India has always been inclined towards being cash driven society. However, with the constant development in technology, increase in access to the internet, the ‘Digital India’ campaign and the constant support of the Regulatory Authority i.e. Reserve Bank of India (“RBI”) encouraging the development in the initial years and being the catalyst and facilitator in the later years, the Digital Payment System in India is witnessing a tremendous growth.
India is heading towards the cashless economy and a number of innovative technologies in the payments sector over the years have led the people to change their preference from cash to digital means. The digital payment system is a revolution in India and all banks and financial service providers are entering the field, which makes it essential to have specific and effective guidelines to regulate it.
Digital payment system can be defined as a framework where financial transactions take place via digital or online modes, with no physical exchange of money involved, which means both parties, the payer and the payee, uses electronic mediums to exchange money.
The digital revolution has taken the world by storm, as no other sector has witnessed a metamorphosis as has been seen in the payment and settlement arena, resulting in a plethora of payment options for the consumer.
According to RBI Digital Payments Index of 2021, the index for March 2021 has increased at 270.59 as opposed to that of 207.84 for March 2020, which is mostly facilitated by the rapid increase in use of Unified Payment Interface (UPI).
In this article we attempt to discuss about the concept, regulatory framework and need of Digital Payment Systems in India and how it will become the stepping stone for revolution of financial systems in India.
TYPES OF DIGITAL PAYMENT SYSTEMS
With an aim of converting India into a cashless society, the following modes of digital payment are available in India.
1. Banking Cards:
The kinds of banking cards available are debit card, credit card, and prepaid card. These cards are widely used and provide a safe, secure, and reliable mode of transaction. A Debit or Credit card is linked to a Customer’s Account, which can then be used physically at shops or for E-commerce transactions. Generally, a nominal fee is levied while making transaction through these cards called transaction cost.
2. Unstructured Supplementary Service Data (USSD):
USSD is based on corporation of banks and telecom service provider, which was launched with the idea of allowing those sections of India’s population to use mobile banking, who don’t have access to proper banking and internet facilities.
Under this method, the user can avail services by dialling *99# through the mobile number linked to their bank account after which an interactive menu will be displayed on the user’s screen.
3. AEPS (Aadhaar enabled payment system):
This is a bank led digital mode of payment, which was introduced to promote use and linking of Aadhaar card with the bank account, this method allows user to transfer money with other Aadhaar linked account. AEPS works through business correspondent at PoS and ATMs.
4. UPI (Unified Payment Interface):
UPI is a payment system that culminates numerous bank accounts into a single application. It is a real-time, interoperable system that acts as a common platform for all digital payments. Any person with a bank account can use UPI to transfer money through his phone from one bank account to another.
5. Mobile Wallets:
Mobile wallets allow users to carry cash in digital format in their smartphones and tablets. The users can link their bank account to mobile wallets and transfer cash to it. Some of the e-wallets are Airtel Money, Paytm, Freecharge, Mobikwik, etc.
6. Point of Sale Terminals (PoS):
The PoS terminal is known as the segment or location where sale happens, the PoS devices are usually attached at the checkout counter, where you swipe or tap your debit or credit card to make payment.
7. Mobile Banking:
Mobile banking is a mechanism, which allows its users to transfer money and conduct other banking transactions through the mobile devices, typically through bank’s mobile application.
8. Internet Banking:
Internet Banking enables the users to use baking services round the clock throughout the year through financial institution’s website. A user can use RTGS, NEFT or IMPS mode to conduct transaction as mentioned below –
- National Electronic Funds Transfer
NEFT allows customers to transfer funds from one account to another, regardless of the bank the accounts are in. It also lets people who do not have a bank account to transfer money through NEFT. NEFT has fixed timings to operate.
- Immediate Payment Service –
IMPS is available 24*7 and the service can be operated through a mobile phone to instantly transfer money from one bank account to any other.
The digital payment mechanism provides a lot of ease and convenience to its consumers/users. However, it should always be kept in mind that they are prone to higher security risks as well. Therefore, a sound and robust legal requirement is a necessary requirement for efficient payment system in India.
In India, the responsibility of managing the payment systems is entrusted to the Reserve Bank of India (RBI), and the RBI keeping in mind the importance of a robust and appropriate regulation for the development of not only financial system but also payment system introduced Payment and Settlement System Act, 2007 (“PSS Act”) under Section 38 of the Reserve Bank of India Act, 1934.
India is one now amongst of the few countries that have a specific payment systems law to “provide for the regulation and supervision of payment systems in India and to designate RBI as the authority for the purpose and for matters connected therewith or incidental thereto.”
