As the volume of digital transactions goes up, are the electronic payment gateways prepared to handle this rush?
Taru Bhatia | December 20, 2016
Anya Shankar, a resident of Delhi, became nervous when her Paytm passbook went blank. A message from the company popped on her screen saying it was a “temporary glitch”. “Because Paytm was not working, I had to use cash,” says 28-year-old Shankar. She started using the Paytm wallet after demonetisation. “I am not okay using so much of Paytm, but then I have no option. I don’t even keep more than '500 in my digital wallet. What if my phone gets stolen?” she rues.
Shankar is among millions of citizens who are now using digital channels to cope with the cash crunch. Post demonetisation, digital wallet companies are among the few who are laughing all the way to the bank.
Paytm, India’s leading digital wallet company, claims that ever since cash became scarce, it has served over 45 million users in 10 days. Its application for non-internet users is also attracting a lot of users. Freecharge, another digital wallet company, has also witnessed a sharp rise in transactions and new sign ups. As per the company’s data, there has been an eightfold increase in transactions and a tenfold increase in the number of merchants using Freecharge since demonetisation.
Other electronic payment gateways like immediate payment service (IMPS), unstructured supplementary service data (USSD) and unified payments interface (UPI) too have seen a jump in their volume of transactions. The RuPay debit card, for instance, has seen a fivefold growth in usage at point-of-sale (PoS) channels, going up from '3 lakh a day to '15 lakh a day; and at e-commerce channels, it has witnessed a jump from '1.5 lakh to '3 lakh a day, according to the National Payments Corporation of India (NPCI) data. Similarly, UPI, a recently launched smartphone-based banking channel by NPCI, has seen transactions going up from '9,000 a day to '45,000.
The figures clearly indicate that cashless transactions are becoming popular. But the question still looms around the preparedness of the electronic payment gateways to handle this sudden rush.
“As the transactions value has spiked, there is a stress on infrastructure. There have been growing instances of transactions failing midway. The money goes out from the user’s wallet but doesn’t reach the merchant’s wallet. In the process, the user reinitiates the transaction since the old one didn’t happen,” says Atul Gupta, cyber security leader, KMPG India.
Rashesh Purohit, a Noida-based Paytm user, narrates a similar scenario. On November 22, he transferred '1,000 from his Paytm wallet to another user. While the amount got debited from his digital wallet, the money never reached the payee. He wrote three mails to the company, but did not get any response. Finally, on December 5, the company responded with an auto-generated email listing out security measures for a Paytm user. Till date, the company has not addressed his problem and he has not got his money back.
Despite repeated attempts, officials from Paytm could not be contacted.
To avoid such situations, Freecharge, which has more than 10 million users, has set up a helpline number for consumer grievances. “In the offline space, we have set up a dedicated number to which a merchant can give a missed call and our team will reach out to him. However, we have been receiving one call per second and are running behind schedule,” says Govind Rajan, CEO, Freecharge.
Moreover, merchants at large are still dealing in cash and there have been instances whereby some vendors have stopped using digital wallets bcause of this. Noida-based tea-stall vendor Manohar started using Paytm soon after demonetisation was announced. But of late he has stopped accepting payments through the digital wallet. “The wholesaler asks for cash. In order to collect money earned from Paytm I have to go to the bank. If every time I go to the bank and stand in queues for hours then who will run my shop?” he asks.
Another major concern while making electronic payments is security. Elaborating on the security measures undertaken by the State Bank of India (SBI), Thomas Franco, senior vice president, All India Bank Officers’ Confederation, says, “SBI has put in place anti-hacking technology to secure the digital money. Moreover, the bank has blocked around eight lakh debit cards which were inactive.”
Lack of digital literacy is further raising security concerns around digital payments. Several instances of fraud have been reported from urban as well as rural parts of the country. Rejina Tiriya, a 26-year-old tribal from Jharkhand, was duped of '10,000. A fraudster posing as a bank official asked for her debit card PIN code. “Tragedy is that even police is not registering her complaint and she is taking rounds of the police station,” says Mahesh Kumar, a member of a civil society group from Jharkhand, who got in touch with Tiriya.
