NPCI allays Paytm's fears, says WhatsApp Pay still an experiment

NPCI, however, stays silent on the key issue of two-factor authentication; sources, however, claim that WhatsApp will play by rules

In an effort to cool flying tempers in the Indian fintech world over the proposed entry of WhatsApp in the digital payments space, the National Payments Corporation of India (NPCI) has said that WhatsApp Pay was still in testing stage and the final product would follow set guidelines.

Waging an all-out war against WhatsApp Pay, mobile wallet major Paytm’s founder Vijay Shekhar Sharma has alleged that Facebook, which owns WhatsApp, was killing the “open UPI system with its custom close garden implementation”. 

Sharma had said that the chat major was not following the mandatory two-factor authentication process to make online and mobile payments safe, as it does not require any password to enter the app. The move might put users at risk when they integrate their WhatsApp with bank accounts.

The NCPI said on Friday that it had given its consent for the roll-out of WhatsApp BHIM UPI beta with limited user base of a million and low per transaction limit. “Four banks will join the multi-bank BHIM UPI model in phases (in the coming weeks) and the full-feature product shall be released after the beta test is successful. Multi-bank model offers advantages such as transaction load distribution between banks and helps integrate popular apps easily with BHIM UPI,” it said in a statement.

It further said that broad principles for interoperability like ability to send and receive money through any BHIM UPI ID, intent and collect call and read and generate BHIM/Bharat QR code are required in a final BHIM UPI app. “Only BHIM UPI-enabled apps that fulfill such principles will be permissible for full-scale public launch. We work towards providing seamless experience to users of BHIM UPI platform and recognise the contribution of member banks and non-bank entities to reach to this level,” the NPCI said.

In the official statement, however, it did not talk about whether or not WhatsApp Pay would have two-factor authentication and whether it would send SMS alerts on every transaction. Paytm, reacting to the statement, pointed this out. 

“We welcome this statement by the NPCI. It addresses the concerns of interoperability violation that we had raised. It also clarifies that the trial has been restricted to a million users, though we feel that a product with the stated violations could have been tried out amongst a much smaller base. We are still concerned that this statement is silent on the critical issue of safety of a financial transaction through UPI, where consumers need to mandatorily sign-in with a username and password. This violation is fundamental and very serious. WhatsApp must implement login and password like all other BHIM UPI apps. This statement is also silent on other issues such as the requirement to send SMS notifications for every UPI transaction,” it said. 

Sources at the NPCI, however, said that all these guidelines would be followed in the final product. 

Sharma had told Business Standard on Thursday that Facebook was one of the most evil companies in the world. “They earlier tried to dupe the country with what they called was free internet. Now they are flouting all guidelines and rules and bringing out an app that does not need three-step authentication to make online and mobile payments,” Sharma had said.

Paytm’s concerns

 

• Paytm still concerned that NPCI statement was silent on the critical issue of safety of a financial transaction through UPI, where consumers need to mandatorily sign-in with a username and password

• Says this violation is fundamental and very serious

• Paytm says statement also silent on other issues such as the requirement to send SMS notifications for every UPI transaction

• Says though the trial has been restricted to a million users, it feels that a product with the stated violations could have been tried out amongst a much smaller base