…Framework, efforts, policy interventions, investment & awareness for earning trust of citizens
Cashless India initiative was launched with a view to transform India into a cashless economy. As a part of this initiative, the Government of India has launched various innovative technologies such as Unified Payments Interface (UPI), Aadhaar Enabled Payments System (AEPS), Aadhaar Payments Bridge System (APBS), USSD Banking through UPI, etc. It has also given a boost to private players and enabled the launch of several digital payments solutions such as mobile wallets, micro ATMS, banks prepaid cards, etc.
The entire digital payments ecosystem has proved to be a significant enabler of a cashless economy. For example, as per the statistics listed on NPCI website, in the span of one year, the UPI platform has seen remarkable adoption. As of March 2017, 44 banks were live on the system and approximately 17 million transactions worth 6,800 crores INR have been performed via various Payments Service Providers (PSP) platforms.
Payment systems, such as UPI, Micro ATMs, have notably simplified the process of performing digital transactions. They enable users to make payments (push), collect payments (pull) and transfer money, in one click and without exposing sensitive data, such as bank account number, to third parties. Mobile wallets have also played a key role in simplifying the process of making and accepting payments. Today, most vendors can accept payments via QR Code scanning. However, such simplification is often accompanied by various security and privacy concerns on part of both, users and participating organizations.
The recent fraud, in one of the India’s leading public sector banks, is a case in point. As reported by Mint, the fraud was made possible due to a bug in the bank’s UPI enabled app that allowed people to send money without having necessary funds in their account. It caused a loss of 25 crore INR to the said bank. In another major incident, which happened last year, as reported by The Indian Express, the details of 3.2 million debit cards were stolen causing a loss of 1.3 crores INR. Such incidents have sparked a raging debate on the security of digital payments ecosystems. One of the major concerns is whether or not, banks have implemented adequate security measures for the protection of their infrastructure and customer’s data and money.
Data privacy is another much debated issue when it comes to digital payments ecosystem. In a recent incident, the Unique Identification Authority of India (UIDAI) filed an FIR against a major private sector bank for allegedly storing biometrics and using them in an unauthorised manner. The concern over privacy escalates when biometrics are involved. Given that India still lacks a comprehensive data privacy legislation, there is little recourse for the users whose information ends up getting leaked in this manner.
In order to address these security and privacy concerns, there are guidelines available, from the government as well as industry bodies. The Reserve Bank of India (RBI) had published a detailed set of guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds. Recently, the Ministry of Electronics and Information Technology (MeitY) published a draft titled ‘Security of Prepaid Payment Instrument Rules 2017’. It laid out information security requirements that Prepaid Payment Instrument (PPI) providers would be required to follow. RBI has also issued a draft on Master Directions on Issuance and Operation of PPIs that includes information security requirements for them.
Apart from government issued guidelines and rules, there are several industry standards such as PCI DSS, ISO 27001:2013, DSCI Data Security Framework, DSCI Data Privacy Framework, etc., which payment service providers can implement for robust security and privacy of their infrastructure.