Digital payments have soared for the duration of the pandemic, along with the advancement of technologies. Such developments, nonetheless, also carry a threat of fraud and other safety issues. When it comes to digital payments, RBI follows the ‘safe, secure, simple and fast’ mantra to facilitate the development of a sturdy and vibrant payments sector ecosystem. Especially with more and more Indians going on the internet and working with digital payments as the main suggests for effecting transactions, fraud and safety have turn out to be a paramount concern.
The RBI has taken quite a few actions to mitigate these types of dangers. Recently the RBI has even brought in regulations to verify these threats and make the payment atmosphere secure for consumers. On 7th September 2021, the RBI issued a circular, saying, “With effect from January 1, 2022, no entity in the card transaction or payment chain, other than the card issuers and/or card networks, will be able to store the actual card data. Any such data stored previously will be purged.”
Additionally, “for transaction tracking or reconciliation purposes, entities can store limited data such as last four digits of the actual card number and card issuer’s name – in compliance with the applicable standards,” stated RBI.
Tokenisation – card transactions have been initially restricted to mobile phones and tablets, this facility was subsequently extended to laptops, desktops, wearables (wristwatches, bands), Internet of Things (IoT) devices, and so forth.
Tokenization is when an anonymised set of characters are employed against the original payment credential of any card. Instead of an actual card quantity, an irreversible token reference is employed, working with an sophisticated algorithm with a matching expiry date, which becomes really hard to crack.
However, some authorities think one of the suggests of restricting storing card-on-file, which successfully prohibits merchants and payment aggregators to shop card particulars of consumers beginning December 31, 2021, possibly excessive and disproportionate to these objectives.
In a webinar organized by the Confederation of Indian Industries (CII) in association with the Society of Indian Law Firms (SILF) on Future of Digital Payments – Regulation, Consumer Interest and Innovation, several authorities shed some light on the matter. Some of India’s distinguished legal authorities felt that when these entities are currently compliant with the globally accepted common for safety and have received consent from the consumers, they really should be permitted to shop such information.
Justice (Retd.) A. K. Sikri, Supreme Court, observed that when there is a require to tackle the challenge of frauds (which nonetheless can’t be eliminated), restrictions really should be ‘reasonable’ and will have to serve a genuine state aim. He added, “there is already a regime in play due to the globally accepted PCI-DSS standards. Merchants’ fundamental right of carrying out business should be minimized, and regulations must be in line with the doctrine of proportionality and doctrine of necessity.”
Gulshan Rai, Former National Cyber Security Coordinator, Government of India in the Office of Prime Minister, stated that the entire (stated) goal of safety of the consumer’s information is not going to be solved by this regulation and that wider discussion desires to be held. “Convenience of the consumer must be held in paramount importance. We must find a solution balancing the four principles of safety, simplicity, security and speed (for overall convenience). Integrity, authenticity, non-repudiation and security of data and assets are paramount,” stated Rai.
He additional added that no method is one hundred per cent safe, and questioned the require to more than modify and convolute items, saying, “when you implement PCI DSS standards and the best practices are followed, fraud gets minimized. These are the international, global, uniform standards. We must not devise our own way.”
K. V. Viswanathan, Senior Advocate, Supreme Court stated “Prohibiting merchants from keeping card data on file was not thought of during the discussion stage. Seeking payment authentication every time would drive away from the consumer.” He additional stated, “EMI and other recurring payments would take a hit, and the current regulation would therefore not serve any real purpose. On the contrary, it would go against the Digital India vision of the Prime Minister of India.” Lastly, he highlighted that the goal of the regulations seems to be controlling information storage, not safety, which is currently covered by the Personal Data Protection Bill.
Amol Kulkarni, Director (Research), CUTS International, emphasized the require for consumers to be consulted for the duration of the policymaking procedure. He pointed out that today 72 per cent of low-earnings customers have no access to digital payments as but. He observed that buyers require to be at the pivot of regulations, and regulation will have to guarantee that the possible unintended consequence of digital exclusion for buyers across earnings groups is avoided.
Industry authorities say the digital payments market place in India is probably to develop to more than 300 per cent of its present size, to Rs 7,092 trillion by 2025, on the back of several positive initiatives like Digital India and the Digidhan Mission, along with the expanding digitization of merchants. This will be accelerated by the truth that on one of a kind mobile payment customers, India has currently recorded the highest fintech adoption price in the world at 87 per cent, beating the international typical by a complete 20 per cent points.
However, authorities say it is essential, that the ecosystem of several payments instruments in the nation, along with larger adoption of digital payment approaches for recurring use instances, continue to develop.