(a) to (d): - The RBI, under the Payment and Settlement Systems Act, 2007, has authorised payment system operators for providing various payment services, including e-wallet.
- Under section 4, the RBI authorises various types of payment systems, including wallets. Also, under specific provisions of the Act, RBI has the powers to set standards and issue directions / guidelines to various payment system operators. For instance, RBI has issued guidelines / directions / circulars regarding safety, security, risk mitigation measures, etc. All the authorised payment system operators are required to get the system audit done from a CISA/DISA qualified auditor on an annual basis. RBI has vide circular RBI/2016-17/178, DPSS.CO.OSD.No.1485/06.08.005/2016-17 dated 9th December 2016 advised all Prepaid Payment Instrument Issuers, System Providers, System Participants and all other Prospective Prepaid Payment Instrument Issuers to carry out a special audit by the empanelled auditors of Indian Computer Emergency Response Team (CERT-In) on a priority basis and take immediate steps thereafter to comply with the findings of the audit report. The non-banks which are authorised to issue prepaid payment instruments, including wallets, are required to maintain their outstanding balance in an escrow account with any scheduled commercial bank.
- The Information Technology (IT) Act, 2000 provides legal framework for data security breach. Section 43, section 43A, section 72 and section 72A of the IT Act, 2000 provides for privacy and security of data in digital form. The act also provides for certain due diligence to be followed by intermediaries including publishing their terms and conditions, privacy policy, user agreement. The rules made under the IT Act also cover appointing a grievance officer, procedure for reporting and redressal of complaints including the timelines etc.
(e): Currently there is no proposal with the Government to amend the IT Act, 2000.
********
Download PDF Files
