Acknowledging the fintech sector’s critical importance and the escalating concerns surrounding cybersecurity, the Parliamentary Standing Committee on Communications and Information Technology tabled a report during the Budget session of 2024. It lauded the significant growth in digital payments while highlighting important concerns including fraud, recovery process, dominance of foreign companies, etc.
Launched in 2015, the Digital India Programme aimed to usher in a digitally empowered society. Notably, government initiatives to encourage a shift to a less cash economy resulted in substantial growth in digital payments over the years. There has been a notable surge in both value and volume of digital transactions between 2017-18 and 2022-23. Projections for the future anticipate a threefold increase in digital payments by 2025, primarily propelled by factors such as widespread smartphone usage, evolving consumer behaviours influenced by the COVID-19 pandemic, and governmental strategies focused on financial inclusion.
Report on digital payment and online security measures was tabled in the parliament
Acknowledging the sector’s critical importance and the escalating concerns surrounding cybersecurity, the Parliamentary Standing Committee on Communications and Information Technology tabled a report on “Digital payment and online security measures for data protection” during the Budget session of 2024. Inputs from various governmental entities and financial institutions such as the Ministry of Electronics and Information Technology, Ministry of Finance, Ministry of Communications, Indian Cybercrime Coordination Centre, Reserve Bank of India (RBI), National Payments Corporation of India (NPCI), etc. were considered when preparing the report. The committee has expressed its concern over the Fintech sector in India.
Dominance of foreign owned Fintech Companies highlighted
The Committee’s report highlighted the dominance of foreign-owned fintech companies, including Walmart-backed PhonePe and Alphabet’s Google Pay, in the Indian fintech sector. In terms of volume, the market share of these key players; Google Pay and PhonePe stood at 36.39% and 46.91%, respectively, during October-November 2023. On the other hand, the Indigenous BHIM UPI held a mere 0.22% market share by volume during the same period indicating a low adoption of Indian fintech apps or lower preference for the same.
With the growing volume of digital payments in India, the utilization of fintech apps for financial transactions is expected to rise. In light of this, the Committee suggested that a concerted effort to promote and prioritize local Indian players within the fintech sector is required. Further, the Committee also noted that regulatory control over Indian fintech apps would be more practical for regulatory bodies like RBI and NPCI, compared to managing foreign entities with diverse jurisdictions.
Fintech apps are used for money laundering
The Committee was also alerted to the use of fintech companies for money laundering. An example is the Pyypl app integrated with the MasterCard payment system, which enables global transactions, posing challenges for tracking funds. Based in Abu Dhabi, Pyypl faced fines for anti-money laundering non-compliance. This according to the committee highlights the pressing need for more robust regulation of fintech companies to ensure compliance with anti-money laundering legislation.
Fraudulent transactions have increased but low in share of total volume
Despite a notable increase in transaction volume over the past five years, the ratio of fraudulent transactions to total transactions has maintained a consistently low level. The fraud-to-sales ratio, indicating the proportion of fraudulent transactions to the total, has been around 0.0015%. As of September 2023, in the current financial year, there was a slight uptick to 0.0016%. Specifically, the percentage of UPI users affected by fraud stood at 0.0189%. Despite concerns regarding the potential misuse of fintech platforms for illegal activities, the overall impact on users has remained relatively low compared to the substantial total volume of transactions.
The different types of cybercrimes as reported to the National Cybercrime Reporting Portal between 2021 and 2023 are as given below.
Recovery rate of defrauded money is low and is time-consuming process
Further, the committee emphasized the need for enhanced efforts to recover defrauded money. Notably, the recovery percentage in cyber fraud cases is alarmingly low. It also acknowledged the complexity of procedures for filing complaints and retrieving lost funds in cyber fraud cases. It urged the Ministry to streamline the process for the return of amounts frozen or held in lien observing a high turnaround time to close complaints. It also suggested a multistakeholder approach to combat scamsters considering the diverse nature of cyber threats, ranging from infrastructure hacking to social engineering tactics, requiring coordinated efforts from multiple agencies.
RBI has issued draft guidelines
The Committee noted that the RBI has issued guidelines to ensure the safety of the digital banking system, extending its oversight to online fintech companies. Fraudulent transactions have been addressed through the draft Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators (PSOs). The proposed directions include the appointment of 24/7 nodal officers to promptly resolve unauthorized transactions and cooperate with Law Enforcement Agencies. The committee called for finalizing the draft guidelines and ensuring compliance with the same.
Interfaces may be used to spread awareness on cyber fraud
To prevent cyber fraud, the committee noted that the interfaces of these apps are essential for raising awareness. These interfaces can educate users about safe transaction methods and alert them to deceptive practices used by fraudsters. It recommended MeitY to come up with guidelines for banks/fintech companies/apps/platforms to focus mainly on generating awareness in the form of creative, pop-ups, etc. among the general public at the interface of apps promoted by them.
The Committee noted that punishing cybercriminals hasn’t been very effective, expressing worry about low conviction rates referring to the National Crime Record Bureau’s data. The Committee emphasized the crucial need for statutory changes in cybercrime laws, stating that penalties should deter criminals.
India is among the largest Fintech economies in the world
India is recognized as the world’s third-largest FinTech economy thanks to several factors that function as pivotal facilitators, positioning India as a focal point for the expansion of FinTech. Local fintech players offer cultural understanding, regulatory alignment, community engagement, and adaptability. NPCI has been promoting the same through initiatives like Startup India. Recently, as per reports, food delivery platform Zomato launched its UPI. Likewise, CRED and Groww also launched their own UPIs.
On the other hand, foreign fintech players bring global expertise, diverse solutions, and investment inflow, and foster healthy competition. A balance between local and foreign fintech players is essential for a comprehensive financial ecosystem. It ensures tailored solutions for local needs, incorporates global best practices, attracts international investments, and promotes innovation, ultimately leading to a more robust and inclusive financial landscape.
NPCI proposed a market cap restriction for TPAPs in 2020
In 2020, NPCI came up with a proposal to introduce a 30% market cap restriction for third-party app providers (TPAPs). The Standard Operating Procedures involve notifying the TPAP upon reaching a 25% market share, issuing another warning at the 27% threshold, and ultimately prohibiting the onboarding of new customers once the 30% market cap is exceeded. The proposal was made with a deadline of two years. However, the deadline was further extended by two more years to December 2024, “taking into account the present usage and future potential of UPI, and other relevant factors”, as per the circular.
