WhatsApp says it may share your payment data with Facebook

At a time when the controversy around Facebook's data leakage is nowhere near closure, WhatsApp has said it shares its payments information with third-party service providers including Facebook, a report in Mint stated.

"We share information with third-party providers and services to help us operate and improve payments. To send payment instructions to PSPs (payment service providers). Maintain your transaction history, provide customer support and keep our services safe and secure, including to detect, prevent, or otherwise address fraud, safety, security, abuse or other misconduct, we share information we collect under this payments privacy policy with third-party service providers including Facebook," WhatsApp, which recently entered into the payments domain in India, says in its legal info page.

According to WhatsApp, the company shares data such as mobile phone number, registration information, device identifiers and payment amount, among others.

WhatsApp didn't immediately respond to an email query.

The development takes place a few days after the Reserve Bank of India (RBI) released guidelines asking all payment system operators to ensure that data is stored only within the country, and comply with the order by October 15, 2018, stressing upon the importance of these data.

According to National Payments Corporation of India (NPCI), no payments service provider is allowed to share data with any other third party unless "mandated by applicable law or required to be produced before a regulatory/statutory authority".

"In such exceptional cases wherein data/information is required to be shared under applicable law or required to be produced before a regulatory/statutory authority and to the extent permitted under such law/by such regulatory/statutory authority, the PSP shall provide a prior written intimation to NPCI and bank of such disclosure," says an NPCI's circular.

Sharing of personal data such as mobile number, bank account details, number and amount of transactions being done with third parties by payments firms can shoot up the rate of phishing attacks in India significantly.

"So far these hackers have been getting passive data about banking customers from random sources. If payment firms start sharing data with third party companies then it will help the hackers pin point that user with every minute detail required," said an industry expert requesting anonymity.

"In case of payments firms, it also exposes a user's financial capability to other advertisers," the person added.

While rival Paytm states that it doesn't sells or rents a user's personal information to any third party, it stresses that it will have to do so in case there's a "legally compliant request for its disclosure".

"We reserve the right to communicate your personal information to any third party that makes a legally-compliant request for its disclosure," Paytm says in its privacy policy.

Whatsapp made its entry into the digital payments space in India earlier this year.