India lacks laws to protect customers of digital transactions, say experts
India lacks laws to protect consumers if they lose money during digital transactions even as the government pushes for a less-cash economy after it withdrew ~500 and ~1,000 currency notes as legal tender.
The Narendra Modi government’s demonetisation move might have warranted an increase in transaction activity on digital wallets massively, but measures to ensure the underlying cyber security parameters for digital payments are still kept largely under the ambit of the Information Technology Act. “We don’t have any dedicated law on digital payments. That’s very important to grant complete legality and remove and doubts and clarifications pertaining to legal efficacies and legal validity of digital payments,” says Pavan Duggal, an advocate in the Supreme Court specialising in cyber law.
While the Reserve Bank of India (RBI) usually sets security and privacy standards for banks in the country, digital wallets such as Paytm, FreeCharge and MobiKwik fall under the category of non-banking financial corporations (NBFCs) excluding them from this. For fintech companies in India today, security compliance falls under Section 43 A of the IT Act.
Today, transactions between a user and a mobile wallet service provider are merely contractual agreements which as Duggal puts it can always be repudiated. There’s a heightened need to legally back digital payments in India, not only to ensure the safety of consumer money but also for the safety of these companies themselves.
While maintaining security standards for fintech companies falls under the data protection law of the IT Act, the lack of an enforcement mechanism hinders any good this can do.
Since the demonetisation announcement, digital wallet firms such as Paytm have seen as much as 35 million transactions by users to either buy goods and services or transfer funds to another account. Rival FreeCharge has tied up police forces of Mumbai to pay traffic fines using its platform.
According to Bengalurubased think tank Centre for Internet and Society (CIS), their research shows that some of India’s largest technology companies still do not comply with Section 43 A.
“We have a minimal data protection law in our IT Act and that will apply to all the fintech players. But, our ISPs (intenet service providers) and telcos don’t comply with Section 43 A. So you can imagine compliance will be even lower in the fintech sector,” says Sunil Abraham, executive director, CIS. Vijay Shekhar Sharma, the founder of Paytm, says there is a dispute mechanism similar to what is done with credit or debit cards that firms such as his follow when a customer has an issue.
“Regulation in digital money works just like in the case of cards. It is the issuer, in this case, the wallet companies that has to resolve the problem. If not, the next stop is consumer court,” says Sharma.
Since the demonetisation announcement, digital wallet firms such as Paytm have seen as much as 35 mn transactions by users