Ikigai LawIkigai LawIkigai LawIkigai Law
  • About Us
    • About
    • Our Team
    • FinTales
    • Tech Ticker
  • Practice Areas
  • Blog
  • News & Events
    • Ikigai Law in the news
    • Ikigai Law at events
    • Ikigailaw on the social media
  • Careers

Whatsapp Payments: A timeline

    Home Articles Whatsapp Payments: A timeline
    NextPrevious

    Whatsapp Payments: A timeline

    By Ikigai Law | Articles, Ikigai Law, Policy | 0 comment | 16 July, 2018 | 3

    In February 2017, Whatsapp had announced its plans to introduce a UPI-based payments service in India. Since then, a number of developments have taken place with respect to the payments service, including a discussion on privacy concerns surrounding the application’s use of customer data. This post provides a timeline of all the developments that have taken place on this front since the February announcement last year.

     

    Month Particulars/Developments
    February 2017 First reports of Whatsapp planning to enter payments in India.
    July 2017 Whatsapp gets a nod from the National Payments Corporation of India (“NPCI”) for UPI payments.
    January 2018 (i)     Whatsapp partners with 4 banks – SBI, ICICI Bank, HDFC Bank and Axis Bank. User to have the freedom to transact through any of these banks.

    (ii)   Proposal for how Whatsapp and UPI would work:

    ·        Whatsapp would identify the sender and receiver of the money on the basis of the mobile number. It would communicate the mobile number to the participating bank.

    ·        The bank would use the UPI server to identify the bank account numbers.

    ·        Finally, the UPI interface would settle the transaction between the bank accounts.

    February 2018 Beta testing

    ·        Whatsapp starts beta testing its product in partnership with ICICI Bank.

    ·        ICICI opens the product to a limited set of users who could in turn invite their friends to sample the service.

    ·        NPCI restricts the testing of the digital payment service to a sample of 1 million users or 1% of WhatsApp’s total user base, whichever is lower.

    March 2018 (i)     That Whatsapp shares data with its partner bank ICICI Bank and parent company Facebook came to light when it updated its privacy policy.

    (ii)   The Ministry of Electronics and Information Technology (“MeITY”) sends a letter to NPCI and a copy to the Reserve Bank of India (“RBI”), raising questions over WhatsApp not following the two-factor authentication norms laid down by RBI in addition to expressing concerns over management of user data.

    April 2018 (i)     NPCI responds to MeITY’s letter, however MeitY is not satisfied.

    (ii)   Whatsapp Payments’ ‘request money’ feature goes live for limited android beta users.

    May 2018 (i)       Whatsapp owner Facebook decides to bail out on SBI as a partner and go ahead with the remaining three banking partners to launch the payments service.

    (ii)     NPCI CEO, Dilip Asbe, states that NPCI has no concerns about data security on the payments platform on May 9.

    (iii)    Meanwhile, Paytm expresses concerns about Whatsapp Payments, alleging that Facebook-owned WhatsApp’s UPI payment platform has security risks for consumers and is not in compliance with the guidelines.

    (iv)    On data localisation, specifically:

    ·        NPCI appears to be satisfied with WhatsApp’s declaration that Facebook can’t use the data for any commercial purpose. “Many group companies share the infra, so no issue on that. The main issue is what the data is used for,” said a senior NPCI executive.

    ·        The RBI states that all payment data should reside in India.

    June 2018 (i)       On the two-factor authentication issue:

    ·        Allegations made that Whatsapp Pay did not adhere to the NPCI’s two-factor authentication rule.

    ·        Whatsapp responds by stating that the first factor of authentication is the mobile number while registering on the app, and the second is the UPI pin.

    ·        NPCI seems to be happy with the aforesaid arrangement and states that they “don’t see this as a big issue with WhatsApp Pay”.

    (ii)     On the data localisation issue:

    ·        As per the company,

    a.   Basic data is collected during a transaction which includes username, payment address, receiver and senders’ account status, balance sufficiency etc.

    b.   Some of this data is retained for future reference.

    c.   All transaction related information is stored in an encrypted format.

    d.   As for debit card details, only the UPI pin and card expiry date are taken and these are not retained.

    e.   The UPI Pin is encrypted by NPCI’s software.

    ·        Whatsapp Payments clarifies that they have limited visibility on the Indian consumer’s banking details and that they strictly abide by the norms of the Reserve Bank of India on the handling of payments data.

    (iii)    MeitY re-iterates lack of satisfaction with NPCI’s response to the first letter and wants detailed answers on the compliance standards, etc., followed by WhatsApp Payments.

