WhatsApp Payments ‘Not Secure’, Against UPI’s Interoperability Spirit

WhatsApp Payments ‘Not Secure’, Against UPI’s Interoperability Spirit

WhatsApp payments rollout started in India earlier this month and though the feature hasn’t even become available to all users yet, it has sparked a debate in the country’s digital payments community. WhatsApp payments are built on top of UPI, a layer that greatly simplifies interoperability between various banks, and questions are now being asked if the Facebook-owned messaging app is living up to the spirit of interoperability behind the UPI. Paytm, which operates the largest digital wallet in India, is one of the competitors to WhatsApp in payments, introduced its own UPI payments feature recently. Paytm CEO Vijay Shekhar Sharma said that Facebook with WhatsApp payments Facebook is “killing beautiful open UPI system with its custom close garden implementation.”

Sharma tweeted this on Wednesday and from there, the narrative online quickly shifted to Paytm being against “foreign” companies, though Sharma later clarified that his tweets were not about a foreign company, but rather about NPCI lettings WhatsApp integrate UPI payments without needing to incorporate safeguards other payments apps had to integrate. NPCI is a private entity run by a consortium of banks, which operates UPI and a bunch of other financial products, and acts as a quasi-regulator for the payments industry. In a televised interview, Sharma further went on to say that Facebook and WhatsApp are evil, although a Paytm representative later stressed that he was not talking in the context of the UPI, and that the statement was being blown out of proportion.

Read more   ↓
Loading...

To understand more, Gadgets 360 reached out to Sharma and Paytm – while he wasn’t available, the company connected us to Deepak Abbot, Senior Vice President at Paytm, to give a detailed account of the company’s objections to WhatsApp’s payments implementation.

“I want to stress that this is not Paytm versus WhatsApp, this is not India versus foreign,” were the first words from Abbot, who explained that as far as Paytm was concerned, the issue was that the NPCI had allowed WhatsApp to add UPI features without requiring it to conform to the same rules as other apps, including Paytm. Gadgets 360 has also reached out to the NPCI to get its views on this question, and will update this piece once it replies.

paytm bhim big

“All apps so far had to adhere to a process by the NPCI, to create a smooth, interoperable experience that is not being required of WhatsApp,” Abbot said. “NPCI requires an app password, so unless you log in no one can check your account, you should be able to log out. Now you still have the MPIN to complete the transaction but with just one factor now someone can make payments. You can’t even log out. So that is not secure, and that is why all apps were supposed to have passwords.”

“Every app has a four to six week NPCI audit process, they certify the app. In the garb of UX and UI, it’s being packaged as WhatsApp to WhatsApp payments,” he continued. “A Paytm user can’t send money to a WhatsApp user. The NPCI needs to look at this, they are locking the consumer.”

This isn’t exactly correct though. In our testing, we were able to send money from Paytm to the VPA (virtual private address) a WhatsApp user found under Settings. Although WhatsApp is geared to make it easier to send and receive money between its users, it’s not impossible to use it to send money or receive it from people who are not on the app. Further, the interoperability between banks is maintained – as long as your bank is on the UPI, it’ll work with WhatsApp. However, WhatsApp on iPhone currently doesn’t let you send money to any VPA of your choice, something other UPI-based apps support.

Abbot agreed with this, but said that it goes against the spirit of interoperability. “I should be able to send money to anyone, regardless of the app they’re using,” he said, “and the way they’ve designed it is highly hidden and you know users don’t discover features that are buried behind menus.”

He also rejected the argument that WhatsApp’s UPI rollout was still a beta. “Beta should be invite only, the company controls who gets access, but if I’m on WhatsApp I can enrol everyone I know,” he said. “Such a long period for beta also gives them an undue advantage.”

“Why when we had to conform to all the different rules does WhatsApp get to pick and choose? Everyone should be on the same level,” said Abbot. He added that WhatsApp must immediately bring all the UPI features that other UPI apps have been required to support. When asked whether it would be better if all apps could use the features they needed, he said that until all players are offering the same features, it would not be right to change the requirements.

At the same time, Abbot isn’t in favour of increased regulatory oversight. “We all believe the NPCI has built a great product, and take them as a regulator, and of course the RBI is there as the final regulator,” he said.

To that end, Paytm plans to take its issues to the NPCI to try and ensure change. Once again, Abbot stressed that this is not a case of Paytm versus WhatsApp. “We will encourage NPCI to get WhatsApp to adhere to the requirements,” he said. However, on being asked whether Paytm is working with other UPI companies, such as PhonePe, or Google Tez, he said, “no, we will go to NPCI directly.”

Update: Gadgets 360 has received a statement from the NPCI where it has clarified its position on this matter. The NPCI has stressed that this is a trial run, and that WhatsApp will have to follow all the different UPI norms. You can read the statement below.

Source by:-ndtv

Share:

Loading...