You are here: Home » Finance » News » Others
Business Standard

WhatsApp Pay clearance: RBI raises data localisation concerns with NPCI

Says won't allow the services until it meets data norms

Karan Choudhury & Neha Alawadhi  |  Bengaluru/New Delhi 

WhatsApp Pay
WhatsApp Pay

The Reserve Bank of India (RBI) has asked the National Payments Corporation of India (NPCI) to ensure that Pay is fully compliant with norms before it gets permission to roll out its services across the country.

In a letter to the on November 1, the central bank made it clear that Pay, the payment services of the Facebook-owned messaging giant, needs to keep all financial data in every form in India. It stressed that financial data in any form cannot at any given point be stored abroad. The also made it clear to the that if Pay does not follow the guidelines, it will have to intervene and won’t allow the payment services to go live.

WhatsApp and the hadn’t replied to emailed queries at the time of going to press. Business Standard has a copy of the RBI’s letter, titled ‘WhatsApp’s compliance to data storage guideline and Go-Live on UPI platform’.

The banking regulator has asked the NPCI specific questions on the status of compliance with norms. The NPCI, it seems from the letter, had informed the of the compliance status of WhatsApp Pay’s on September 12 and October 24.

“WhatsApp application (client) logs, query screenshot (uploaded by the customer), and customer email message, which are stored with its support team for 90 days, do not contain any elements of payment data. We further advise you to ensure that WhatsApp does not store any of the payment transaction data elements in hashed/de-identified/ encrypted form in systems outside India,” the letter stated.

ALSO READ: WhatsApp unveils 'Catalogs' to let small enterprises showcase products

It further stated that in case of non-compliance by WhatsApp to the RBI’s circular, it may not be permitted to go live for full-scale operations on the UPI system. “It may be noted that this does not preclude the from initiating any other action as deemed fit in this regard,” it stated in the letter.

The NPCI, the umbrella organisation for operating retail payments and settlement systems in India, has been one of the big supporters of and Google Pay in India. In October, the NPCI had claimed that would be compliant with the RBI’s guidelines in two months.

The chat app has been running the beta version of its payments system since last February. is built on the Unified Payments Interface (UPI), a platform developed by the NPCI.


ALSO READ: WhatsApp Pay: Experts warn govt of digital banking risk after snooping row

According to recent reports, the NPCI said WhatsApp would be able to pass the RBI’s litmus test. “There are still a couple of intermediaries where work is in progress. One is Google, second is WhatsApp. We believe WhatsApp will be fully compliant in the next two months,” the NPCI’s chief executive Dilip Asbe recently told media.

According to cyber law experts, in the current situation when the safety of data with WhatsApp, following a software breach that allowed hackers to target 121 Indian citizens among 1,400 people globally, is in question, it should not be allowed to run payments or have UPI on its platform. “WhatsApp, by allowing its platform to compromise, has lost the confidence of Indian users. Hence, until data is localised and until it implements controls to guard against future exploitation of its platform, a licence should not be granted,” said Prashant Mali, a cyber law expert.

RBI sources said the central bank’s officials are upset with WhatsApp because even after asking it multiple times, the messaging platform has not maintained the same level of transparency that banks in the country, as well as other payment platforms, maintain.

There is an ongoing case in the Supreme Court, filed by Centre for Accountability and Systemic Change (CASC), an NGO which has alleged that WhatsApp launched its payment services without having fully complied with the RBI’s directives on

The banking regulator had earlier told the apex court that it does not give approval to entities like WhatsApp to act as authorised payment system operator; it is the NPCI which has allowed such entities to operate under the multi-bank model of the UPI.

chart

First Published: Thu, November 07 2019. 21:57 IST
RECOMMENDED FOR YOU