Digital payments are largely one-sided click-wrap agreements that come with an absence of data, security and legal protection.
India was stirred and shaken on November 8. The jury is still out on whether demonetisation is a strong and bold step to counter black money and counterfeiting or an ill thought out measure that will cripple the economy. Broad consensus, however, favours the view that the government’s intention is definitely laudable but that the execution leaves much wanting.
Either through a lack of anticipation or preparedness, the entire demonetisation exercise was fraught with pitfalls. The government’s intent for a “cashless society” is apparent from the resonating rhetoric. When people saw red, the digital currency industry saw green and has left no stone un-turned in converting this unexpected opportunity into gold. However, in the present state of unpreparedness, leading the Indian populace towards the threat-infested cash-free environment is reminiscent of the pied piper’s parade making its mesmerised wade into the Weser river.
Currency, as a right
Currencies are in the inalienable and inviolable sovereign domain of nation-states for a reason. The trust factor that the national guarantee lends to currencies issued by nation-states primarily stands amongst such reasons. In the process of doing away with cash, alternatives – which would garner the same if not a higher level of trust – must be provided.
‘Digital currencies’ are being touted, as the next best thing to cash, if not better. Digital literacy, in particular with respect to digital currencies is, however, nil to negligible amongst the majority in India, which questions the sensibility of such advisories.
Legal shades of digital cash
“Digital currencies” applies equally to banking instruments including credit and debit cards and those promoted or floated by private entities, including digital wallets, which claim to be the messiahs of redemption. It also covers virtual currencies, including cryptocurrencies like bitcoins.
The distinction between the good old rupee note or coin and digital currency is the intervening contractual relationship, which in effect replaces the governmental guarantee extended by the sovereign-issued legal tender with the weaker contractual covenants. Apart from the additional charges that digital currencies entail, the larger price that the customer pays is the dilution of his right through one-sided contracts, which he mostly executes in haste and regrets at leisure.
From banking to payment wallets and online payment gateways, driving e-commerce, each form of digital currency is governed by the RBI. Whilst banking regulations have proven their strength, cyber crimes and the absence of effective enforcement mechanisms have exposed its weakness. If the tightly regulated banking domain is unable to withstand the cyber criminals’ onslaught, other pre-paid instruments and online payment gateways are softer targets. The ultimate victim, however, is the customer, irrespective of the service provider.
Need for a robust legal order
Governments should not rush in where brave hearts fear. Grave and serious threats abound on the digital highway, from hacking attacks exposing millions through data breaches and phishing and virus attacks, which despite large-spread awareness programs continue their successful streak. Effective preventive, protective and punitive measures would have to be in place before the digitally illiterate are nudged towards the cashless precipice.
The regulatory framework in India, apart from the Banking Regulation Act, 1949, encompasses the Payment And Settlement Systems Act, 2007 and several RBI regulations and circulars, including the “Pre-paid Payment Instruments in India (Reserve Bank) Directions, 2009” and the Master Circular in 2014, as well as various staccato circulars for online payment gateways. These regulations apply equally to private companies’ digital wallets, like Paytm, and to credit and debit cards issued by banks.
The RBI regulations shift the onus of consumer protection on the service provider, through vague and impossible provisions like the publication of the contracts in English, Hindi and “local language”, which are clearly impossible to implement. Customer protection does not take into account the extent of data collected through the “apps”, through which, digital wallet services are provided.
Paytm, for instance, is also partly owned by China-based Alibaba. As with Whatsapp sharing data with its parent company Facebook, it may be reasonably assumed that each Paytm user’s personal information, including their demographic, is being shared with its Chinese partner. Existing data protection under Section 43A and Section 72A of the Information Technology Act, 2000 and the rules framed thereunder are easily skirted consents obtained in the user agreements governing the ‘apps’. Weak data protection laws stand further diluted with the Supreme Court postponing definitive decision on Indians’ right to privacy, as a fundamental right in Justice Puttaswamy vs UOI.
Regulatory mechanisms are weak bastions guarding against aggressive cyber crimes. The Supreme Court’s notice to service providers for solutions against cyber crime further demonstrates India’s unpreparedness. Strangely for a ‘Digital India’, civil remedies against phishing, hacking, DDOS or virus attacks under the Information Technology Act, 2000 have been stymied with the Cyber Appellate Tribunal being non-functional for nearly five years now and the adjudicating officer’s role being reduced to an ad-hoc post with the secretary at the IT ministry playing this role as an additional charge. The abysmal statistics in cyber crime investigations and convictions speak volumes of the inefficacy of this last frontier of hope for cyber crimes i.e., criminal prosecutions.
The alternatives, as on date for the cash-strapped customer are therefore one-sided click-wrap agreements governing ‘apps’ through which ‘digital wallets’ are offered, the absence of data protection, lack of judicial pronouncements to reign in skewed agreements, non-functional civil mechanisms and dysfunctional criminal prosecutions.
Comfort of cash
The road to demonetisation may have been paved with good intentions but the attempt at flushing the rats out may have unforeseen consequences, as with the proverbial piper. The unquestioning acceptance of affirmative action by the government, in the hope of a clean polity, is now leading the unsuspecting populace into the quagmire of unprotected digital domains, lacking governmental guarantees. The government would, therefore, be well advised to hit pause and review protective mechanisms before encouraging innocents to follow the digital currency tune.
N.S. Nappinai is a practicing advocate in the Supreme Court and Bombay high court.