Anya Shankar, a resident of Delhi, became nervous when her Paytm passbook went blank. A message from the company popped on her screen saying it was a “temporary glitch”. “Because Paytm was not working, I had to use cash,” says 28-year-old Shankar. She started using the Paytm wallet after demonetisation. “I am not okay using so much of Paytm, but then I have no option. I don’t even keep more than '500 in my digital wallet. What if my phone gets stolen?” she rues.

Shankar is among millions of citizens who are now using digital channels to cope with the cash crunch. Post demonetisation, digital wallet companies are among the few who are laughing all the way to the bank.

Paytm, India’s leading digital wallet company, claims that ever since cash became scarce, it has served over 45 million users in 10 days. Its application for non-internet users is also attracting a lot of users. Freecharge, another digital wallet company, has also witnessed a sharp rise in transactions and new sign ups. As per the company’s data, there has been an eightfold increase in transactions and a tenfold increase in the number of merchants using Freecharge since demonetisation.

Other electronic payment gateways like immediate payment service (IMPS), unstructured supplementary service data (USSD) and unified payments interface (UPI) too have seen a jump in their volume of transactions. The RuPay debit card, for instance, has seen a fivefold growth in usage at point-of-sale (PoS) channels, going up from '3 lakh a day to '15 lakh a day; and at e-commerce channels, it has witnessed a jump from '1.5 lakh to '3 lakh a day, according to the National Payments Corporation of India (NPCI) data. Similarly, UPI, a recently launched smartphone-based banking channel by NPCI, has seen transactions going up from '9,000 a day to '45,000.

The figures clearly indicate that cashless transactions are becoming popular. But the question still looms around the preparedness of the electronic payment gateways to handle this sudden rush.

“As the transactions value has spiked, there is a stress on infrastructure. There have been growing instances of transactions failing midway. The money goes out from the user’s wallet but doesn’t reach the merchant’s wallet. In the process, the user reinitiates the transaction since the old one didn’t happen,” says Atul Gupta, cyber security leader, KMPG India.

Rashesh Purohit, a Noida-based Paytm user, narrates a similar scenario. On November 22, he transferred '1,000 from his Paytm wallet to another user. While the amount got debited from his digital wallet, the money never reached the payee. He wrote three mails to the company, but did not get any response. Finally, on December 5, the company responded with an auto-generated email listing out security measures for a Paytm user. Till date, the company has not addressed his problem and he has not got his money back.

Despite repeated attempts, officials from Paytm could not be contacted.

To avoid such situations, Freecharge, which has more than 10 million users, has set up a helpline number for consumer grievances. “In the offline space, we have set up a dedicated number to which a merchant can give a missed call and our team will reach out to him. However, we have been receiving one call per second and are running behind schedule,” says Govind Rajan, CEO, Freecharge.

Moreover, merchants at large are still dealing in cash and there have been instances whereby some vendors have stopped using digital wallets bcause of this. Noida-based tea-stall vendor Manohar started using Paytm soon after demonetisation was announced. But of late he has stopped accepting payments through the digital wallet. “The wholesaler asks for cash. In order to collect money earned from Paytm I have to go to the bank. If every time I go to the bank and stand in queues for hours then who will run my shop?” he asks.

Another major concern while making electronic payments is security. Elaborating on the security measures undertaken by the State Bank of India (SBI), Thomas Franco, senior vice president, All India Bank Officers’ Confederation, says, “SBI has put in place anti-hacking technology to secure the digital money. Moreover, the bank has blocked around eight lakh debit cards which were inactive.”

Lack of digital literacy is further raising security concerns around digital payments. Several instances of fraud have been reported from urban as well as rural parts of the country. Rejina Tiriya, a 26-year-old tribal from Jharkhand, was duped of '10,000. A fraudster posing as a bank official asked for her debit card PIN code. “Tragedy is that even police is not registering her complaint and she is taking rounds of the police station,” says Mahesh Kumar, a member of a civil society group from Jharkhand, who got in touch with Tiriya.

“Security risk comes only when users are coming without adequate knowledge about security measures. The new users of digital payment system are not aware. They go to the shop and tell their PIN to the shopkeeper. There is an urgent need to make aware the new set of customers,” says AP Hota, managing director and CEO, NPCI.

Security experts believe that sudden demonetisation did not give banks enough time to increase awareness among people. Since most online payments are through smartphones it is important to secure these devices. Security of a digital transaction depends a lot on how you secure your devise, for example, what kind of applications you download on your phone. “If one follows cyber hygiene, they have clean devises. They [payment gateways] are fairly safe then,” says Arun Mohan Sukumar, a cyber expert, Observer Research Foundation.

Moreover, the two-factor authentication method, which is used by most payment gateways to identify the user, is not safe. “It is not a foolproof method of making a transaction. It is quite easy to get mobile numbers from people and a lot of things can be done using them. I do not understand why the security measure is limited to this authentication method. It has become a substitute for convenience,” adds Sukumar.

Recently, the Reserve Bank of India (RBI) removed the two-factor authentication for transactions of '2,000 and below to promote convenience in case of small cashless transactions.

While this raises a question on security, Hota says, “Just because the RBI has relaxed [the rule] doesn’t mean banks have to implement it immediately. They [first] have to put in place necessary discipline to implement it. They have to sensitise the customer and take their consent, without which they cannot implement it.”

Security experts for long have been advocating biometrics like fingerprint or iris as a primary security feature to authenticate a user. But its implementation depends upon the quality of a smartphone, and only high-end phones offer this feature.

Therefore, it is the right time now for the RBI to strictly regulate digital wallet companies, says Gupta of KPMG. “The [digital] wallet companies have customer-specific data, so it should be clear that how are they using, storing and sharing the data,” he adds.

Even banks need to upgrade their data analysis feature, feels Rajesh Aggarwal, joint secretary in the tribal affairs ministry, and an IT enthusiast. “Our banks need to do real time big data analytics. At present, even the most basic analysis of card transactions is not being done. For example, transactions like a debit card being used in Delhi at 10 am and two minutes later in Bihar or Russia are not being flagged,” he says.

(The story appears in the 16-31, 2016 issue of Governance Now)