We do not retain Customer Payment Sensitive Data (partial debit card number, expiry date, PIN, OTP, or BHIM UPI PIN). WhatsApp does not have access to the BHIM UPI PIN because it is encrypted by Common Library (CL) software provided by National Payment Corporation of India.
With regard to data collection by Facebook, WhatsApp said that it “works with service providers including Facebook” to send payment instructions, maintain transaction history, provide customer support, and “keep our services safe and secure.” It again clarifies that Facebook has no access to the UPI PIN as it is encrypted.
Remember that in the beginning of June, the company delayed the full rollout of the payments service for 200 million Indian users due to concerns over how Facebook stores users’ data as well as over RBI’s norms on data storage. The beta test began in months ago, in February. Now, the company has said in a press release that it “look[s] forward to expanding WhatsApp payments soon”
24-hour customer support
The payments service will provide 24-hour customer support after a full launch is made. Support will be provided through e-mail as well as a toll-free number, a WhatsApp spokesperson told reporters. Customer support will be available in English as well as three Indian languages — Hindi, Marathi and Gujarati. However, the official declined to comment on the launch dates and other details.
The spokesperson added that while users can connect with WhatsApp for queries related to the payments offering, they would have to reach out to their banks for any dispute resolution. The new policy also states that all payments are final and non-refundable. Additionally, it states, “WhatsApp is not liable for unauthorized transactions. We assume no responsibility for the underlying transaction of funds, or the actions or identity of any transfer recipient or sender.”
WhatsApp Payments’ saga with UPI, privacy, and Facebook
- The launch of WhatsApp Payments has reportedly been delayed in June as parent company Facebook battles concerns over privacy with regard to how users data will be stored and shared. The RBI was concerned about data localisation and storage, and there were doubts about the privacy of users, as WhatsApp is owned by Facebook, which was rocked by the unforgettable Cambridge Analytica scandal.
- In May, the chief executive and co-founder of WhatsApp, Jan Koum quit the company over disagreements (with parent Facebook) about privacy and encryption. A Washington Post report noted that the founders “clashed with Facebook over building a mobile payments system on WhatsApp in India.” MediaNama speculated that the concerns of the WhatsApp founders may have stemmed from the fact that while all messaging on WhatsApp is end-to-end encrypted the payments service is not, by design. This meant that third parties and government agencies may have access to data regarding all payments made via the chat platform. Soon after, it was reported that WhatsApp shares crucial payments information such as VPAs and UPI PINs with third-parties, including Facebook. WhatsApp had responded to this revelation by saying that Facebook does not use WhatsApp payment information for commercial purposes. Read more here.
- In March, Whatsapp tweaked its payments interface to make the ‘send to UPI ID’ option more visible and accessible. However, that did not really seem to work. Read our full report here.