The latest guidelines issued by the Information Technology Ministry on cyber security of prepaid payment instruments, or PPIs, has caused a concern among wallet and payment players regarding the possibility of dual control from the Reserve Bank of India as well as the central government.
PPIs, regulated by the RBI under the powers bestowed upon it by the government through the Payments and Settlement Systems Act (2007), have said there is an urgent need for better coordination between the two entities in order to prevent overlap of jurisdictions.
The ministry has asked wallet companies to adopt multiple-factor authentication for payments, which, the industry sources say, can kill their business, as the new layer will interfere with the instant payment mechanism.
“Wallets are mostly for small-ticket transactions. Introducing various levels for authentication can cause payments to fail as the internet connection is still poor in rural areas and it can cause friction in smooth payments experience that we offer,” said Sandeep Ghule, cofounder of Transerv, a Mumbai-based PPI licence holder.
According to PPIs, the ministry now also expects them to report cyber attacks to CERT-In (Indian Computer Emergency Response Team).
“We have guidelines around cyber security protocols laid out by the RBI and separate reporting mechanisms. We are not clear about the thought process behind the separate list of regulations and separate reporting mechanisms,” Ghule pointed out.
With wallets having only 10% share of the entire digital payments volume in the country, regulations should cover the entire payments spectrum from banks to payment gateways, Ghule added.
Assuring that wallet companies already adhere to strict security guidelines, Bipin Preet Singh, co-founder of mobile wallet company Mobikwik, said: “We have a security system which is PCI DSS and ISO 27001 certified, and our grievance redressal tickets are also closed within 30 minutes of being raised.”
On Wednesday, the Ministry of Electronics and Information Technology released a set of draft guidelines under the Information Technology Act 2000 for public comments regarding ensuring cyber safety for wallets.
Post demonetisation, the hype created by wallet companies has caused the government to ensure that they do not fall prey to cyber attacks and jeopardise the entire push of the government for a less-cash society, say industry sources.
“This (multi-layer authentication) will also increase people's trust in wallet-based payments,“ said Bhavik Hathi, managing director at consultancy firm Alvarez & Marsal.
PPIs, regulated by the RBI under the powers bestowed upon it by the government through the Payments and Settlement Systems Act (2007), have said there is an urgent need for better coordination between the two entities in order to prevent overlap of jurisdictions.
The ministry has asked wallet companies to adopt multiple-factor authentication for payments, which, the industry sources say, can kill their business, as the new layer will interfere with the instant payment mechanism.
“Wallets are mostly for small-ticket transactions. Introducing various levels for authentication can cause payments to fail as the internet connection is still poor in rural areas and it can cause friction in smooth payments experience that we offer,” said Sandeep Ghule, cofounder of Transerv, a Mumbai-based PPI licence holder.
According to PPIs, the ministry now also expects them to report cyber attacks to CERT-In (Indian Computer Emergency Response Team).
“We have guidelines around cyber security protocols laid out by the RBI and separate reporting mechanisms. We are not clear about the thought process behind the separate list of regulations and separate reporting mechanisms,” Ghule pointed out.
With wallets having only 10% share of the entire digital payments volume in the country, regulations should cover the entire payments spectrum from banks to payment gateways, Ghule added.
Assuring that wallet companies already adhere to strict security guidelines, Bipin Preet Singh, co-founder of mobile wallet company Mobikwik, said: “We have a security system which is PCI DSS and ISO 27001 certified, and our grievance redressal tickets are also closed within 30 minutes of being raised.”
On Wednesday, the Ministry of Electronics and Information Technology released a set of draft guidelines under the Information Technology Act 2000 for public comments regarding ensuring cyber safety for wallets.
Post demonetisation, the hype created by wallet companies has caused the government to ensure that they do not fall prey to cyber attacks and jeopardise the entire push of the government for a less-cash society, say industry sources.
“This (multi-layer authentication) will also increase people's trust in wallet-based payments,“ said Bhavik Hathi, managing director at consultancy firm Alvarez & Marsal.
0 comments:
Post a Comment