WhatsApp says it is sharing limited data with parent company Facebook from the Payments service. According to reports, Payments was officially supposed to roll out last week on the Facebook-owned messaging app, but the same has been delayed over reports of privacy fears. The Payments service is only available in India, and WhatsApp is currently beta-testing the same with select Android and iOS users in the country.
“Facebook does not use WhatsApp payment information for commercial purposes, it simply helps pass the necessary payment information to the bank partner and NPCI. In some cases, we may share limited data to help provide customer support to you or keep payments safe and secure,” WhatsApp says on its website under the FAQ (Frequently Asked Questions) section around Payments Data.
The WhatsApp page further notes that the company does not have access to the UPI Pin of the user. It says, “When you make a payment, WhatsApp sends the encrypted UPI PIN to our bank partners, which are called payment service providers. WhatsApp cannot see and does not store the UPI PIN, which is encrypted by software provided by National Payment Corporation of India. Nor does WhatsApp store other sensitive payment information such as your one-time password (OTP), account number or full debit card details.”
According to a PTI report, the Ministry of Electronics and IT has written to National Payment Corporation of India to verify compliance around WhatsApp payment and check if WhatsApp is sharing data with its parent firm Facebook. The report also says that the ministry has asked NPCI to verify compliance of WhatsApp payment it scales up its service.
WhatsApp Payments in India is based on Unified Payments Interface (UPI) and the NPCI is the regulatory body behind this. UPI allows for direct bank-to-bank transfers. Payments can also be made via issuing a request to a UPI code, scanning a QR code, etc.
The statement on WhatsApp’s website also reads, “We pass the transaction information to the bank partner, which is called a PSP (payment service provider), and to NPCI (National Payment Corporation of India), so they can facilitate the movement of funds between the sender’s and receiver’s bank accounts.”
The scrutiny over WhatsApp Payments and data-sharing with Facebook comes in light of the recent controversy that the social media giant is facing over data leaks in light of the Cambridge Analytica scandal. It has also been revealed that Facebook had data deals with device makers like Apple, Samsung, Chinese companies like Huawei, Lenovo, Oppo, TCL, etc and in some cases they gave deep access to user information like relationship status, political leanings, etc to these companies.
When the WhatsApp Payments beta testing went live, the terms and conditions page, had noted, “When you register to use Payments, you provide your bank’s name, partial debit card number, and debit card expiration date. You will also be asked to provide your ATM PIN or UPI PIN, or to set up an UPI PIN for payment transactions if you do not already have one. We receive your debit card details and ATM PIN or UPI PIN securely, and we do not retain this information.”
On data sharing, the terms and conditions noted that the company does share some data with third-parties, including its parent Facebook. The page notes, “We share information with third-party providers and services to help us operate and improve Payments.” WhatsApp says this is done to keep the services secure, to detect, prevent fraud, prevent misconduct, abuse, etc and Facebook is one of the parties getting access to Payments data.
“To provide Payments to you, we share information with third-party services including PSPs, such as your mobile phone number, registration information, device identifiers, VPAs, the sender’s UPI PIN, and payment amount,” note the terms and conditions.
With PTI inputs