The rules are meant to ensure integrity, security and confidentiality

The Centre has issued draft rules to ensure integrity, security and confidentiality of electronic payments made through prepaid payment instruments (PPIs), popularly called e-wallets. The draft rules, on which the Ministry of Electronics and Information Technology has sought public comments, make it mandatory for e-PPI (electronic pre-payment instrument) issuers to develop an information security policy that ensures that the systems operated by them are secure.

The Information Technology (Security of Prepaid Instruments) Rules, 2017, define an e-PPI issuer as a “person operating a payment system issuing prepaid payment instruments to individuals/organisations” under the aegis of Reserve Bank of India. The rules make it compulsory for e-PPIs to publish on their websites and mobile applications both their ‘privacy policy’ and terms for use of their payment systems. The draft also details the requirements of a privacy policy. The rules mandate that e-PPIs should carry out risk assessment to spot security risks and also ensure adequate due diligence is done before issuing PPIs.