Digital payments companies are questioning the robustness of security of transaction data generated by users using payment platforms of global technology corporations including Google and Facebook, as the American social network is assailed by allegations of misuse of consumer data in its home market.
Facebook-owned WhatsApp and search engine giant Google have entered the Indian payments ecosystem through partnerships with various banks using the Unified Payments Interface (UPI) platform in recent months.
Industry groupings say they fear Indian consumers using these platforms could be at risk of getting their transaction data used for profit making purposes.
“This might be the time that lawmakers in India also ask questions about what safety does Facebook provide to Indian consumers against apparent compromise of personal data through its application programming interfaces(APIs). Banks, especially, should ask about the safety of personal financial data of their customers connected through the UPI integration,” said Shubho Ray, president of IAMAI (Internet and Mobile Association of India).
Emails sent to Google and Facebook did not get a response at the time of filing the article.
Payments industry executives ET spoke to said that in India these entities not only have access to social data of their consumers but will now also get access to financial behaviour of the users, which they say opens up avenues for potential misuse.
“It is a matter of grave concern that personal data shared by users on Facebook has been misused and that too against the national interest of a country. As Indians, we should be extremely concerned and vigilant that such acompany is getting access to India’s banking systems on very sensitive national payment backbone through WhatsApp,” said a Paytm spokesperson.
Alibaba-backed Paytm competes with Google Tez and WhatsApp Payments in India.
However, multiple bankers ET spoke to who are working in partnership with WhatsApp to enable UPI payments on their platform, confirmed that no UPI application gets access to personal details of consumers like banking details or account details. They only get a sense of the transaction behaviour of the consumer.
"(But) they might use their analytics to push through more targeted promotion campaigns to their customers,” said a senior banker.
Cyber security experts are of the view that while companies like Facebook and Google have the highest security standards and data protection systems globally, there is need for stricter privacy laws in India. There is also a need to look into the amount of access applications get on the user’s smartphone.
Bikash Barai, cofounder of cyber security startup FireCompass, said, “We cannot keep competition out, but there is a need for enhanced security regulations to prevent data theft as well as ensure data privacy, something what advanced economies like in Europe have already done. From the perspective of cyber security preparedness and ability to protect user data, Indian startups are significantly behind global tech giants.”