Soon your e-wallet transaction will be protected against any leak of consumer information and loss of money. To safeguard consumer interest, the government is drafting rules for e-wallet transactions.

The move comes in the wake of a surge in phone electronic payments following the demonetisation of high value currency by the government in November 2016.

"The IT Ministry is working on a legal framework that will define the liabilities and obligations of payment companies," a highly placed source in the ministry told The Statesman, adding the draft is in the final stage. "This will establish the rights and liabilities of the customers as well as the e-wallet companies," he said. As of now, there are no prescribed security standards under the existing law which puts customers' financial data at risk. The liabilities for loss are also missing.

This could serve to prevent incidents of security breach like Hitachi in which personal data of over 32 lakh consumers was compromised. The new rules for e-wallets will be implemented by the Electronics, Information and Technology Ministry.

"It will be ready in a month and will then be put up for public consultation," sources in the ministry said.

The onus of providing security to e-transactions will lie with e-wallet services companies like Paytm, Freecharge and Mobikwik. The companies will have to provide graded levels of security in the proposed framework which will be different from the system currently being used by them, sources in the IT Ministry said.

The companies and their vendors will have to get their security apparatus audited on an annual basis, sources said.  In case of any lapse, the security auditor will also be held responsible along with others.

Though the wallet companies assure their customers of the highest standards in their terms and conditions, in the absence of proper laws, there is no way to verify their claims. The IT Act allows private contracts to set the standards.
The Act provides for three years of imprisonment for offenders in the cases of hacking where personal information of the customer gets leaked. The government is also thinking of making the current provisions more stringent. This will, however, require amendment in  the IT Act, said a senior official in the ministry. The existing penalties date back to year 2000. But much has changed in terms of technological advancements and popularity of cashless instruments since when the IT rules were framed in 2000, point out experts.

According to the government officials involved in the drafting of the rules, "The idea behind framing new rules for e-wallets is that companies should be able to detect the attack. So that they can take action, minimize the damage and continue operations other than taking penal action against the perpetrators. But you can't prevent incidents like Hitachi."