While the news regarding Facebook data leak with Cambridge Analytica is still boiling all around, in another news , WhatsApp – freeware messaging app by Facebook – is now being accused of sharing its payment-related data with Facebook and other third-party apps.
WhatsApp launched its UPI-enabled payment services on February 8, this year. WhatsApp has been accused of killing the UPI interface. In an interview with CNBC, Vijay Shekhar Sharma, Paytm founder, has already accused WhatsApp of evading essential authentication processes.
Evading the Login and password essentiality to make UPI-enabled payments, WhatsApp has also thus skipped the 2-step authentication in the name of making the payments easy. Vijay Sharma which has already reached the NPCI alleging the organisation’s preferential service to WhatsApp, accused Facebook of trying the same trick again by killing the open UPI system with closed implementation through the payment feature on WhatsApp.
The Facebook-owned WhatsApp existing policy states that the data which includes fetching a user’s name, number, transaction, date and time are collected so as to review user’s account activity to determine whether the user continues to meet our Terms and Payments Terms.
Interestingly, WhatsApp apparently does that by breaching the NPCI guidelines on users’ data privacy.
Also, sharing its transaction data with third parties is not in sync with the NPCI guidelines which states, “The PSP shall not share the data with any other third party unless mandated by applicable law or required to be produced before a regulatory authority. In such exceptional cases wherein data is required to be shared under applicable law or required to be produced before a regulatory authority and to the extent permitted under such law by such regulatory authority, the PSP shall provide a prior written intimation to NPCI & Bank of such disclosure.”
While WhatsApp has apparently stated that it might follow the NPCI guidelines once it will roll out the payments solution for all the 200 Mn Indian users.
However, does that justify, playing with the existing 1 Mn users, who have already subscribed to the payments solutions?
Out of 1.5 Bn global users, WhatsApp has 200 Mn users in India. While the company’s UPI-enabled payments solution is currently limited to a user base of 1 Mn, as part of a pilot project, the company has already planned to open it to every Indian user. This might alarm another trust breach by Facebook, as most of the users aren’t aware of such terms and conditions.
Sharing of personal data such as mobile number, bank account details, number and amount of transactions being done with third parties by payments firms can shoot up the rate of phishing attacks in India significantly.
“So far these hackers have been getting passive data about banking customers from random sources. If payment firms start sharing data with third-party companies then it will help the hackers pinpoint that user with every minute detail required,” said an industry expert requesting anonymity.
“In case of payments firms, it also exposes a user’s financial capability to other advertisers,” the person added.
While rival Paytm states that it doesn’t sells or rents a user’s personal information to any third party, it stresses that it will have to do so in case there’s a “legally compliant request for its disclosure”.
Whatsapp made its entry into the digital payments space in India earlier this year.The digital payments space in India had a total transactional value of Rs 3,37,267 crore in 2018 and is growing at 17.4 percent CAGR.