WhatsApp will be vetted before it rolls out its payment service in India, as the ministry of electronics and IT has directed National Payment Corporation of India (NPCI) to check whether or not WhatsApp Payment’s methods are adhering to the guidelines set by the RBI for data security. An official source said, "MeitY has asked NPCI to check if WhatsApp Payments is working in conformation with RBI permissions, where is it storing transactions data and if that data is being shared by its parent firm Facebook before launching a bigger version of the service.”
The information was reported by PTI. It was on April 5 this year that the Reserve Bank of India felt the need to restrain Payment system operators and ordered all the payment operators to store the user’s data in India. Any data finding its way out of the country would mean that the company is going against the RBI’s rules. The authority set a six-month window to let the tech giants comply with the new regulation.
According to the report, WhatsApp right now has the permission to run its beta services for 1 million customers in India, while the NPCI has been asked to check for discrepancies in WhatsApp’s payment services before it scales its operation. The source further added “There are also issues around two-factor authentication during the time of the transaction. MeitY has asked NPCI to check compliance of WhatsApp on the security of the transactions as well.”
There was another voiced concern in between this update, as another official said that Meity had concerns with WhatsApp sharing its data with Facebook in the light of recent events, with what has happened in the Cambridge Analytica Scandal. When WhatsApp was confronted with questions regarding the same, it responded by saying that payments data is used to enable transactions, protect people from abuse and fraud, and offer customer support.
WhatsApp stated that "The data is stored securely, and sensitive user data such as the last 6-digits of a debit card and UPI PIN is not stored at all."
WhatsApp’s official statement was "When you make a payment on WhatsApp, we send the payment instructions to our payment service provider (PSP) with the help of Facebook's secure payment infrastructure. Facebook does not use WhatsApp payment information for commercial purposes. WhatsApp chose Facebook as a service provider because it offers a best-in-class payment infrastructure that is safe and secure.”
The instant messaging service, which is also the most used messaging app in the world admitted that the company was using Facebook’s infrastructure to offer its services. However, it also did not forget to mention that the Facebook did not use this payment information for commercial purposes.