Online payment and receipt of money is essential for the successful establishment of a digital society. In a digital economy payments are managed in an online environment with minimum human interaction. At the same time digital currency management requires compliance with certain techno legal requirements that include compliance with cyber law, e-commerce law, foreign exchange management and export and import regulations. An online payment platform is also required to be made secure from cyber attacks and cyber crimes that are very common these days.
Take the example of the recent Bangladesh bank cyber heist that costed the bank great amount of money. While Bangladesh is blaming the SWIFT for this loss yet SWIFT has pointed that this happened due to inadequate cyber security on the part of the bank. Only a detailed cyber forensics and cyber crime investigation report can ascertain the truth in this regard.
Unfortunately, banks across the world are vulnerable to malware and sophisticated cyber attacks. Even Indian banks lack cyber security infrastructure and this has made them vulnerable to sophisticated cyber attacks. Additionally zero day vulnerabilities are there that cannot be detected in advance in all cases. In some cases such zero day vulnerabilities are detected after many years of compromise of the computer systems. Cyber security of banks in India is not at all satisfactory and bank related cyber crimes and financial frauds are increasing in India. Even the decision of Reserve Bank of India (RBI) to establish an IT subsidiary to manage cyber security related issues of banks in India has failed to materialise. As a result the cyber security due diligence and cyber law due diligence (pdf) are not complied with by banks operating in India.
India has launched projects like Digital India and Aadhaar. These projects collect sensitive and personal information and data of the netizens and Indian citizens. Unfortunately, India has failed to enact dedicated cyber security laws, privacy laws and data protection laws (pdf) to safeguard the information and data collected from Indian citizens and people. In these circumstances, online payment companies and businesses of India must be very cautious in their online dealings and businesses in India. This is more so when the directors of Indian companies can be held liable for cyber law and cyber security related non compliances in India. As on date most of the directors are not complying with cyber law and cyber security related legal obligations.
In some cases the business model itself is legally questionable. For instance, recently a panel has been formed by the Competition Commission of India (CCI) that is studying the cashback model being used by online payment platforms, e-commerce companies and also several banks. This would include cashbacks given by online payment platforms like Paytm and Mobikwik. The CCI is ascertaining whether the cashback incentives offered by digital wallets and e-tailers on recharges, bill payments or purchase of other products constitute predatory pricing. Further, such cash backs may also violate the norms recently formulated under the FDI policy of India for e-commerce industry of India.
Online payment legal compliances in India are diverse and complicated in nature. For instance although mobile payment market in India is booming yet regulatory compliance are ignored by various stakeholders. There are handful of e-commerce players and entrepreneurs that are complying with cyber law due diligence requirements of Indian laws. The payment gateway and POS terminal services cyber law due diligence In India is also ignored by businesses and entrepreneurs.
Mobile cyber security in India is another area of concern. We at Perry4Law Organisation (P4LO) believe that the biggest hurdles before the mobile related uses in India pertain to use of weak encryption standards and non use of mobile cyber security mechanisms in India. Absence of encryption laws in India has further made the mobile security very weak in India. The ever evolving mobile malware are further increasing the woes of mobile users’ world wide. As on date the malware are defeating cyber security products and services with ease.
It would be relevant to mention that cyber security issues of e-commerce business in India must be managed by both e-commerce entrepreneurs and Indian government. For instance, healthcare related e-commerce platforms and businesses need to make their cyber security infrastructure robust and resilient. Similarly telemedicine and online pharmacies must also comply with techno legal regulations along with making their websites cyber secure. Use of crypto currency like Bitcoin is another area that needs regulatory clarification from RBI and Indian government.
If Indian government really wants Digital India and online payment system to be successful, it must think out of the box and use novel methods that are techno legal in nature. Similarly, businesses houses and entrepreneurs dealing with financial business ventures in general and online payment system in particular must comply with techno legal requirements of Indian laws. Perry4Law Law Firm wishes all the best to Indian government and online payment entrepreneurs for their initiatives, ventures and projects.