While the news regarding Facebook data leak with Cambridge Analytica is still boiling all around, in another news revelation, WhatsApp – freeware messaging and VoIP service by Facebook – is now being accused of sharing its payments-related data with Facebook and other third-party apps.
WhatsApp launched its UPI-enabled payment services on February 8, this year. Currently running its UPI-enabled payments facility in beta mode, WhatsApp has been accused of killing the UPI interface. In an interview with CNBC, Vijay Shekhar Sharma, Paytm founder, has already accused WhatsApp of evading essential authentication processes.
In the policy terms, WhatsApp has clarified that the messaging cum VoIP platform is not a licensed financial institution, and it does not receive, transfer or store any funds in connection with Payments and are not responsible for UPI service interruptions or acts or omissions of PSPs or users’ bank including the payment, settlement and clearance of funds.
However, it also goes on to say,
“To provide Payments to you, we share information with third-party services including PSPs, such as your mobile phone number, registration information, device identifiers, VPAs (virtual payments addresses), the sender’s UPI PIN, and payment amount.”
Sharing info with the PSPs is understandable; but, with Facebook? Does Mark Zuckerberg have any explanation or just wants to get away by issuing another apology?
Out of 1.5 Bn global users, WhatsApp has 200 Mn users in India. While the company’s UPI-enabled payments solution is currently limited to a user base of 1 Mn, as part of a pilot project, the company has already planned to open it to every Indian user. This might alarm another trust breach by Facebook, as most of the users aren’t aware of such terms and conditions.
Not very long ago, the UIDAI – taking a stringent action – had suspended Airtel from conducting Aadhaar-enabled payments solution for its Airtel Payments Bank division.
Like Truecaller, WhatsApp provides a peer-to-peer payments solution creating a VPA in partnership with various banks such as the ICICI and Axis. However, the virtual address as appears does contain the users’ mobile number.
Evading the Login and password essentiality to make UPI-enabled payments, WhatsApp has also thus skipped the 2-step authentication in the name of making the payments easy. In a tweet that invoked Facebook’s unsuccessful tryst of colonising the Internet with Free Basics, Vijay Shekhar Sharma which has already reached the NPCI alleging the organisation’s preferential service to WhatsApp, accused Facebook of trying the same trick again by killing the open UPI system with closed implementation through the payment feature on WhatsApp.
Jan and Brian, co-founders of WhatsApp who are now campaigning #deleteFacebook share the core idea behind WhatsApp, “The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private – sort of like a face-to-face conversation.”
However, once it became a part of the Facebook family, it appears that data leak and trust breach issues are inevitable.
The Facebook-owned WhatsApp existing policy states that the data which includes fetching a user’s name, number, transaction, date and time are collected so as to review user’s account activity to determine whether the user continues to meet our Terms and Payments Terms.
Interestingly, WhatsApp apparently does that by breaching the NPCI guidelines on users’ data privacy.
And, as stated, the data is shared with Facebook too. Facebook, the social media platform, has already all the other details of its users which include family details, places a user goes to, etc. With transaction details, Facebook has just taken its surveillance capability to another level.
Also, sharing its transaction data with third parties is not in sync with the NPCI guidelines which states, “The PSP shall not share the data/information with any other third party unless mandated by applicable law or required to be produced before a regulatory/statutory authority. In such exceptional cases wherein data/information is required to be shared under applicable law or required to be produced before a regulatory/statutory authority and to the extent permitted under such law / by such regulatory/statutory authority, the PSP shall provide a prior written intimation to NPCI & Bank of such disclosure.”
While WhatsApp has apparently stated that it might follow the NPCI guidelines once it will roll out the payments solution for all the 200 Mn Indian users. However, does that justify, playing with the existing 1 Mn users, who have already subscribed to the payments solutions?
While Mark has already apologised for allowing third parties to lift data from Facebook without users consent, Zuckerberg’s data ravenousness can also be understood by the fact that he had also planned to access all hospital records’ matching health data along with user’s profiles. After Cambridge and direct or indirect Russian involvement in the US presidential election, Mark Zuckerberg has put the health data mining of each profile user on hold.
A German court has already ruled that Facebook has violated the country’s data protection law by insisting users provide their real names and their location, etc.
WhatsApp which is aimed to be a freemium service in India has completely turned itself into a freeware platform. The question is how? By mudding with people’s data?