9-Mar-2017: Centre issues draft rules on e-wallet payments

The Centre has issued draft rules to ensure integrity, security and confidentiality of electronic payments made through prepaid payment instruments (PPIs), popularly called e-wallets. The draft rules, on which the Ministry of Electronics and Information Technology has sought public comments, make it mandatory for e-PPI (electronic pre-payment instrument) issuers to develop an information security policy that ensures that the systems operated by them are secure.

The Information Technology (Security of Prepaid Instruments) Rules, 2017, define an e-PPI issuer as a “person operating a payment system issuing prepaid payment instruments to individuals/organisations” under the aegis of Reserve Bank of India.

The Rules mandate that each Prepaid Payment Instruments (PPI) company or wallet firm will have a privacy policy posted on its website. The policy should include details such as consumer information collected, its uses, period of retention of information, purposes for which information can be disclosed and to whom especially with law enforcement agencies. It should also have details on security practices and procedures, name and contact details of the grievance redressal officer along with mechanism for grievance redressal.

It will also have to appoint a chief grievance officer, the contact details of whom will have to be prominently displayed on the website. The grievance officer will have to “act upon” any complaint within 36 hours and “close” it in a month’s time.

The draft also mandate that companies have enough safeguards in place to avoid any hacking attacks and if there is one, it is to be swiftly reported to the government agencies.

The guidelines say that the personal information of the customers will be treated under Section 72A of the Information Technology Act, and the financial data of the customer shall be deemed to be sensitive personal data under the “Information Technology (Reasonable Security Practices and Procedures and Sensitive.

Every wallet has to ensure that end-to-end encryption is applied to safeguard the data exchanged and shall retain data relating to electronic payments only till necessary.

The guideline also mandate that CERT-In (Indian Computer Emergency Response Team) shall notify the categories of incidents and breaches that are required to be reported to it mandatorily. CERT-In may require e-PPI issuers to notify customers of cyber security incidents or breaches if the incident or breach is likely to result in harm to the customers.

22-Feb-2017: Bharat QR Code , BHIM and many more Apps for digital payment

Well before the November 9 demonetisation of high denomination notes, banks in sync with the Reserve Bank of India had been working on development of different technology- based solutions for electronic transfer of money. There were already systems available in the banks through which one could transfer funds from one bank or branch to the other, in a matter of a few hours.

That itself was a good facility replacing quite fast the age-old money transfer through cheques which had to be, first received by the beneficiary, then deposited in the branch, sent for clearing before the funds get transferred in the designated account. It is not that the cheques have gone altogether; but their usage is dropping rapidly.

All these measures were underway even before November 9, but the sense of urgency was a missing link. Besides, different payment networks did not seem to be in perfect coordination while electronic payments for the sale of merchandise and services were restricted to credit or debit cards used either through lap tops or the limited point of sale (POS) machines available with the traders or the service providers. There was no sense of urgency, because there was no tearing necessity.  

But the withdrawal of Rs 500 and Rs 1000 notes, accounting for 85 per cent of the currency value in circulation brought in a sheer necessity for an effective and urgent alternative to cash.

The fact that Prime Minister Mr Narendra Modi made a commitment about making Indian society less cash dependent in his drive to clean up the economy from the scourge of black money and corruption, put the entire regulatory, operational and policy- making machinery into top gear with the result that within four months, not one but several e-payment options have been developed, tested and launched. They can all be used through the low cost smart phones. The best thing about these Apps is that they are targeted largely at the excluded strata and would be catalytic in the world’s biggest financial inclusion programme.

After the launch of BHIM – App, the latest is Bharat QR Code which works on the model of Paytm wherein the customer scans the QR code of the merchandise and then transfers the money from his/her wallet.  The only difference with Bharat QR Code is that just as BHIM, the customers at the merchandise point does not have to create and then draw money from the wallet. The funds are directly transferred from the customer’s account and transferred instantly to that of the merchant or service provider. Unlike credit or debit cards used at the points of sales, there are no charges involved. There is an ease of using App with no cost. As far as the integrity and safety of the system is concerned, the RBI is giving assurance about it.

“Our systems are not only comparable to any system anywhere in the world, our systems also do set standards and good practices for the world to follow. We remain vigilant for ensuring safety and soundness of the payment systems and are committed to customer safety and convenience," according to Mr. R Gandhi, Deputy Governor of the RBI.

What makes the Bharat QR Code unique in the world is low cost, interoperability and an excellent collaborative approach by the payment networks like MasterCard, Visa, National Payment Corporation of India and American Express, which are otherwise fierce competitors.  “India is setting yet another standard in the payment arena for others to adopt,” Mr Gandhi said with a sense of pride at the launch of the new App in Mumbai, on February 20, 2017.

There is a lot more that the RBI is embarking upon for making India a less-cash society. Under the Vision-2018, it is working on a multi-pronged strategy for an effective regulation, robust infrastructure, supervision and customer centric payment architecture that meets the strict requirements of cyber security.  

The government had constituted a Committee under the Chairmanship of Mr. Ratan Watal, Principal Adviser, NITI Ayog, to suggest measures for encouraging digital payments.  Having examined the regulatory and legislative framework, the Watal Committee recommended that the Payment and Settlement Systems Act 2007 be amended for a better regulatory governance, competition and innovation, consumer protection, open access, data protection and security, and penalties for offences. Accepting these recommendations, the legislative changes have been brought in the Finance Bill of 2017.  

On its part, the NPCI which has been giving big cash awards for use of digital transactions, has so far disbursed over Rs 153 crore to nearly 10 lakh consumers and merchants through Lucky Grahak Yojana and Digi Dhan Vyapar Yojana.  These schemes are meant to make digital payments a mass movement. The response through the incentives has been pretty good with Maharashtra, Tamil Nadu, Uttar Pradesh, Andhra Pradesh and Delhi emerging as trend-setters. There has been a good response to the initiative from all sections and age groups. The only challenge would be to ensure that the same enthusiasm is retained after the economy is fully remonetised in the next few weeks. The digital drive must reach its logical end.