After facing weeks of criticism over allegations of sharing financial data with Facebook, WhatsApp, the social media giant’s chat messenger, clarified on Friday that vital payments data was not shared between the two firms.
In its FAQ section, WhatsApp.com included clarifications around who it sends payments information to. “When you make a payment, WhatsApp creates the necessary connection between the sender and recipient of the payment, using Facebook infrastructure. We pass the transaction information to the bank partner, which is called a PSP (payment service provider), and to the NPCI (National Payment Corporation of India), so they can facilitate the movement of funds between the sender’s and receiver’s bank accounts,” it stated. WhatsApp did not share any more details on the issue.
It said Facebook does not use WhatsApp payments information for commercial purposes. “It simply helps pass the necessary payment information to the bank partner and the NPCI. In some cases, we may share limited data to help provide customer support to you or keep payments safe and secure,” the company said.
Being a unified payments interface (UPI)-based platform, WhatsApp also said that they do not share the details with Facebook. “When you make a payment, WhatsApp sends the encrypted UPI PIN to our bank partners, which are called PSP. WhatsApp cannot see and does not store the UPI PIN, which is encrypted by a software provided by the NPCI. Nor does WhatsApp store other sensitive payment information such as your one-time password (OTP), account number or full debit card details,” it stated.
WhatsApp, which was in February this year given permission to do a beta test of its in-chat payments feature called WhatsApp Pay, is still running a beta test of the product.
Ever since it announced the launch of its beta test phase it has faced serious backlash from many quarters. Facebook data leak controversy has further stoked fears of security of payments data on WhatsApp.
According to industry observers, WhatsApp is in clear violation of the guidelines set by the NPCI. “PSP shall not share the data with any other third party unless mandated by applicable law or required to be produced before a regulatory/statutory authority,” NPCI said in its guidelines.
The NCPI had in February given its consent for the roll-out of WhatsApp BHIM UPI beta with limited user base of a million and low per transaction limit. “Four banks will join the multi-bank BHIM UPI model in phases (in the coming weeks) and the full-feature product shall be released after the beta test is successful. Multi-bank model offers advantages such as transaction load distribution between banks and helps integrate popular apps easily with BHIM UPI,” the NPCI said in a statement.
It also said that broad principles for interoperability, like the ability to send and receive money through any BHIM UPI ID, intent and collect call and read and generate BHIM/Bharat QR code are required in a final BHIM UPI app. “Only BHIM UPI-enabled apps that fulfill such principles will be permissible for full-scale public launch. We work towards providing seamless experience to users of BHIM UPI platform and recognise the contribution of member banks and non-bank entities to reach to this level,” the NPCI had said.business-standard.