While digital payments are largely a success story in India, there are some issues which demand immediate attention.
The Bengaluru-based Smahi Foundation of Policy and Research has published a report on India’s digital payment sector and the revolution which changed the transaction system in the country.
As per Smahi, which is a non-profit organization, Indiastack—such as Aadhar, UPI, e-KYC, and e-signature, is paving the way for a massive world-leading “Digital Payments Revolution”.
The entry of well-funded and aggressive technology-first enterprises (which were formerly dominated by banks) has made digital payments commonplace in India, laying a strong basis for digitalization and cross-selling of other financial services and products.
The report also highlights the concerns related to digital payments in the country.
The report noted that during the novel coronavirus pandemic, the exponential surge in UPI (Unified Payments Interface) transactions put the underlying infrastructure of banks and TPAPs (Third Party Application Providers) under tremendous strain.
Banks and digital payment systems have recently approached the Indian government, requesting reconsideration of the MDR (Merchant Discount Rate) on online transactions made via UPI and RuPay debit cards that was eliminated in 2019, to create a level playing field.
The MDR was removed to incentivize small merchants to adopt digital payment methods.
The report said: “The waiver of MDR on UPI, which allowed for monetisation of volumes on these channels for banks and FinTech companies, has disincentivized players especially the legacy public sector banks- to upgrade systems and adopt new servers.”
Even transaction failure rates have risen from less than two banks reporting transaction decline rates of less than 3 per cent before June 2020 to over ten banks reporting failure rates of more than 3 per cent.
The report added that four lakh UPI transactions can be halted by a one-hour technical downtime.
For example, in 2020, the State Bank of India, HDFC and ICICI had a total of 85 outages, while SBI, which accounts for 26 per cent of all UPI transactions, had a technical decline rate of around 9 per cent, which was higher than the permissible limit of 1 per cent.
In comparison to the industry average of 17 per 1 lakh transactions, Paytm Payments Bank has the lowest UPI failure rate, with a transaction drop ratio of 0.8 for every 1 lakh transactions.
However, the Indian government is planning a Payments Infrastructure Development Fund (PIDF), which will benefit merchants that provide important services in tier 3-6 cities but will not assist banks in upgrading their technology for UPI.
According to the report, the elimination of MDR on RuPay debit cards has rendered it unprofitable for banks, which receive nothing for processing transactions.
It explained that “every transaction at an ATM costs the bank about Rs 20. The same transaction on a card swiping machine means revenue to the bank”.
RuPay cards are now either obsolete or only used for ATM transactions, with little utility for online transactions, added the report.
The NPCI (National Payments Corporation of India) recently decided to restrict gaming transactions on the UPI network that are smaller than Rs 50.
With the start of the IPL season in April 2021, gaming traffic climbed rapidly during matches and that too in bursts, resulting in a large number of very low-ticket transactions, often as little as Re 1 to Rs 10, putting a strain on the UPI network and bank systems.
“While blocking transactions for a set of merchants within a category or a particular merchant is technically possible for NPCI, it does not set the right precedence and it seems as if the NPCI is penalizing businesses for its own lack of infrastructure,” added Smahi Foundation’s report.
However, in terms of digital payments, the other concerning issue is cybersecurity, specifically phishing attacks.
Authentication and non-repudiation are two security concerns raised by digital payment.
As per cybersecurity experts, China is known to have one of the world's largest cyber squads focused on geopolitical goals.
While the United States, Australia and Hong Kong have all been targeted, the Computer Emergency Response Team (CERT-In) in India has warned that the Ladakh standoff is posing a similar threat to the country.
According to the report: “China can launch cyber-attacks to deface government websites, increase phishing campaigns as well as perform Distributed Denial of Service (DDoS) attacks, to paralyse critical infrastructure.”
There have recently been reports of North Korean cybercriminals claiming to have 2 million Indian citizen/individual email IDs.
As per separate reports, the data of over 10 crore credit and debit cardholders in the country is being sold on Dark Web, for an undisclosed sum using the cryptocurrency Bitcoin.
A hijacked server of Bengaluru-based digital payments platform Juspay led to the dumping of data on the Dark Web.
The Reserve Bank of India has taken many steps to improve the security of card and online transactions, which has aided in the reduction of card-related fraud in India.
It includes mandating the issue and use of only EMV chip and PIN-based cards, as well as OTP for all domestic online or Card Not Present (CNP) transactions, PIN-based authentication, sending alerts to cardholders and IFSC code bases transaction.
“RBI plans to introduce Digital Payment Security Control directions for regulated entities to improve the security of digital payment channels and also convenience for users,” the report noted.
Additionally, there has been an increase in the number of online lending apps that break numerous lending rules and deceive naïve consumers with misleading information and inadequate disclaimers.
The instant loan apps, which are also available in Google Play Store, have made the most of the policy loopholes.
The report highlighted the fact that “there are reports that most of these apps have origins in China, from where they are handled but run locally on the ground.”
“Users’ data is stored on Chinese clouds such as Alibaba or Baidu,” it said.
“The structure tends to have multiple shell entities, multiple lending companies/ apps with dummy directors, which makes it difficult to track the complex money trail,” the report added.
Reportedly 90 per cent of these loan apps have fake physical addresses.
Uninformed or misinformed consumers are enticed by the cheap availability of bite-sized loans (ranging from Rs 3,000 to Rs 10,000) while they are struggling with personal finances, especially during the pandemic.
Though app-based lending began in 2019, it was not until April 2020 that it truly took off, after many people who lost their jobs as a result of the lockdown were compelled to borrow.
It was also found that “the collection methods are abusive and high-handed, including blackmail and calling up other contacts and harassing them.”
Unfortunately, some humiliated debtors have committed suicide as a result of their inability to escape the debt trap.
According to Smahi Foundation: “Some FinTech firms provide checkout financing of a BNPL [Buy Now Pay Later] option while shopping. Although this service is technically a loan, these are not registered lenders and they position themselves as payment services.”
It suggested that “It is a grey area and the consumers must read their terms and conditions before availing the facility.”