'Digital wallets' have gained popularity in India and other regions in recent decades. A digital wallet is a platform that allows individuals to carry out electronic transactions utilising electronic devices or online services. It is a modified payment method. It is a digital payment method that removes the necessity of carrying tangible currency.

Various digital wallet services have specialised smartphone apps. The popularity of digital wallets in India has increased dramatically following demonetization. Multiple digital wallets are currently functioning in India, including Paytm, Freecharge, Jio Money, Airtel Money, and others. This article seeks to comprehensively analyse different digital wallets frequently utilised in India, with a specific focus on their policies and security measures regarding user data.

Introduction:
The fintech industry has been affected by the Reserve Bank of India's (RBI) recent action against Paytm's affiliate, the Paytm Payment Bank. After February 29, 2024, the RBI has prohibited the payment bank from carrying out any additional operations that entail taking deposits or top-ups in any customer account, prepaid devices, FASTags, wallets, and more. Along with other consequences, the decision prevents the payment bank from onboarding any new customers immediately.

Commerce has shifted to mobile platforms in the present day. Smartphones have become the predominant means of accessing the internet worldwide, replacing desktop and laptop computers. By 2020, there will be over 2.6 billion connected smartphones globally. Technologies have evolved considerably in recent years, particularly with the process of digitization.

A digital wallet is a software application that operates on mobile operating systems and provides basic functionality. New users must securely enrol by downloading the application and verifying their identification. Their credentials, such as user ID and password for wallet access, must be securely provided. The programme must offer a safe environment for storing customer-identity information (such as email address), payment information (such credit card data), and shipping address details.

Users can choose a payment option in the wallet app to make e-commerce transactions, such as paying merchants online, in-app, or in-store.
Payment through the wallet can be made using a debit or credit card, prepaid card, bank account, e-money account, virtual currency, or any other kind of credit.

In the modern era, cash has been converted into digital form, leading consumers to adopt mobile wallets for convenient transactions and to eliminate the inconvenience of carrying actual currency. The crucial question is: Is your mobile wallet truly secure? Despite the swift shift from physical currency to digital wallets, significant security problems exist when utilising a mobile wallet. In India, there are various types of mobile wallets such as open, semi-open, close, and semi-close.

Banking Regulation and Enforcement:

The main piece of legislation controlling India's banking sector is the Banking Regulation Act 1949. It controls and oversees the management, operations, and functionality of every bank in the nation. This Act also gives the Reserve Bank of India (RBI), the country's central bank, the authority to issue directives and monitor other banks' adherence to existing legal standards. In order to maintain the system's financial stability, the RBI is essential.

It issues money, controls monetary policy, and has regulatory authority over the banking industry as a whole. As a result, it cedes significant control and power over other financial organisations, especially the banks.

Reserve Bank's Authority under Section 35A:

Section 35A (1) (c) of the Banking and Regulation Act[6] states that:

Power of the Reserve Bank to give directions:

1. Where the Reserve Bank is satisfied that:
   (c) to secure the proper management of any banking company generally, it is necessary to issue directions to banking companies generally or to any banking company in particular, it may, from time to time, issue such directions as it deems fit, and the banking companies or the banking company, as the case may be, shall be bound to comply with such directions.

Thus, this clause gives the central bank specific authority to step in when the situation calls for it. Additionally, it gives the RBI the authority to order specific banks or the banking industry as a whole in certain situations. When action is required to preserve the public interest, depositors' interests, and the interests of the banks, such intervention would be considered necessary.

Effects of Non-Compliance:

Banks that disregard the directives issued by the central bank in the exercise of its authority under Section 35A will be subject to the fines specified in Sections 47A(1)(c) through 46(4)(i) of the Act. A penalty of up to Rs. 1 crore or twice the amount involved in the infringement, whichever is higher, may be assessed by the RBI. An extra fine of Rs. 1 lakh may be assessed for each day that passes after the first penalty is issued in the event of a continuous infringement or non-compliance.

Fraud committed by Paytm:

In 2015, Paytm suspended more than 5.5 million users following a fraud incident. Almost 17,000 out of 100,000 shippers were suspended by the company in recent months. Paytm is endeavouring to imitate Alibaba's 'smile to pay' function on its application. Paytm engages in fraudulent acts. The CBI accused a former Paytm employee of cheating the firm by creating representative IDs and default user passwords using its system.

Sawan Narender Aware and five others were accused by the organisation of criminal conspiracy, swindling, and violating the Information Technology Act, according to a CBI official. Sawan, who had a good understanding of the return procedure, misled clients by providing discounts between 20% and 50% on different products on the Paytm website, as reported by the authorities during the investigation. The CBI pressed charges against Sawan, who worked for the group for around two months, then left and reportedly engaged in fraudulent activities with Suraj Thakur, Purushottam Yadav, Deepak Yadav, Tushar Rewaria, and Rajesh Meho, as per officials.

The CBI charge sheet filed in the Saket court confirmed that Sawan granted a 100% discount to consumers through the organization's system without requiring the return of the purchased commodity. The person engaged in fraudulent activities by utilising stolen credentials of Paytm personnel who had knowledge of the procedure for generating system IDs and default passwords.

The agency accused him of employing a trial-and-error approach. The total amount collected from the customer after deducting the promised discount was the result of processing returns. The CBI mentioned in the charge sheet that a reduction was not warranted since the items were delivered to the specified customer and they were happy with the product. An analysis revealed that refunds from many Paytm wallets and bank accounts led to a total loss of Rs 11 lakh from May 2015 to August 2015.

There have been many cases of fraud involving Paytm when customers were not given the money they were promised because the company altered its cashback policies to trick users. Customers have encountered situations when they chose a particular deal during a recharge on Paytm, but a different offer was applied after the transaction was completed. The contradictions are repelling increasingly significant individuals' patrons.

