Demonetisation was a boon for mwallet startups. The move to drive the nation to a cashless economy gave a big boost to the digital economy. In less than 24 hours, Paytm’s platform saw an overwhelming 435% increase in overall traffic – as millions of consumers across India moved to use their Paytm wallets to transact offline.

At the time, the Reserve Bank of India (RBI) also doubled the balance limit for prepaid wallets and cards to INR 20,000 to support small merchants to facilitate and receive payments electronically.

To further ensure that transactions done through ewallets are safe, the Ministry of Electronics and Information Technology (MeitY) has come up with a set of guidelines for wallet firms.

The guidelines draft Information Technology (Security of Prepaid Payment Instruments) Rules 2017 for security of prepaid payment instruments, under the Information Technology Act 2000, has been released for public consumption by MeitY.

As per the new guidelines, “Every e-PPI (Electronic Prepaid Payment Instruments) issuer shall develop an information security policy for security of the payment systems operated by it.”

It also stated that every e-PPI will have to post its terms and conditions and privacy policy on its website as well as mobile app.

As per the guidelines the privacy policy shall include the following details:

  1. The information collected directly from the customer and information collected otherwise uses of the information.
  2. Period of retention of information.
  3. Purposes for which information can be disclosed and the recipients.
  4. Sharing of information with law enforcement agencies.
  5. Security practices and procedures.
  6. Name and contact details of the Grievance Redressal officer along with mechanism for grievance redressal.
  7. Any other details as may be specified by the Central Government for this purpose.

For risk assessment and risk control, the guidelines state that every e-PPI issuer should carry out an assessment to ascertain the risks associated with the security of the payment systems operated. These  should be reviewed at least once a year and, after any major security incident or breach or before a major change to its infrastructure or procedures, among other things.

The guidelines also state that “The personal information of the customers will be treated under Section 72A of the Information Technology Act and “every ePPI issuer shall adopt security measures to protect the security, confidentiality, and integrity of the personal information.”

The guidelines also recommend that the ewallet firms should “Establish a mechanism for monitoring, handling and follow-up of cyber incidents, cyber security incidents, and cyber security breaches.”

Bipin Preet Singh, Founder and CEO, MobiKwik said, “We welcome the Ministry of Electronics and Information Technology (MeitY), Government of India’s new digital payments recommendations and feel that this will be a strong foundation that addresses the three important pillars of success in this industry, namely -strong information security, quick fraud detection, and fast grievance redressals.”

He also added that Mobikwik, is already implementing many of the prescribed suggestions.

He further added, “Our fraud detection team is razor-sharp and invariably put in 17+hours on an average and carry out risk assessment on a regular basis, which ensures that our grievance redressal tickets are closed within 30 minutes of raising.”

Comment was awaited from mwallet firms Paytm and Freecharge, at the time of publication.

The Indian fintech market is forecasted to touch $2.4 Bn by 2020. According to a report by TechSci Research, mobile wallet market in India is projected to reach $6.6 Bn by 2020. Major players in this segment include  PayU India, Freecharge, Oxigen, among others. The government has invited related parties to comment on the same by March 20, 2017.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.