The ministry of electronics and IT is learnt to have asked National Payment Corporation of India (NPCI) to check if WhatsApp payments service conforms with the RBI rules and data security of customers before the mobile messenger app scales up its services.
The Reserve Bank of India on April 5, 2018 had said that all payment system operators will have to ensure that data related to payments is stored only in India and firms would have six months to comply with it.
The source said that WhatsApp has permission to run the beta-version of the payments service for up to 10 lakh subscribers and NPCI has been asked to check all compliances before the US-based messaging app scales up its services.
"There are also issues around two-factor authentication during the time of transaction. MeitY has asked NPCI to check compliance of WhatsApp on security of the transactions as well," the source said.
Another source said that Meity has concerns around WhatsApp sharing data with Facebook in the wake of recent data breach issue of the social media major with the UK-based political consulting firm Cambridge Analytica.
When reached for comment, WhatsApp said that payments data is used to enable transactions, protect people from abuse and fraud, and offer customer support.
"The data is stored securely, and sensitive user data such as the last 6-digits of a debit card and UPI PIN is not stored at all," WhatsApp said.
The mobile messaging firm admitted using of Facebook's infrastructure for the service and added that its parent firm does not use payment information for commercial purpose.
"When you make a payment on WhatsApp, we send the payment instructions to our payment service provider (PSP) with the help of Facebook's secure payment infrastructure. Facebook does not use WhatsApp payment information for commercial purposes. WhatsApp chose Facebook as a service provider because it offers a best-in-class payment infrastructure that is safe and secure, WhatsApp said.
(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)