Concept of Draft Rules on e-Wallet Payments Method

Concept of Draft Rules on e-Wallet Payments Method

Essential for All Upcoming Bank Exams

Information:

Draft Information Technology Rules 2017 has issued by the Ministry of Electronics and Information Technology (MEITY) to Prepaid Payment Instruments (PPI) company or e wallet firms. It is a Security of Prepaid Payment Instruments. This rules seek to ensure confidentiality, integrity, security of electronic payments made through Prepaid Payment Instruments. This rule is for protecting consumer information, especially financial data.

Under Provisions of IT Act 2000, the MeitY has prepared the draft rules for security of Prepaid Payment Instruments (PPIs). 

The regulations mentions various security parameters that digital wallet companies will have to follow as well as specifies the standards for data protection. 

The need to develop a framework for security of various PPIs like mobile wallets, smart cards and paper vouchers operating in the country was felt with the increased government’s effort to promote cashless economy and boost various digital payment systems. 

Aim: 

• To ensure confidentiality, adequate integrity, security of electronic payments made via digital wallet. 
• Strengthen the grievance redressed mechanism for consumers. 
• Government has also sought feedback from various stakeholders. The draft is open for public consultation and will close on 20th March, 2017. 

Security of Prepaid Payment Instruments Rules 2017: 

• The Rules command that each Prepaid Payment Instruments (PPI) company or wallet firm will have in place. 
• A chief grievance officer will also have to appoint whose contact details will have to be displayed on the website. 
• Within 36 hours the grievance officer will be required to address any complaint and close it in a month’s time. 
• Companies should also have enough technological safeguards to avoid any hacking attacks of their platform and in case of any such event, it is to be swiftly reported to the government agencies like CERT-In. 
• Due perseverance procedures the draft regulation also reference that the e-PPI issuers should also follow enough and identification of users prior to on boarding them on their respective platforms. 
• The security policies should also be reviewed once a year by the firms and in case of any breach, the company will have to revamp its policies. 
• The companies will also have to adopt a two- factor authentication process for transactions. From requiring two-factor authentication the government may by notification exempt digital wallets in specific use cases. 
• The wallets companies will now also have to publish the information they are collecting from customers and with whom they are sharing such information and will be allowed to store it only for a period specified by the government. 
• This instruction also mandate that Indian Computer Emergency Response Team (CERT-In) shall notify the categories of incidents and breaches that are required to be reported to it. 
• Under Section 72A the personal information of the customers will be treated of the Information Technology Act. 
• The financial data of the customer under the Information Technology Rules, 2011. 

Some of the Digital Wallet Companies in India: 

PayTM, Momoe, PayUMoney, MobiKwik, State Bank Buddy, Citi MasterPass, ICICI Pockets, HDFC Chillr, LIME