wordpress blog stats
Connect with us

Hi, what are you looking for?

Amex to share credit card info of customers with NeSL starting November; SBI card and PNB already sharing

The same had earlier been put on hold by Amex after concerns were raised by experts and cardholders on privacy risks and other grounds

What’s the news: American Express (Amex) on October 14 informed its customers that it will share information about their credit card accounts with the National E-Governance Services Limited (NeSL) starting November 2022.

SBI Card and PNB are already submitting this information to NeSL, industry sources told MediaNama. We have reached out to NeSL, SBI and PNB seeking confirmation and will update this post once we receive them.

Déjà vu? Amex initially emailed customers in March this year saying that it will share data with NeSL in order to comply with a 2017 Reserve Bank of India (RBI) circular. However, cardholders and other experts raised concerns about the legality of this data-sharing mandate by RBI, as well as the privacy implications of such data sharing. Eventually, Amex put its plan on hold and informed that it will consult with the RBI on how to proceed. It now appears that RBI has asked Amex and other cardholders to proceed with the data sharing:

“As per the directive from the Reserve Bank of India, all financial creditors have to submit customers financial information to National E-Governance Services Limited (NeSL). We are reporting as per requirement of the RBI directive.” — An Amex spokesperson told MediaNama


FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.


Why does this matter: The data-sharing mandate still poses the same concerns that it did earlier:

  • There are privacy concerns as it involves sharing personal credit card spending information with government agencies without consent. Additionally, there is no way to opt-out from this sharing and no clarity on how much data will be shared, how the data is kept by NeSL and if there is any purpose limitation.
  • It appears to be in contradiction to the Credit Information Companies (Regulation) Act, 2005, which prohibits companies from collecting credit card information such as the amount of credit and the amount outstanding without obtaining a certificate of registration from the RBI under the Act. NeSL is not registered with RBI as a CIC. Companies that are registered with RBI as CICs include CIBIL, Experian, Equifax, and CRIF High Mark.
  • The Insolvency and Bankruptcy Code (IBC), 2016, which RBI uses as the legal basis for this data sharing, is laid out clearly for corporate insolvency, but when there is no clear insolvency regime for individuals.

For a deep dive into the above issues, read The Privacy Implications And Legality Of RBI’s Mandate To Banks To Share Credit Card Information With NeSL.

What data will Amex share with NeSL? Amex said that the following information about cardholders will be shared with NeSL:

Advertisement. Scroll to continue reading.
  1. Demographics including name, email address, PAN number, etc
  2. Total outstanding
  3. Credit limit

Why are people concerned about privacy risks: 

  • Vinayak Hegde, an Amex cardholder, brought up the issue of scope creep the last time we did a story on this issue. “If you follow this place for a while, you know that there is a lot of scope creep. People can say now we have this data, let’s use it for this, let’s use it for that. And that kind of continues, right,” Hegde remarked.
  • “Of course, I would have concerns about my data being shared. The thing is India has no privacy law. Data is shared without warning and information,” Prasanto Kumar Roy, technology and public policy analyst who is also an Amex cardholder, told MediaNama. But, Roy said that this is not a concern that is specific to Amex’s sharing with NeSL and that it applies to information sharing with CICs like Experian and CIBIL as well, and to the wider range of data sharing currently taking place.
  • Srikanth Lakshmanan of Cashless Consumer Collective pointed out that this will go against the Puttaswamy judgement: “If one sees the spirit of proportionality in Puttaswamy judgement — and if the IBC law actually codifies individual insolvency regime — why should card dues data of all cardholders be shared to an IU and then have them validate the credit claim, presuming they all will go bankrupt? What prompted you to cite the RBI circular that is dated 5 years ago, which is openly worded for IBC compliance to share personal data that is specifically outlawed in CIC Act? If this is RBI doing it, why is that no other credit card issuer telling it to the customer?”
  • Lakshmanan also noted that it helps RBI build an extralegal database like the Public Credit Registry: “This collection of all credit data – is fundamentally akin to build a Public Credit Registry (which RBI again is building without a law, regulatory powers to build one) and resting these with a private entity that is quassi owned by a Public Sector Undertaking (PSU) titled with ‘National’ is deceiving users at multiple levels to part with their data.”

What does the 2017 RBI circular say: The RBI circular dated December 19, 2017, states:

“According to Section 215 of Insolvency and Bankruptcy Code (IBC), 2016, a financial creditor shall submit financial information and information relating to assets in relation to which any security interest has been created, to an information utility (IU) in such form and manner as may be specified by regulations.” (emphasis ours)

In other words, the RBI circular mandates financial creditors like card companies to submit information related to debts to an information utility (IU). NeSL is currently the only IU registered with the Insolvency and Bankruptcy Board of India (IBBI).

What does NeSL do? “The primary role of NeSL is to serve as a repository of legal evidence holding the information pertaining to any debt/claim, as submitted by the financial or operational creditor and verified and authenticated by the parties to the debt,” NeSL’s website reads.

How will the data sharing take place? Amex explains in a FAQs page that the sharing of financial information with NeSL is a bilateral process:

  1. Amex submits financial information about cardholders to the NeSL database every month
  2. NeSL sends a notice to the cardholder to authenticate the details submitted by Amex
  3. Cardholders are required to register on the NeSL portal to authenticate/dispute the information submitted by Amex
  4. Once a record is authenticated or disputed by the cardholder, NeSL send a confirmation email to the cardholder
  5. If a customer does not authenticate/dispute a transaction after three reminders, then the transaction is deemed authenticated.

This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.

Also Read

Written By

Free Reads

News

With GPS in every car, India's toll collection is going high-tech.

News

Google is currently undergoing the necessary procedures for the leasehold land, which is presently under the ownership of the Maharashtra Industrial Development Corporation.

News

The pilot project for which is being launched in 19 cities this year, with a plan to launch a full-fledged rollout next year.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...

News

Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...

News

The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...

News

Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...

News

Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