“Security risk comes only when users are coming without adequate knowledge about security measures. The new users of digital payment system are not aware. They go to the shop and tell their PIN to the shopkeeper. There is an urgent need to make aware the new set of customers,” says AP Hota, managing director and CEO, NPCI.
Security experts believe that sudden demonetisation did not give banks enough time to increase awareness among people. Since most online payments are through smartphones it is important to secure these devices. Security of a digital transaction depends a lot on how you secure your devise, for example, what kind of applications you download on your phone. “If one follows cyber hygiene, they have clean devises. They [payment gateways] are fairly safe then,” says Arun Mohan Sukumar, a cyber expert, Observer Research Foundation.
Moreover, the two-factor authentication method, which is used by most payment gateways to identify the user, is not safe. “It is not a foolproof method of making a transaction. It is quite easy to get mobile numbers from people and a lot of things can be done using them. I do not understand why the security measure is limited to this authentication method. It has become a substitute for convenience,” adds Sukumar.
Recently, the Reserve Bank of India (RBI) removed the two-factor authentication for transactions of '2,000 and below to promote convenience in case of small cashless transactions.
While this raises a question on security, Hota says, “Just because the RBI has relaxed [the rule] doesn’t mean banks have to implement it immediately. They [first] have to put in place necessary discipline to implement it. They have to sensitise the customer and take their consent, without which they cannot implement it.”
Security experts for long have been advocating biometrics like fingerprint or iris as a primary security feature to authenticate a user. But its implementation depends upon the quality of a smartphone, and only high-end phones offer this feature.
Therefore, it is the right time now for the RBI to strictly regulate digital wallet companies, says Gupta of KPMG. “The [digital] wallet companies have customer-specific data, so it should be clear that how are they using, storing and sharing the data,” he adds.
Even banks need to upgrade their data analysis feature, feels Rajesh Aggarwal, joint secretary in the tribal affairs ministry, and an IT enthusiast. “Our banks need to do real time big data analytics. At present, even the most basic analysis of card transactions is not being done. For example, transactions like a debit card being used in Delhi at 10 am and two minutes later in Bihar or Russia are not being flagged,” he says.
(The story appears in the 16-31, 2016 issue of Governance Now)
In its bid to make the country self-reliant in the areas of 12 strategic minerals that are either not available in India or not available adequately, National Aluminium Company (NALCO), HCL and Mineral Exploration Corporation Limited (MECL), the CPSEs of ministry of mines have inked an agreement.
Social media giant Facebook has offered “tips for spotting false news” as part of its campaign to combat spread of misinformation. In a full-page advertisement in sections of print media, Facebook offered the tips, along with the tagline: “Together, we can limit the spread
The central government has agreed to transfer Hotel Jaipur Ashok at Jaipur and Lalitha Mahal Palace Hotel at Mysore of India Tourism Development Corporation Ltd (ITDC) to Rajasthan and Karnataka governments, respectively and disinvest ITDC shares in Donyi Polo Ashok Hotel Corporation. The ca
Rohingya people who have entered India are not refugees but illegal immigrants, home minister Rajnath Singh has said, as they have not followed the due procedure to acquire a refugee status. “By deporting Rohingyas from India, we are not violating any international law. India is not a
Lucknow, September 15 The Uttar Pradesh Police releases official data on crime control under the new dispensation of Chief Minister Yogi Adityanath. Reveals that in 180 days of the new government, 420 encounters have taken place leading to the elimination of 15 supposedl
Since the dawn of this century, owing to their growing interdependence, India’s ties with the African states have gradually been acquiring significance in a rapidly globalising world. Such interdependence is manifesting itself quite clearly in economic, developmental and politico-strategic spheres of