The ministry of electronics and information technology (MeitY) has issued a consultation paper (pdf) which calls for developing a framework for security of digital wallets operating in the country. Right now, wallets have no prescribed security standards to adhere to. Section 43 A of the Information Technology Act which deals with data protection is applicable to wallets but it allows corporations to determine what security practices and procedures are adequate. "With the Government promoting cashless economy and boost being given to various digital payment systems, a need is felt to develop a framework for security of various Prepaid Payment Instruments (PPIs) operating in the country," the government said. Comments for the draft rules are open till March 20. Here is a look at what the draft rules entail: 1. Information security policy: Every wallet will have to develop an information security policy of all the payment systems operated by it. The will have to abide by the rules set by the government and any other standards it sets. 2. Privacy policy: All wallets will have to publish on their website and mobile app the privacy policy but the crucial part is that the government wants it to be in "in simple language, capable of being understood by a reasonable person." The privacy policy will include the following details: the information collected directly from the customer and information collected otherwise uses of the information period of retention of information purposes for which information can be disclosed and the recipients sharing of information with law enforcement agencies…
