The government has released draft guidelines for transactions made through prepaid payment instruments (PPIs) like mobile wallets, smart cards and paper vouchers and also sought feedback from various stakeholders. The draft IT (Security of Prepaid Payment Instruments) Rules 2017 have been designed to ensure adequate integrity, security and confidentiality of electronic payments effected through PPIs.

“With the government promoting cashless economy and boost being given to various digital payment systems, a need is felt to develop a framework for security of various PPIs operating in the country,” it said.

The Ministry of Electronics and information technology (MeitY) has formulated the draft rules for security of prepaid payment instruments under provisions of IT Act 2000, it added. The rules entails the PPIs to ensure end-to-end encryption of the data exchanged and emphasised that e-PPI issuers assist customers with regard to secure use of the prepaid payment instruments.

“Every e-PPI issuer shall have in place and publish on its website and mobile applications the privacy policy and the terms and conditions for use of the payment systems operated by it in simple language, capable of being understood by a reasonable person,” it said.

Also, the rules mandate that each PPI company have a privacy policy posted on its website. They will also have to appoint a chief grievance officer, whose contact details will have to be prominently displayed on the website.

“The Grievance Officer shall act within 36 hours and shall resolve the complaint within one month from the date of receipt of such complaint,” it added.

The companies will also have to establish a mechanism for monitoring, handling and follow-up of cyber incidents and breaches. The last date for submitting comments on the draft is March 20.