Federal Bank has integrated its Digital Platforms with the Employees' Provident Fund Organisation (EPFO). With this new facility, Federal Bank customers can conveniently and securely make EPFO payments through the Bank’s Net Banking platform.
The bank already has similar integrations with the Central Board of Direct Taxes (CBDT), Central Board of Indirect Taxes and Customs (CBIC), and Bharat Kosh portal. Now it is also live with EPFO. The Employees' State Insurance Corporation (ESIC) integration is also underway.
The facility was launched at a special ceremony held in New Delhi. Amongst the attendees were Brij Mohan Singh, Regional P.F. Commissioner – I (Banking), Ajay Krishna Paliwal, Regional P.F Commissioner – II (Banking), and Kapil Anand, EPFO official. Federal Bank was represented by Anoop T, Senior Vice President & Country Head of the Government and Institutional Business Department.
PF Payments via FedOne to be Launched Soon
The payments are currently enabled only for customers other than the enterprise, said Anoop T, speaking exclusively with FE FUTECH, “As of now, for EPFO, we are offering payments only through net banking. There is also an option for FedOne (Federal Bank’s corporate internet banking platform). We are not live on that platform yet, but we will go live by the end of May. Once both these channels are operational, we will be covering almost 100% of our customers.”
With respect to auditability and traceability, “all user logins and logs are stored in our database. Details such as who logged in, from which system, and from which IP address are all maintained as part of our audit trails,” said Anoop.
Tackling Security Risks Around API
Across the financial services industry, API-led integrations have raised concerns around credential misuse. There have been multiple events involving credentials being stolen, unauthorized access, and data leakage risks. So, Federal Bank has adhered to the necessary guidelines in this regard. “We follow a very stringent and comprehensive security framework for API governance standards. This includes IP address whitelisting and mutual TLS protocols. These are coupled with API credentials such as user IDs, passwords, client IDs, and client secrets. In addition, we follow practices such as rate limiting and velocity checks so that no entity can make an unlimited number of API calls to our systems. These are supported by encryption mechanisms such as TLS protocols.
Apart from this, we actively ensure that periodic VAPTs (Vulnerability Assessment and Penetration Tests) are conducted for our middleware and net banking systems. We also manage the complete API lifecycle, including the decommissioning of unused or unwanted APIs. This entire framework is aligned with RBI guidelines.”
As for vendors, there were none involved. The entire integration was done in-house.
"True to our motto, ‘Digital at the Fore, Human at the Core,’ Federal Bank remains steadfast in its commitment to customers by introducing convenient, need-of-the-hour facilities. These initiatives not only enhance customer experience but also enable seamless engagement with government establishments, thereby supporting the government’s collection mechanism," said Harsh Dugar, Executive Director of Federal Bank.
