Laxity at one payments provider affects others: Paytm

NEW DELHI , April 30, 2018 07:02 IST

Updated: April 30, 2018 08:18 IST

‘Every system must comply with Reserve Bank rules’

Paytm has said that no payment system should be allowed to roll out services unless they comply with the regulations.

The firm cited the recent RBI guideline, which mandates payment systems operators to store data in India, as being key to make the digital payments ecosystem more secure. “Every payment system, app and payments platform starting now must be compliant of this regulation. No one should be allowed to commercially launch service unless their systems are clearly only and only in India,” said Kiran Vasireddy, COO, One97 Communications, which operates the Paytm brand.

Earlier this month, the RBI had said that all system providers should ensure that all data relating to payment systems operated by them were stored in servers located only in India.

“Data localisation is critical for the security of India’s payment systems. It should be implemented before beginning operations by any entity entering into the payments space and not left to be addressed afterward,” he added.

The comments come at a time when Facebook-owned Whatsapp — which has about 200 million users in the country — is readying for a commercial roll of its payment services. Other tech giants such as Google and Truecaller already provide payments service.

In February, One97 Communications founder Vijay Shekhar Sharma had alleged that WhatsApp’s UPI payment platform had security risks for consumers and was not in compliance with the guidelines.

Potential implications

Mr. Vasireddy pointed out that the payments network is interconnected and interoperable. “Hence, a breach by any player who is not complying carries potential implications on all other players who have complied with the guidelines.”

He further added that when the data is processed and stored in multiple geographies, there’s a lack of clarity as to which country’s data laws will be applicable to it. “With increasing adoption of digital payments and reliance on electronic banking ecosystem, India must have a data localisation mandate to avoid data pilferage. Processing of data should also be in India as processing necessarily maintains a local cache and that is a risk,” Mr. Vasireddy said.