In terms of Section 4 of the PSS Act, any person who is desirous of setting up a payment system in India needs to take prior authorisation from the RBI. The application requesting for authorisation has to be addressed to Chief General Manager of Department of Payment and Settlement Systems at Central Office of the RBI at Mumbai or any other officer as prescribed in the format specified in Form – A of Payment and Settlement Systems Regulations, 2008 (“PSS Regulation”) along with the fee of Rs. 10,000/-.
Once RBI is satisfied about the genuineness of the information provided and confirming that it is within the parameters specified in Section 7 of the Act, RBI can issue a certificate of authorisation in the format given in Form B of the PSS Regulation.
In case, a payment system wants to modify itself in such a way that it would change its structure then it could not do so without prior approval of the RBI and without giving a prior notice of at least (30) thirty days to the payment system participants after such approval.
Under the PSS Act, RBI can refuse to grant authorisation in case the information provided is not true or the payment system provided has acted in contravention of the Act and the regulation, provided an opportunity of hearing is granted to the applicant.
The PSS Act grants power to the RBI to issue guidelines, circulars, master direction, etc., from time to time for smooth functioning of payment system providers in India such as –
- Internet Banking
In 2001, RBI had issued guidelines for Internet Banking vide notification DBOD.COMP.BC.No.130/ 07.03.23/ 2000-01, which deals with the technology and security issues, legal issues, and regulatory and supervisory issues in Internet Banking.
- Mobile Banking
The RBI notified comprehensive guidelines regulating Mobile Banking vide circular DPSS.CO.PD.MobileBanking.No./2/02.23.001/2016-2017 dated 01.07.2016. The given circular defines mobile banking as “undertaking banking transactions using mobile phones by bank customers that involve accessing / credit / debit to their accounts.”
It allows licensed banks, which has branch in India, to offer mobile banking services after getting an approval from the Department of Payment & Settlement Systems, RBI. RBI does not impose any maximum cap limit on mobile banking and allows discretion of banks in this regard. The circular also lays down an illustrative framework for technology and security standards to be maintained by banks as mentioned in Annexure II of the guidelines.
For regulating ATMs, RBI has issued its master circular UBD.LS (PCB) MC.No.14/07.01.00/2009-10 in 2009. This circular seeks to regulate Area of Operation, Branch Authorisation Policy, Extension Counters, ATMs and Change in structure of Offices. Further, to monitor the availability of cash in ATMs, RBI has issued a notification, DCM (RMMT)No.S153/11.01.01/2021-22, dated 10.08.2021.
- Prepaid Payment Instruments (PPI)
In this fast-moving world, user convenience and seamlessness is shifting everything to Digitalization. Therefore, RBI in order to further the aim of making India a cashless economy introduced these Prepaid Payment Instruments (PPIs) vide its Master Directions on Issuance and Operation of Prepaid Payment Instruments, 2017.
The Prepaid payment instruments can be understood as instrument that allows purchase or transfer of funds against the value that is already stored in the said instrument. Smart cards, magnetic stripe cards, internet accounts, internet wallets, mobile accounts, mobile wallets, and any other payment instrument that has a prepaid amount loaded to it can be considered as prepaid instruments.
ROLES AND RESPONSIBILITIES OF ENTITIES OF DIGITAL PAYMENT SYSTEM
A. Reserve Bank of India (RBI)
The RBI is the central authority in India for operating and overseeing functioning of the payment system in India. Therefore, being the central authority, it has the onus of driving the banking sector in India. It is responsible for safe, secure, sound, efficient, accessible, and authorized payment systems in the country.
That, in view of the PSS Act, the RBI is entrusted with authorising, refusing, or revoking authorisation to payment system provider in India. It plays a crucial role in regulating the digital payment system in India.
In absence of any dedicated legislation to digital payment system in India, the circulars and notification issued by RBI from time to time becomes the regulatory framework and guiding factor for system providers.
B. National Payment Corporation of India (NPCI)
The National Payment Corporation of India (NPCI) is a combined initiative of RBI and Indian Bank’s Association (IBA) to operate the retail payments and settlement system in India. The NPCI was founded under the PSS Act and it was incorporated as a ‘not for profit’ company under Section 8 of the Companies Act 2013.
The NPCI is responsible for facilitating an affordable payment system that can help common people during financial inclusion. It offers various products and platforms such as UPI, RuPay, BHIM, NACH, IMPS, CTS, NETC etc., for safe and secure digital transactions.
NPCI is responsible to set up and manage new payment system in the country especially in the retail sector. Therefore, it is indulged in constantly developing new standards and technologies, which can monitor national and international issues. Further, NPCI is responsible for promoting developmental activities such as, enhancing awareness among people regarding payment system, using consumer friendly practices.
It is also responsible for clearing and settlement systems, monitoring retail payment system developments, identifying certain risks related to settlement, liquidity, credit, and managing them so that the integrity of the system can be maintained and the associated risks, damages, and frauds can be minimized to preserve the economy as a whole.