    (iv)    MeitY sends a second letter to the NPCI with detailed questions on how WhatsApp Payments plans to abide with laws on sharing of user data and how it would conform to the RBI’s security and privacy rules.

    July 2018 (i)      MeitY is now of the opinion that if the NPCI can’t respond to the second letter satisfactorily, then its should do its own due diligence and take a call on the approval for Whatsapp Payments.

    (ii)     WhatsApp will have to consult with banks, the NPCI, and the RBI to resolve the matter as MeitY is not the authorising entity.

    (iii)    Whatsapp affirms that sensitive user data like the concluding six digits of debit cards as well as UPI PINs do not exist on its server.

    (iv)    NPCI has not yet disclosed by when it is likely to give its approval for the formal launch of WhatsApp Pay.

    August 2018 (i)    It appears that Whatsapp’s attempts to launch its payments services in India will continue to be delayed as MeitY has stated that Whatsapp cannot launch Whatsapp Payments in India until it sets up an office and recruits a team in the country.

    (ii)  Additionally, the government also plans on seeking the RBI’s views on whether payments services controlled remotely can be allowed to operate in India.

    (iii)         Meanwhile, Whatsapp has also updated its privacy policy for payments services in India and added two more banks (HDFC Bank and Axis Bank) to its list of partner banks.

     

    [This post has been authored by Isha Jain, a third year law student studying at Campus Law Centre, Faculty of Law, University of Delhi, with inputs from Tuhina Joshi, Associate, TRA and Nehaa Chaudhri, Policy Lead, TRA].

    Data localisation, Data Protection, Facebook, Financial information, Fintech, Ikigai Law, MeITY, NPCI, Payments, Privacy, RBI, UPI, Whatsapp

    Ikigai Law

    More posts by Ikigai Law

    Related Post

    • FinTales 2022 Round-Up

      By Ikigai Law | 0 comment

      The best stories of 2022 from our monthly fintech newsletter, FinTales. February 2022: The Hassleocracy of Crypto-taxes “Cryptos have no underlying assets, not even a tulip.” –Shaktikanta Das Ouch. That’s the RBI Governor, not mincingRead more

    • RBI Paper on Payment Charges Reignites Debate over Zero MDR Policy

      By Ikigai Law | 0 comment

      This article discusses the impact of and alternatives to the zero MDR policy in the context of the RBI discussion paper on payment charges. In August 2022, the RBI released a discussion paper on payment charges. ForRead more

    • Clause-wise mapping of the JPC’s recommendations on India’ data protection law

      By Ikigai Law | 0 comment

      A detailed clause-wise analysis of the Parliamentary committee’s report on India’s data protection law. On 16 December 2021, the Joint Parliamentary Committee on the Personal Data Protection Bill, 2019 tabled its report in Parliament. TheRead more

    • Impact of India’s upcoming data protection law on payments businesses

      By Ikigai Law | 0 comment

      This piece explores the impact of India’s upcoming data protection law on payments businesses, with a focus on cross-selling and physical location of data storage. With India’s upcoming data protection on the horizon, businesses must takeRead more

    • Data protection in Indonesia

      By Ikigai Law | 0 comment

      I. Introduction In this post, we examine the data governance framework of Indonesia, from the perspective of: data processing and other obligations imposed on organisations (II);rights guaranteed to individuals (III); rules governing cross-border data flowsRead more

    Leave a Comment

    Cancel reply

    Your email address will not be published. Required fields are marked *

    NextPrevious

    Tags

    #DataProtection #Fintales bitcoin Blockchain Budget Consent Consultation Consultation Paper cryptocurrency data Data Controllers data governance Data localisation Data Protection Data Subjects digital economy Digital India Drones E-Commerce Facebook Fintech Government Government of India healthtech Ikigai Law India Indian government Innovation MeITY Notice Payments Personal Data policy Privacy RBI Recommendation Regulation Srikrishna Committee Stakeholders Startups Surveillance Technology Tech Policy TechTicker TRAI

    Connect with Ikigai Law

    Copyright 2018 Ikigai Law | All Rights Reserved             

    Information

    • Practice Areas
    • Blog
    • Careers
    • Contact Us
    • Privacy Policy

    Contact us

    Office
    T-7/402, Commonwealth Games Village Apartment,
    New Delhi, Delhi 110092 India.

    Email Address

    contact@ikigailaw.com

    • About Us
      • About
      • Our Team
      • FinTales
      • Tech Ticker
    • Practice Areas
    • Blog
    • News & Events
      • Ikigai Law in the news
      • Ikigai Law at events
      • Ikigailaw on the social media
    • Careers
    Ikigai Law