Social Commerce

When two people transact business in an informal social setting its Social Commerce; it have been in place ever since stone ages. However, after the Web 2.0 revolution, where content was democratized, the next logical step is to transact over social networking sites. 

Ebay has been in existence for a long time now, and so is Paypal where you can pay anyone and not just registered merchants. Next level of social commerce will be played out in Facebook and Google+ .    

The core of commerce is the ability to pay. Today, if you negotiate a deal with through the social network chat, messaging, posts or even email you can pay through multiple channels. Easiest being Paypal, followed by Visa card to card payment, then there are inter-bank transfers RTGS, NEFT and IMPS.  And, then there are mobile wallets...

But what if you could "friend" your wallet? and interact with it just like you chat with a friend? 

Most of the high ARPU (Avarage Revenue Per User) customer of a Telco, use multiple screens to access the Internet, like smart phone, tablet, laptops and desk tops. Ability to interact with mobile wallet through social networking channels, eliminates the need to install special application on your devices.

But what about security? Most of the social network use XMPP protocol, which is highly secured and also works over SSL (Secured Socket Layer).

Show Me The Code 

Linus once said "Talk is cheap. Show me the code", I agree with him. So, I wrote a proof-of-concept to connect a mobile wallet to a XMPP enabled social network chat. I have tried it on Facebook and Google Talk.
I will put it out in open source after a while.

Though the code works for both Google and Facebook, and should work for other XMPP chats as well, but for the demonstration, I have chosen Facebook, because most Telcos prefer Facebook presence for their branding connect, see AircelVodafone and Airtel for example.

How Does it Work?

A mobile wallet provider creates a Facebook account and connects the XMPP Bot from behind the corporate firewall. 

For Proof of Concept (PoC), I have created a Facebook ID called Gana Pay. Gana literally means "The Counted" in Sanskrit and often used as a phrase "Jana Gana" for representing the Citizens. The Indian National Anthem starts with this phrase. 


The customer, that is the wallet holder, "friends" the wallet service provider. The next step is to link your mobile with your Facebook account. Though Facebook has a mobile number verification process, but the mobile wallet provider would have its own KYC (Know Your Customer) process. One way could be to fill an online request form and getting a onetime KYC PIN code and then connecting the code with her Facebook ID.
 For the PoC (Proof-of-concept), the admin generates a KYC PIN and conveys out of band, via SMS or email to the mobile wallet customer.

Gana Pay ADMIN KYC Registration

 For the PoC, I am the Admin, and I transact as well, this will not be permitted in actual conditions for Fraud Management concerns.

After receiving the KYC out of band, the customer registers her Mobile Wallet, using the REGISTER command.
You might have noticed, from the above screen-shot, that Facebook chat id is different from the Facebook user id.


In order to transact, the user needs to cash-in. This can be done at one of the outlets or online bill payment sites like Billdesk. For PoC, the Admin loads the wallet.

After the wallet is loaded, the user can now ready to transact. Say, I have got Rs. 200 in my wallet and I wish to transfer Rs. 100 to my wife.
I will generate an One Time Password (OTP) for the maximum amount. 
OTP is a "Pull" transfer mechanism. I, the wallet owner, generate an OTP and send to the person whom I want to transfer money. That is, the payer generates OTP of the maximum amount and sends it to the payee.
For an OTP of Rs. 100, the Payee can draw up to Rs 100.

The payers sends a message "OTP 100" to the Wallet.

The screen-shot shows that an OTP is generated and the full command that the Payee needs to send is also displayed. The Payer cuts it and pastes the message into the Payee's chat box.
The Payee then sends the CASH message to the Wallet, as shown below. The Pull Payment ensures that you do not mistakenly push the payment to a wrong account.

The command is "CASH <amount> <Payer's Mobile> <MMID> <OTP>"  , MMID (Mobile Money Identifier) is a 7 digit number, issued by NPCI. NPCI uses 4 of the 7 digit for routing and the rest three digit wrests with the Bank, the bank can thus assign 999 ledgers/wallets/accounts to a mobile number. A mobile wallet provider can get a MMID assigned from the Bank, if they opt for a BC (Business Correspondent) model.
RBI Semi-closed pre-paid payment instrument is non-inter-operable and neither does it allow cash-out nor peer-to-peer transfers. Thus the BC model is what the operators should go for. 

Even after generating OTP the payer's balance is not deducted. The OTP is valid for a single transaction within 24 hours of its issue.

The Payee after receiving the OTP from the Payer issues the pull CASH command to the wallet.

 The Payee receives the cash. And the Payer receives an intimation.

The transaction is completed.