RBI guidelines: How your mobile wallet will work under the new rules

Shilpa Mankar Ahluwalia, partner, Shardul Amarchand Mangaldas, decodes the implications of the rules

What are the two key changes in the guidelines that will impact existing and new users?

Transaction limits and inter-operability are probably the two big changes to your wallet. Until last week, you could create a wallet within minutes by providing your name and mobile number. This wallet could then be used for transactions up to Rs 20,000 per month, including transfer of wallet funds to your bank account. These “limited KYC” wallets constitute a majority of the wallets that are in use today. The new PPI guidelines now mandate movement to a “full KYC” framework. As an existing user, your “limited KYC” monthly transaction cap has been reduced from Rs 20,000 to Rs 10,000. You can continue to use your wallet, but cannot load amounts beyond Rs 10,000, and can no longer transfer money out of your wallet to your bank account, until you become a “full KYC” user. In addition to your name and mobile number, you will also need to provide an ID number (Aadhaar card or driver’s license) to create a wallet. 

Can existing users continue to use the wallet as before?

To be able to continue to use your wallet as before, you will need to convert to a full KYC PPI. As a full KYC user, you can transact up to Rs 1 lakh (per month) and once the inter-operability infrastructure is in place, you will also be able to transfer money from your wallet to other wallets and payee bank accounts.

What do the rules on interoperability mean for end users?

The new guidelines take a giant step towards interoperability. Until now, you could transfer funds on your wallet to your bank account, to wallets issued by the same issuer but not to other wallets. Over the next six months, all wallets (across different issuers) will become wallet-wallet interoperable and eventually wallet-bank account interoperable (via the UPI infrastructure). 

What is 2FA and will it change the way I use my wallet? 

A big plus of the wallet has been ease of usage — simple to set up with a one-click payment feature. The new guidelines refer to a 2FA (two-factor authorisation) requirement for “successive payment transactions” and for all “card” payments. The 2FA is a second layer of verification, as is required for all credit card payments today. Applying 2FA across all wallet transactions is not ideal, and would affect the “wallet experience”. It is unclear whether the intent is to apply 2FA for all wallet payments. 

Can a wallet be used to buy financial products and services?

The new guidelines clearly provide that wallets may be used to purchase financial goods and services (securities, mutual funds, insurance). The next step will be for the RBI to permit dividend and other financial income to be credited to the wallet (the current regulations are unclear on this point). Given that all wallets have to be fully KYC compliant within 12 months from issue, there is tremendous potential for the wallet to evolve from principally a payment instrument to a platform for distribution of a wider set of financial goods.

Do the rules treat bank and non-bank issuers on a par?

Bank and non-bank operators have historically not had a level-playing field when it came to issue and operation of wallets. “Open” wallets that permitted cash out were only permitted for a bank, which continues to be the case. However, the new rules on inter-operability allowing non-bank issuer access to UPI (the payment platform operated by the NPCI) that allows for immediate fund transfers is a big equaliser. Cross-border payments have been permitted only for bank-issued wallets, given the foreign exchange implications.  

What are the security/data protection implications of the guidelines from a user point of view?

As a wallet user, you can now put in place systems to set individual limits for the number and value of payments for certain types of transactions or to certain beneficiaries — a useful tool that will help curb fraudulent transactions. There will be a limit to the number of beneficiaries (for funds transfer) you can add in a day. The norms also require a “cooling period” between opening or loading a wallet, adding a beneficiary and making a fund transfer. What this means is that you cannot make an immediate fund transfer to a new beneficiary. No minimum cooling period has been prescribed and it seems that operators can set their own limits. While this will to some extent help with fraud control, it is inconvenient. A practical alternative could have been to make the “cooling period” applicable only to payments above a certain value.