Moneyone Products

FinSec AA Solutions Pvt Ltd, 100% owned by FinTech Products and Solutions India Pvt Ltd, is India’s first NBFC-AA licensee of RBI. It has a brand Onemoney that offers Account Aggregations (AA) solutions through an Android mobile app and a responsive web application. These Apps enable us to perform a one-time registration, link financial accounts in banks, asset management, insurance and stockbroking companies, and pension funds for real-time consent-based data sharing in a secure, regulatory/legally compliant manner. Onemoney is a consent management platform and helps customers manage their consents throughout the consent lifecycle.

Fintech Products and Solutions India Pvt Ltd has a brand Moneyone with two products. FinPro for FIUs (Financial Information Users) and FinShare for FIPs (Financial Information Providers), enable Data Governance, support the AA Ecosystem, are independently offered by FinTech. They enable organizations to offer to their customer’s Security and Privacy for their data.  They help organizations quickly onboard onto the AA Ecosystem, take advantage of the benefits of AA, as FIUs and FIPs.

FinShare and FinPro provide a comprehensive offering, including Data Access to the licensed AAs, Data Governance focused on AA regulation by RBI and the proposed Personal Data Protection Bill, and Data Analytics for the derivation of insights from bank statements. 

An FIU Server compliant with RBI’s Account Aggregator Technical Standards

It is a Data Governance and Value Management platform for Financial Information Users (FIUs). It includes

The FIU server and data governance features include the following:

Moneyone FinShare is an API gateway for FIPs.

Dive through the proposed MPP journey.

MPP (Moneyone Partners Program) product facilitates gathering financial, credit bureau, telecom and other data from different sources, deliver directly to the device of the consumer.  Then enable the consumer share the data directly from her device with enterprises securely.
The data storage and share are always enabled from the user’s mobile device only.

MPP product consists of different services to support the consent management, data retrieval and sharing.

MPP is a data governance platform (owned by Fintech Products and Solutions India Pvt. Ltd. the parent company of Onemoney) that facilitates secure sharing of data by a user who has access to her own data. The user might have received her own data either through the AA framework, delivered to her own device, or by other means such as downloading from a custodian of her data, e.g., a bank, Digilocker etc. After the user gains control and access to her own data, MPP empowers the user with the ability to share such data with partner enterprises of her choice. Such data sharing is done privately by the user directly from her device with her chosen enterprise and does not involve usage of the Account Aggregator network.

MPP also integrates with multiple other data and information service providers to fetch customer’s data which is outside the ambit of AA framework. Examples of such data include credit scores and reports from credit bureaus, and telecom data from service providers. For getting user’s data from each such information provider a separate consent will be sought from the user. The consent structure will be according to the respective information service provider’s consent framework. Such data will be fetched by MPP from the respective information service providers based on explicit user consent and will be shared to the user’s device where the data will be stored in an encrypted manner in a folder created by MPP. MPP will take approval from customer to create a folder where the data from credit bureaus, telecom operators and other data custodians will be stored. MPP will also take approval from customer to inform the location where the downloaded data will be stored to the customer’s partner and to encrypt the data with a private key whose access will be only with his partner. The customer’s partner will pick up the data from the location once the data is made available in that location.

This is a feature enabled on Onemoney’s mobile application, installed by the user on her device only. MPP data governance platform enables stringent security and privacy guidelines to be implemented to facilitate such private sharing of data by the user. Specifically, MPP implements the concept of “consent” as a basis for the interaction between a user/consumer and the partner enterprise. Although law and regulation presently do not mandate security and privacy provisions to be applied to private sharing of data by the principal/user/consumer of the data, MPP platform proactively implements both the RBI-defined AA framework and the proposed Personal Data Protection Bill 2019.

This facility is structured as the Onemoney – MPP “Moneyone Partners Program” (MPP) and is currently exclusively available to Onemoney AA users. The phrase “Moneyone Partners” refers to partner enterprises chosen by the user/consumer, to share her data with.

The MPP (Moneyone Partners Program) facility involves three steps:

Through the Onemoney AA mobile application, a consumer can request access to her own data. The Onemoney AA mobile application gets “consent” from the consumer to fetch, deliver to the consumer’s device, decrypt and make usable data available to the consumer on her device. The periodicity, validity, and data life of all such data requests is governed by the “consent” artefact that the consumer approves and provides to the Onemoney AA mobile application. All decryption of data is always done on the device that the app is installed on. No decryption of data is done on Onemoney servers, in accordance with RBI guidelines.

Through the Onemoney AA mobile application, the consumer is then able to save her data directly onto her device, into a folder of her choice.

Through the MPP SDK (embedded either into the Onemoney AA mobile application or into an enterprise’s mobile application), the consumer assigns various conditions of consent (purpose, data life, etc.), governing the partner enterprise’s access to the data saved onto her device. The consumer assigns necessary permissions for the data on her device to be encrypted by using the private key of the partner enterprise and automatically accessed by the latter.

User journeys for the above could start either from a partner enterprise’s mobile applications or from Onemoney’s mobile application. In either case, the systems involved will be the following:

Note: The “Private Data Share” feature involves decryption and encryption of data and secure storage of key material, required for the decryption. Such security features can only be implemented through a mobile application and not through a web application. The Onemoney Private Sharing SDK is therefore a mobile- only SDK.

The user journeys involving these three systems could involve any of the following personas: The term “enterprise” below describes the enterprise interested in getting access to the user’s data in order to offer a tailored service.

Data Privacy is enforced through two mechanisms:

Important Note: This consent artefact represents consent given directly by the user to the enterprise, is outside the AA framework. It is independent of, and separate from, the consent artefact governing the interaction between the user and Onemoney mobile application.