The government has released a set of guidelines for wallet firms in a move that seeks to make transactions through ewallets safer and strengthen the grievance redressal mechanism for consumers. The rules mandate that each prepaid payment instruments (PPI) company or wallet firm will have a privacy policy posted on its website. It will also have to appoint a chief grievance officer, the contact details of whom will have to be prominently displayed on the website. The grievance officer will have to “act upon” any complaint within 36 hours and “close” it in a month’s time. The draft also mandates that companies have enough safeguards in place to avoid any hacking attacks and if there is one, it is to be swiftly reported to the government agencies. The guidelines say that the personal information of the customers will be treated under Section 72A of the Information Technology Act, and the financial data of the customer shall be deemed to be sensitive personal data under the “Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and every e-PPI issuer shall maintain and implement the practices and procedures prescribed in those rules.” Every wallet shall ensure that end-to-end encryption is applied to safeguard the data exchanged and shall retain data relating to electronic payments only till necessary.

(Economic Times)