The ministry of electronics and information technology (MeitY) has once again asked National Payments Corporation of India (NPCI) about the security of WhatsApp Payments feature, which will soon roll out its full-fledged payment services using Unified Payments Interface (UPI) as its backbone.
According to reports, the ministry has voiced concerns about the data sharing policy of the global messaging company on how data will be shared with its parent-company, facebook. There are also concerns about how the payment data will be stored considering Reserve Bank of India (RBI) announced its data localisation policy on April 5, stating all payment service providers to store data on servers within India.
“MeitY has asked NPCI to check if WhatsApp payments service is working in conformation with RBI permissions, where is it storing transactions data and if that data is being shared by its parent firm Facebook before launching the bigger version of the service,” an official source told PTI.
WhatsApp clarifying its position, said, “The data is stored securely, and sensitive user data such as the last 6-digits of a debit card and UPI PIN is not stored at all.”
Currently, banks adhere to two-factor authentication, but concerns have been raised that the payments feature doesn’t follow the required norm. BHIM app uses two factor authentication based on the device that you use and PIN that you need to key in while using the app.
After the case of Cambridge Analytica, data sharing issue has caught an attention of the regulators. Cambridge Analytica allegedly used personal data of millions of people to influence the US elections in 2016.
After issues were raised about its safety, WhatsApp later issued a clarification, “Facebook does not use WhatsApp payment information for commercial purposes, it simply helps pass the necessary payment information to the bank partner and NPCI. In some cases, we may share limited data to help provide customer support to you or keep payments safe and secure.”