 256 bits NiMh batteries: averages 200 transactions per charge. Terminal Software.

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

33

The terminals application is a user-friendly menu-driven interface and can be used for all transactions with a user and is also used to authenticate the Smart Card holder using biometrics (fingerprint). Basic functionalities:

Recording all transactions Fingerprint 1-1 matching software Transfer agent for upload of data to PC/server Key matching software, using SAMs, to authenticate Smart Cards Batch download from PC/server to terminal Transactions for Savings, Insurance, recurring deposit, loan, fixed New applications that may be desired can be incorporated and loaded to

deposit and remittance applications

the terminals deployed on the field. Network Access Controller NAC services across the country using which terminals dials a local no. instead of STD to connect to the FINO central server for transfer of data. Local availability of NAC services ensures low operating costs to the last mile agent. Central Switch FINO uses ACIs Base24 Financial Switch as its transaction acquisition & switching system which is one of the widely use Financial Transaction Switch by banks in India and across the world. Data from the terminal are uploaded into the switch through the NAC. At the switch, the transactions are segregated based on the transaction type and host. The central switch also enables two way data exchange between the offline terminals and the backend client hosts. Personalization Bureau The smart card would be personalized at FINO personalization bureau or any 3rd party personalisation bureau. Data required for personalization would be generated by the Central card management system and provide to the personalization bureau. FINO uses state of the art high speed dye sublimation printers for personalization of both chip & fascia of smart cards in a single pass with a daily capacity of 5000 cards per day with a capacity to scale up if when required

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD. Disaster Recovery & Business Continuity Plan -

34

For the purpose of Disaster recovery and business continuity the Primary switch system (Transaction Acquisition System and related components) is connected to a DR Switch system over redundant Leased lines using TCP/IP. The DR System will take over the functions as a backup system in the event of the Primary system failure.

Periodic DR drills are carried out so as to ensure that plan is executed properly in case of any contingencies Business Continuity Plan for primarily identified cases like Card Failure, Device Failure, Loss of Transactions, Absence of Agents etc has been mentioned as under: Card failure o In case of card failure, customer may be allowed to do a transaction in the bank branch if it is so desired by the Bank

o Call for the same should be logged at FINO help-desk so that the same card can be
blocked and a new card can be re-issued with latest account balance o Its a business call by the bank whether agent should be allowed to conduct a transaction in such cases manually (controlled by process). If it is so then the same can be carried out as per the arrangement with BC and Bank and accordingly such transactions should be entered manually in the system based on transaction vouchers submitted by Agent Device Failure o o All the transactions performed in field are stored in POS memory as well as on SAM card. In case where POS memory crashes, transaction can be recovered from SAM If SAM is also not available then process of Manual Batch Posting is to be followed where in based on copy of charge slips kept with agents, transaction entries are done manually by the authorized person of MFI o As mentioned above, it is the business call of the Bank whether manual transactions should be allowed or not in case where device is not working Loss of Transactions o In case where transaction has been conducted on customer card but before it is settled with server, the data is lost (including charge-slips) then the same can be brought into notice by difference in Card account balance and Host account balance. Based on that, account balance re-conciliation can be carried out for that specific batch of transactions

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD. Absence of BC-Agent o o

35

Transactions can be carried out with any agent of the appointed BC. So if one agent is not available then customer can avail his services through other agents Transactions across BCs are also allowed in a system though the same is controlled by the parameter. So in case of Liability products (like Saving a/c) where all BCs share the GL account with the same Bank then inter-BC transactions also can be allowed

Business Continuity plan in case of Termination a. Customer-entity shall be entitled to intervene and take such appropriate measures like appoint another person to provide the Services or the possibility of bringing the outsourced activity back in-house in the event the performance of the Services by FINO are interrupted for any reasons whatsoever. FINO shall adhere to fair practice in performance of the Services. b. On termination of service, all the customer data/information residing/available with FINO in FINOs database/severs/records/technology platform(s) shall be migrated/ transferred to the customer-entitys designated servers/technology platform(s) to the satisfaction of customer c. FINO will develop and establish a robust framework for documenting, maintaining and testing business continuity and recovery procedures. FINO will periodically test such business continuity and recovery plan. Customer-entity shall be entitled to conduct joint testing and recovery exercise with FINO

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

36

ANNEXURE 3 Mobile Transaction Terminal This option will make Mobile phone to act as a Transaction Terminal like POS. It will allow customers to carry out transactions with Cards (contact / contactless) in offline mode. The necessary peripherals will be attached with the mobile over serial / blue tooth interface. Components: Hardware : Mobile phone (NFC for contactless cards), Bluetooth enabled BioScanner, Printer (& Smart Card Reader for contact cards)

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD. Software : Windows Mobile / J2ME platform Communication: GPRS / CDMA

37

Process: 1) Customer comes with a card* (contactless) for a Transaction. NFC phone establishes the trust with the card using SAM residing in a secure element of the phone memory 2) Customers fingerprint stored on the card gets verified with the help of BT enabled scanner 3) Agent enters the transaction details on screen which again gets verified by the customer and after successful verification, card details are updated, transaction is stored on Mobile phone & the receipt gets generated on BT enabled printer 4) Periodically data gets uploaded from phone to server *Note: Contact readers could be attached to Mobile over USB / BT interface so as to enable transactions with Contact Cards. Mobile Transaction Terminal for Collection: This can be used by agents specifically to collect loan repayments / deposits etc in card-less environment It will pull demand information from server and accordingly transactions will be carried out in field and the same will synched with server at day end / when connectivity is available

CONTACT DETAILS

Sl. No. 1 2

ITEM Name of Company Postal Address

DETAILS Financial Information Network and Operations Ltd. C-401, Business Square,

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

38

Andheri - Kurla Road, Andheri 3 4 Telephone/Mobile and Fax Number Contact Persons a) Rishi Gupta CFO & President (Sales Marketing) b) Tarun Agarwal Vice President ( Development) c) Annuradha Phougat Asst. Vice President( Development) d) Bidisha Sengupta Asst. Manager ( Development) (E), Mumbai-400093 (022) 40973466,Fax-02240973300 Details rishi.gupta@fino.co.in & (9870346661) tarun.agarwal@fino.co.in Business (9870606007) Annuradha.phougat@fino.co.in Business (9870606002) bidisha.sengupta@FINO.co.in Business (9870988751)

PRIVATE & CONFIDENTIAL

FINANCIAL INFORMATION NETWORK AND OPERATIONS LTD.

39

FINO is working for them...FINO is serving them & FINO is growing with them

PRIVATE & CONFIDENTIAL