- The digital wallets are governed by Reserve Bank of India's Master Circular on Pre-Paid Payment Instruments.
- Information Technology Act, 2000, makes reasonable security practices and procedures mandatory to e-wallet providers.
- These measures and requirements also suffer from the same problem that demonetisation is suffering, the implementation.
Demonetisation has given a push to cashless economy that includes e-payments through various e-wallets and other means. However, there are two important aspects of digital transaction that are yet to be addressed by the government, cyber security of crucial data and privacy in digital transactions.
RBI and e-wallets:
The digital wallets are governed by Reserve Bank of India's Master Circular on Pre-Paid Payment Instruments. As per this circular, there are a couple of measures for the e-wallet providers for their protecting customers.
Some of the aims of these measures are to create reliability for the e-wallet providers by requiring them to have customer redressal mechanisms and prevent money laundering by setting limits transaction amount.
However, it does not provide any specific security related measures but only mentions that 'adequate' infrastructure and systems are required for prevention as well as detection of frauds. There is no minimum level of the security requirement, or liability is not establish in case of fraud or loss due to the security lapse.
What Information Technology Act, 2000 says:
This is the act that makes reasonable security practices and procedures mandatory to e-wallet providers. The IT Sensitive Personal Data Rules, 2011, also requires e-wallet providers to have proportionate security as per the data possessed by the provider.
If users of e-wallet suffer from loss due to lack of security process as per the acts or negligence in implementing the same, then the user must be get compensated.
The problem with the laws:
These measures and requirements also suffer from the same problem that demonetisation is suffering, the implementation. There are no proper means to verify whether the security measures adopted by the e-wallets are adequate or not. Also, once proved that security measures are adopted the liability of e-wallet cease to exist.
The Information Technology Act also allows the e-wallet providers to enter into private contact with the users which means the terms and condition of e-wallet can have clause waiving off their liability.
In short, there are loopholes in the existing laws that can be exploited by the e-wallet service provider and this means, the users are at higher risk of data theft, fraud, and other cyber crimes.
Since the central government is proactive in pushing the digital transaction methods and encouraging its various departments to adopt the same, it is high time cyber security laws to be revised and reworked upon.
Last Updated 31, Mar 2018, 6:49 PM