Payment firms access utility data, breach privacy laws
This data can used in building credit scores or profiles of individuals or families.
Hyderabad: Private payment companies are retrieving the monthly utility bill data without taking a user’s consent and sending them reminder emails, violating of the fundamental right to privacy.
This data can used in building credit scores or profiles of individuals or families.
Security experts penned a letter to the members of the Board of Payments & Settl-ements (BPSS) of the RBI on the violation of privacy by Paytm, PayUmoney, Google Pay and HDFC Bank and possibly several other banks and fintech companies.
“The users are receiving these alerts, even after uninstalling the said applications from the mobile. It is widely acknowledged that companies are using utility bill payment data to build credit profile of individuals,” they claimed.
Mr L Srikanth, who wrote the letter, urged RBI “to provide cease-and-desist instructions to these entities as the central bank governs all payment systems and regulates NPCI which is the only licensed operator to provide bill payment services under Bharat Billpay (BBPS)”.
The issue was first brought to light by independent security resear-cher Srinivas Kodali, who received a reminder from Paytm asking him to pay TSSPDCL bill, even though he did not allow them to have access to his monthly data.
“It seems Paytm gets a dump of everyone's electricity bill from the discoms. For using it once to pay electricity bill, the company now knows my every month bill. This data could be used to build credit profiles too. PayTM and electricity distributors are violating consent,” Mr Kodali said.
Several users shared their experiences of private payment companies auto fetching utility bill payment data.
The letter also requested RBI “to perform data audits on these entities, design the payment systems to take suitable action for breach of privacy and prevent the same in future.”