Paytm suspends 'App POS' on data security concerns

Mobile wallet company Paytm has suspended its app that allowed small shopkeepers to accept payment through cards amid ongoing cash crunch, citing risks to customer data and privacy.

The new feature was designed to eliminate the need for a physical point-of-sale (PoS) terminal or a card swipe machine, instead helping small shopkeepers use their smartphones to facilitate the transactions.

However, soon after launching 'App POS' with much fanfare this week, Paytm rolled back the initiative after concerns were raised over security of customer's card details by the industry.

"Based on some suggestions from the industry, we have decided to add additional certifications and features before making it available to merchants. We will re-launch this product as soon as we have updated the product," the Alibaba-backed company said in a blogpost.

It further said: "Nothing is more important to us than customer data and privacy. We will always put this above all without fail."

In October, as many as 32.14 lakh debit cards of various public and private sector banks were reported to have been 'compromised' by cyber malware attack in some ATM systems. Several banks, including state-owned SBI, had recalled a number of cards while many others blocked the ones suspected to have been compromised and asked their customers to change PIN (personal identification number) before use.

According to the National Payments Corporation of India, as many as 641 customers across 19 banks have been duped of Rs 1.3 crore using stolen debit card data.

In its blogpost, Paytm defended its product saying the company does not store any card details in the app or on its servers that are shared during the payment flow.

"The transaction is completed on the bank's page and follows the 2-factor authentication guidelines mandated in India," the post said adding that the company's IT systems are audited periodically by certified independent auditors.

At the time of launch too, Paytm CEO and founder Vijay Shekhar Sharma had sought to allay privacy concerns saying the company is a "PCI DSS (Payment Cards industry Data Security Standard) certified company".

After generating a bill for the item sold, the shopkeeper was to hand over his/her phone to the customer for entering card details.

The feature was introduced after the government scrapped old Rs 500 and Rs 1,000 currency notes that is forcing consumers to adopt digital payment and cashless transactions, to tide over the liquid cash crunch.

While there are 740 million cards in India at present, the number of card swiping machines is at a dismal 1.5 million.

Paytm had said it expects 10 million app POS to be downloaded before the weekend and as many as 15 million app POS merchants were expected by November-end.