C. New Umbrella Entity
That as stated earlier since, the digital transactions in India are increasing at a steep rate, it is becoming riskier to rely on only one entity to process such transactions. Therefore, the RBI considering the risks associated with digital means, has recently laid down Draft framework for authorisation of a pan-India New Umbrella Entity (NUE) for Retail Payment Systems.
NUE will be responsible for setting new payment systems, monitor the payment systems, operate clearing and settlement system, and frame rules and regulations to strengthen the retail payments ecosystem in the country. In contrast to NPCI, NUE may opt to be a ‘for-profit’ company.
D. Payment Service Providers (PSPs)
Payment Service Providers (PSPs) are the entities that provide front end applications to the customers for payment and must be authorized by RBI for mobile banking services. They are regulated by the RBI vide The Banking Regulation Act 1949. Regardless of the bank where the account is, the customer has the freedom to choose which application to download and use.
The PSPs are responsible for the following –
- To ensure data security and integrity even when the Technology Service Provider is outsourced. Therefore, PSPs must observe due diligence while deciding upon a TSP to deal with sensitive customer data.
- It will be responsible for verifying the first step of authentication, i.e. customer credentials, including fingerprints or any other information. After the validation, the PSP shall allow the customer to use UPI services.
- It is responsible for verifying the first step of authentication, i.e. customer credentials, including fingerprints or any other information.
- To ensure that, the operating infrastructure of the application shall be functional at all times. The providers shall keep the system upgraded according to the regulations at that time and adopt data security standards as specified by the NPCI.
E. Technology Service Providers (TSPs)
The Technology Service Providers (TSPs) are the entities that provide technological framework to the payment system providers, enabling them to provide payment services in India.
The TSPs is responsible for the following–
- It shall ensure that all transactions should comply with the specified message formats.
- It is required to provide a report on the state of operations, which shall include a description of the internal control system and its deficiencies.
- It shall ensure around the clock connectivity with 99.9% of uptime.
- It shall comply with the data integrity laws applicable in India and along with it they must also comply with any and every guideline or regulation issued by the NPCI and the RBI.
BENEFITS AND CHALLENGES OF DIGITAL PAYMENT SYSTEM
- Unlike cash transaction, digital payments can be made irrespective of the location and time, i.e., round the clock and throughout the year, all it needs is good internet connectivity and electronic device.
- Digital payment system offers a wide range of services to customers. A customer can check bank balance, deposit and withdraw, make payments without being required to go to bank. This ensures that the customer has better control over his/her account and can avail services at his/her convenience.
- Mandating cashless transactions helps in keeping track of flow of transaction from one account to another, which in turn helps the enforcement agencies keeping a track on money laundering cases.
- In India, currently there is no dedicated legal framework which provides the guidelines as to how to protect the interest of the user who has been defrauded and made online transaction, or to deal with situations of unauthorised digital payments.
- That, with the advent of UPI and third party payment applications, there are growing competition law concerns. In FY 2019-20 alone, the UPI transactions in India grew tremendously at the compounded annual growth rate (CAGR) of 414% [The Indian Payments Handbook 2020-2025, PWC India]. Though the rate has declined owing to Covid-19 pandemic, it is expected to grow exponentially in coming years. Given the potential market and business opportunity UPI apps offer in India, the companies have an incentive to capture and monopolise the market.
India is witnessing an exponential growth in the use of digital payment system in India and the growing reliance of customer on digital payment system calls for adequate legal framework. While the PSS Act had been enacted with the intention of regulating payment systems in India, it mainly deals with regulatory oversight and there still remains a lacuna for dealing with consumer protection, promotion of competition, and innovation.
At present, the framework for maintaining confidentiality of data of user is regulated by the RBI guidelines and by the Information Technology Act, 2000 (“IT Act”). However, the IT Act is a generic legislation and given the increase in digital payment and to achieve the agenda of becoming a cashless society, a dedicated law is required to protect the customers.
Therefore, RBI as the central authority responsible for handling the payment systems in India has introduced Master Direction on Digital Payment Security Controls vide notification DoS.CO.CSITE.SEC.No.1852/31.01.015/2020-21 dated 18.02.2021, with the agenda of providing a robust framework and minimum standard of security to be maintained for digital payments in India.
In the next blog we attempt to discuss about the Master Direction on Digital Payment Security Controls and how it will help in maintaining and improving the security standards for digital payment system providers in India, which in turn will help in achieving the objective of cashless society in future.
– Team AMLEGALS assisted by Ms. Tanish Gupta (Intern)
For any query or feedback, please feel free to get in touch with firstname.lastname@example.org or email@example.com.