The Centre has releasedaset of draft guidelines for digital wallet companies as part of its efforts to promote electronic payments while ensuring the security of transactions.
The Ministry of Electronics and Information Technology issued on Wednesday the draft Information Technology (Security of Prepaid Payment Instruments) Rules 2017 for public consultation, and will take suggestions until March 20.
The draft rules underline security parameters that digital wallet companies, such as Paytm, FreeCharge and Mobikwik, will have to follow.
They also stipulate standards for data protection and customer grievance redressal.
Every prepaid payment instrument (PPI), or digital wallet, has been asked to developasecurity policy based on the rules and standards set by the government.
“Every ePPI issuer shall review the security measures at least onceayear, and after any major security incident or breach or beforeamajor change to its infrastructure or procedures,” read the draft rules.
Besides, the rules also mandate that digital wallets identify and authenticate every customer at the time of issuance, and adopt twofactor authentication for transactions.
The government may by notification “exempt” digital wallets from requiring twofactor authentication in specific use cases.
The regulations could hurt wallet companies, as one of their biggest advantages over traditional credit and debit cards is the seamlessness of transactions in the absence of multiplefactor authentication.
However, like the Reserve Bank of India rules for exempting smallvalue card transactions from multiplefactor authentication, digital wallets could enjoy the same treatment.
Moreover, wallets will now have to disclose the kind of information they are collecting from customers and with whom they are sharing such information, and will be allowed to store it only foraperiod specified by the government.
This data will also have to be encrypted endtoend in order to safeguard customer data, especially financial data, such as bank balances.
“Every ePPI issuer shall adopt security measures to protect the security, confidentiality and integrity of the personal information…(and) shall contractually require merchants handling any authentication data to have security measures in place to protect such data,” the rules say.
While the draft rules have been long awaited by digital wallet companies, experts say the guidelines could put extra pressure on such firms which have so far enjoyedafree run.
If the final government rules are heavy handed, it could take away some of the advantage these firms have had over traditional banks.
The Ministry of Electronics and Information Technology issued on Wednesday the draft Information Technology (Security of Prepaid Payment Instruments) Rules 2017 for public consultation, and will take suggestions until March 20.
The draft rules underline security parameters that digital wallet companies, such as Paytm, FreeCharge and Mobikwik, will have to follow.
They also stipulate standards for data protection and customer grievance redressal.
Every prepaid payment instrument (PPI), or digital wallet, has been asked to developasecurity policy based on the rules and standards set by the government.
“Every ePPI issuer shall review the security measures at least onceayear, and after any major security incident or breach or beforeamajor change to its infrastructure or procedures,” read the draft rules.
Besides, the rules also mandate that digital wallets identify and authenticate every customer at the time of issuance, and adopt twofactor authentication for transactions.
The government may by notification “exempt” digital wallets from requiring twofactor authentication in specific use cases.
The regulations could hurt wallet companies, as one of their biggest advantages over traditional credit and debit cards is the seamlessness of transactions in the absence of multiplefactor authentication.
However, like the Reserve Bank of India rules for exempting smallvalue card transactions from multiplefactor authentication, digital wallets could enjoy the same treatment.
Moreover, wallets will now have to disclose the kind of information they are collecting from customers and with whom they are sharing such information, and will be allowed to store it only foraperiod specified by the government.
This data will also have to be encrypted endtoend in order to safeguard customer data, especially financial data, such as bank balances.
“Every ePPI issuer shall adopt security measures to protect the security, confidentiality and integrity of the personal information…(and) shall contractually require merchants handling any authentication data to have security measures in place to protect such data,” the rules say.
While the draft rules have been long awaited by digital wallet companies, experts say the guidelines could put extra pressure on such firms which have so far enjoyedafree run.
If the final government rules are heavy handed, it could take away some of the advantage these firms have had over traditional banks.
Business Standard N ew Delhi,10th March 2017
Comments
Post a Comment