On Friday, the Reserve Bank of India (RBI) issued a notification that said that several foreign entities were ignoring its regulations on credit-card transactions, as well as possibly violating the Foreign Exchange Management Act, or Fema. The RBI said that by October 31, these service providers had better shape up. The note was strongly worded, saying that payments were "camouflaging and flouting extant instructions on card security". The primary target of this notification appears to be the taxi service provider Uber. The company allows users to download an application to their smartphones that puts them in touch with an authorised cab driver in their locality; after the ride, they pay the driver with a single touch of the application, which charges their credit card. This greatly eases the process of taking a taxi, and it is unsurprising that Uber is an $18-billion business. It operates in 44 countries. It is in India that its payment method is being questioned for the first time.
The RBI, a few years ago, moved online card payments to a "two-step" authentication system. This requires the user of a card to input a password in addition to other, more standard, safety requirements. It is this that Uber - and by extension some other foreign companies, such as Google - are being accused of "camouflaging and flouting". Uber's payment gateways are not in India, so it is not subject to the two-step requirement; however, its gateways then funnel payment to a service provider - the driver - in India. Even so, however, the RBI's action does look like it will unnecessarily shut down a useful innovation and a good business. Two-step authentication, in any case, often relies on "one-time passwords" sent to a user's registered phone. In other words, the additional security is provided by the card-user's possession of her registered phone. But if the user is taking an Uber, she necessarily has her phone anyway - making the requirement for two-step authentication redundant in such cases.
The RBI should indeed step in to protect consumers from fraud. That is its duty. But well-intentioned regulation should still be examined to see if it in fact makes people better or worse off. In this case, the RBI may not have kept consumers' interests in mind. Regulation of the online transfer of small sums - most taxi rides are well below Rs 500 - should be minimal, in order to spur innovation and growth, as well as to benefit consumers. In general, this intervention shares the clumsiness of the Indian state's various attempts to regulate the internet - sadly, it has usually proven itself to be a few steps behind technological progress in this arena. The RBI should step back from micro-regulation, and instead define broad consumer-protection rules that payment gateways can follow. Safety and security are important - but by making players more responsible, by increasing enforcement, and by creating a graded and value-based approvals system, these concerns can be addressed more effectively.