Biased policies of Digital Wallet:

A policy is a predetermined strategy created to provide direction towards the authorised business goals and objectives of the company. It defines the work ethics of the company and its employees. It offers decision-makers a structured approach for handling any situation. It gives users an insight into the services provided by the company. Digital wallet organisations have clearly defined regulations governing their activities, financial stakes, data management protocols, and protective measures to ensure the security of user information.

Do these policies constantly provide benefits to users? Is the company properly protecting user data? Is the channel for user data transmission secure? We analysed the policies of different digital wallet providers and identified some policies that could compromise the security of user data. For example: The Paytm Policy document states that their website may have links to external websites that are not controlled by them. This privacy policy applies exclusively to our organisation.

It is recommended to examine the privacy policies of other websites when you visit them. Users generally do not peruse these regulations before to disclosing personal information on respected websites. Consider a scenario where a someone creates a deceptive website and successfully adds their connection to the Paytm website, creating a possible risk. An ignorant user on Paytm's policy can erroneously perceive it as a trustworthy website and inadvertently disclose personal information, becoming them susceptible to a phishing scam.

The attack can lead to multiple negative consequences for the user, including money loss and identity theft. Similar regulations are also implemented by other digital wallet companies. Should these URLs be subjected to authentication checks before appearing on digital wallet companies' websites? Do digital wallet providers perform background checks on all the websites linked to their platform? Is the user safe if they click on these links, whether purposefully or accidentally? This is a possible hazard.

Various provisions governing the frauds:
Potential legal requirements that may be relevant to fraudulent activity conducted through Paytm or any comparable online payment platform could include:

• The Information Technology Act of 2000 (IT Act) provides legal recognition to electronic transactions and outlines penalties for cybercrimes such unauthorized access, data theft, and fraud in many countries.
• The Indian Penal Code of 1860 (IPC) contains provisions for offences such as cheating (Section 415), forgery (Section 463), and fraud (Section 420), which are applicable in instances of online fraud.
• The Payment and Settlement Systems Act of 2007 regulates payment systems in India and empowers the Reserve Bank of India (RBI) to set guidelines to detect and prosecute frauds related to electronic payment systems.
• Consumer protection laws can address issues including inadequate service, unfair trade practices, or fraudulent transactions, depending on the nature of the fraud.

Conclusion:
This study explores different Mobile Wallet systems. This article examines several vulnerabilities and threat models.

The frauds are depicted in the few case studies offered that has taken place in the different Mobile Wallet Apps. We have identified some remaining dangers associated with these Mobile Payment Apps. Mobile payment service providers in India are jeopardising both client data and funds. These companies' prompt responses are still being examined. As a client, it is crucial to refrain from sharing any personal data on Social Networking Sites that could be linked to your security questions.

Never disclose your password or OTP to anyone, whether they are related or unrelated. It is important to note that Mobile Payment Services firms do not make phone calls to request your personal information or account password. Avoid storing your card details in your Mobile Wallet to ensure that in case of a hack, your bank information remains secure.

Securing mobile payments necessitates a distinct approach compared to conventional card payments. Hardware-based security models can be implemented. Security models can be implemented to accommodate the dynamic nature of software updates. This entails integrating over-the-air update methods, including tokenization, with software hardening technologies and two-factor authentication.

References:

1. Medianama, https://www.medianama.com/2017/05/223-mobile-wallettransactions-march-2017/.
2. Gochhwal, Rahul. "Unified Payment Interface- An Advancement in Payment Systems." American Journal of Industrial and Business Management 7, no. 10 (2017): 1174.
3. Bosamia, Mansi Prakashbhai. "Mobile Wallet Payments Recent Potential Threats and Vulnerabilities with its possible security Measures".
4. The Economic Times, https://m.economictimes.com/small-biz/startups /how-wallet-companies-like-paytm-mobikwik-oxigen-wallet-are-trying-toprevent-fraudulent-mobile-transactions/articleshow/50598068.cms.
5. Wikipedia, https://en.wikipedia.org/wiki/MobiKwik
6. The Windows Club, https://www.thewindowsclub.com/best-mobilewallets-in-india
7. The Indian Express, https://indianexpress.com/article/delhi/delhi-paytmfraud-case-cbi-5050998/lite
8. The Inc, https://inc42.com/buzz/mobikwik-digital-wallet-glitch/
9. Change.org, https://www.change.org/p/reserve-bank-o-india-cancellicence-for-unsecure-wallets-like-freecharge Electronic copy available at: https://ssrn.com/abstract=3361202 Proceedings of ICCIIoT 2018 HTTPS://WWW.SSRN.COM/LINK/IJCIIOT-PIP.HTML ELSEVIER-SSRN (ISSN: 1556-5068) 765
10. Reditt, https://www.reddit.com/r/india/comments/4z1viu/freecharge_wallet_scam
11. The Times of India, https://timesondia.indiatimes.com/business/indiabusiness/rs-167cr-deposited-in-airtel-bank-without- consent-of-31lusers/articleshow/62111310.cms
12. The Economic Times, https://telecom.economictimes.indiatimes.com/news/wallets-like-paytmdont-use-hardware-based-security-prone-to-attacks-saysqualcomm/55963182
13. Digital Trends, https://www.digitaltrends.com/mobile/sim-swap-fraudexplained
14. Paytm Privacy Policy, https://www.pcg- services.com/are-your-policiesand-procedures-a-barrier-to-growing-your-company
15. Paytm Mall, https://paytmmall.com/about-us/our-policies/privacy

Written By: Arpit Tripathi, 8 Semester B.A L.L.B - College- Dr Babbasaheb Ambedkar College of law Nagpur