The legal framework for e-payments in India and the challenges it faces


Electronic monetary transactions and mobile wallets have been at the centre stage since the government's announcement on demonetisation. From the Aadhaar enrolment, Jan Dhan Yojana for financial inclusion, mobile wallets, the rolling out of payment banks and the introduction of the Universal Payments Interface, we have been making slow but steady progress in building a strong digital payments framework in India.

With the government now aggressively promoting digital payments, fin-tech players and mobile wallet companies are riding this massive business opportunity that has emerged due to the state-sponsored 'war on cash'.


With recent reports claiming that the total transaction volumes of Paytm (7 million transactions of Rs 140 crore a day) has recently exceeded that of all the plastic cards issued in the country, we may well be riding the next wave of transformation in digital payments in India. Its popularity with the younger, tech-savvy population has a lot to do with the ease of accessibility and convenience it offers, vis-à-vis the traditional forms of processing payments such as through banks.

A mobile wallet is a payment service that enables users to make payments to merchants (both e-commerce and brick and mortar) for utility bills, book tickets, transfer money and other such transactions. A mobile wallet essentially holds a 'balance' (like a pre-paid mobile recharge card) that can be topped up from time to time, and used to make payments. The prevailing regulatory framework provides for three types of mobile wallets:

Closed Wallet: A closed wallet is issued by a company to its consumer for exclusive use. It is outside the purview of the licensing regime for mobile wallets and payment instruments as it is essentially an arrangement between a customer and a company (such as Flipkart or Amazon) while returning/exchanging any products purchased and typically credited to the customer's account with the company.


Semi-Closed Wallet: A semi-closed wallet is used to make payments at clearly identified merchant locations or even for the wallet's own digital goods and services. Paytm, FreeCharge and MobiKwik are good examples of this category. One can use a semi-closed wallet like Paytm to pay for recharges on the Paytm app, or to pay for a ride on Uber.

Open Wallet: Open wallets are the ones that allow you to buy goods and services, withdraw cash at ATMs or banks and transfer funds. These services can only be provided by a bank, according to Reserve Bank of India (RBI) norms. However, in practice, they have not taken off as they are equivalent to bank accounts.

Regulatory framework


The Payment and Settlement Systems Act, 2007 is the nodal legislation for the regulation of payment systems in India and empowers the RBI to regulate and supervise these systems. Only entities licensed under the Act can issue their own mobile wallet and engage in the mobile wallet business. Besides the Act, the RBI issued a Master Circular in July 2016 setting out the policy framework for issuance and operation of pre-paid payment instruments (PPIs) as well as the regulation of the payment systems providers/operators.

Due Diligence and other conditions: The emphasis is on ensuring development of this segment of the payment and settlement systems in a prudent and customer friendly manner with various eligibility criteria and other conditions to provide mobile wallet services. For instance, customer due diligence has been mandated for semi-open wallet services in the following manner:

– A limit of Rs 10,000 in a wallet can be issued to customers with just their contact details (name and mobile number). This limit has been temporarily raised to Rs 20,000 till 30 December 2016 to cope with the effects of demonetisation.


– PPIs for an amount of Rs 10,001 up to Rs 50,000 will be issued subject to production of valid identity and address proofs.

– The Know Your Customer (KYC) process followed by banks will be required for PPIs for amounts exceeding Rs 50,000 and this is capped at Rs 1,00,000.

Disclosure norms: All PPI issuers are subject to disclosure requirements for the protection of customers. These include:


– All important terms and conditions captured in clear and simple language (preferably in English, Hindi and the local language).

– All charges and fees associated with the use of the PPI.

– The expiry period and the terms relating to expiration of the PPI.


– The customer service telephone numbers and website URL.

Grievance Redressal: There has to be a system for customer complaint/grievance redressal with a clear escalation matrix. In the event a customer's concerns are not sufficiently addressed by the PPI issuer (if it is a bank), the customer may approach the Banking Ombudsman set up by the RBI for resolution of customer complaints in a time-bound manner.


Under the aegis of the RBI, the National Payments Corporation of India (NPCI) was incorporated in 2008 as a joint venture of banks to act as a cooperative to promote payment standards in India.

In line with its mandate, the NPCI has released several payments products to the market such as IMPS (Immediate Mobile Payments Service) and the UPI (Unified Payments Interface). Unlike mobile wallets, these products can be operated only through a bank account. It is expected that with the launch of payments banks, these platforms will ultimately score over mobile wallets in the long run.

The UPI is a revolutionary new payment mechanism that provides for a safe and secure manner of making a payment without sharing the bank account number or IFSC codes. This is possible through the generation of a Virtual Payment Address (VPA) that can be obtained by anyone with an account in a participating bank.

A VPA operates akin to an email id allowing for instant remittances. The 'Collect Transactions' feature also allows users to request money from each other and the remittance is effected on the approval of the payee. Another exciting feature of the UPI is app-portability. The UPI allows a participating bank's customers to use the application of any other bank while making their transactions. Since customers are not tied down to their bank's applications, this rewards the creation of intuitive user interfaces.


Intermediaries in the payment process: The payments sector operates through several intermediaries which create the front-end payments interface. There are instances where banks or other licensed entities enter into arrangements with the mobile app developers for compliance purposes. The app developers maintain the software and the IT systems but the transaction is ultimately routed through the licensed entity (read the bank/mobile wallet/the payment gateway). This increases the costs of doing business through commissions and forces payment companies to shell out more to facilitate access to their services by the consumer.

From a legal perspective, it also creates issues relating to indemnity and liability, data security and other contractual obligations among the parties. For example, PhonePe is a new UPI wallet app developed by Flipkart and 'powered' by YES Bank. In such scenarios, strong tripartite agreements or back-to-back commercial agreements have to be negotiated and finalised to protect the interests of all parties.

Data protection and security: While digital payments have been considered relatively safe, constantly evolving technologies and disruptive business models are a nightmare from a regulatory perspective, especially in dealing with sensitive financial information. The RBI has made attempts to reduce fraud by requiring banks to comply with chip and PIN EMV technology for debit and credit cards, PCI-DSS (payment card industry data security standards) requirements for incorporating minimum security standards for point-of-sale terminals.

However, these incremental measures have not managed to completely eradicate fraud and bring comfort to people's minds that such online transactions are safe and secure. Despite demonetisation, the mindset of "cash is king" still prevails over a significant part of the rural populace and people in the interior parts of the country, what with limited access to the Internet and smartphones.

With so much riding on the digital economy, there needs to be a strong law to deal with data protection, storage and transmission in India. The existing regulatory safeguards under the Information Technology Act, 2000 have to be revamped to protect the interests of all stakeholders, especially the new generation of consumers who may not be fully aware of proper data security practices.

In the context of demonetisation, digital payments have helped bring the unbanked and the informal sector to a limited extent into the financial system. For instance, a cab driver who would typically only accept cash and not have a bank account earlier is now on a mobile wallet platform used by the taxi aggregator.

With the RBI taking a pro-active role in facilitating the spread of digital payments throughout India and in making the process as frictionless as possible, digital payment companies are poised for a revolution in changing the way India transacts.

The author is a partner at law firm Advaya Legal.