Striking a balance between Innovation and Consumer Protection

- Ashutosh Dubey, Lead – Business Analytics, NPCI

The tectonic plates of commerce have shifted over the last decade. Goods and services have moved online, and we've all adopted more digital behaviours. That shift accelerated as we adjusted to the effects of the pandemic. These changes have been significant for all of us — both businesses and consumers: 97% of global business leaders claim the pandemic sped up their company’s digital transformation, and more than 50% of global consumers say they've become more digital. And in this digital-first world, consumers expect to get what they want, when they want it — whether in store or online. As a result, the adoption of new payment technologies is rising as consumers embrace emerging payment innovations that enable greater flexibility and choice while keeping their transactions safe and secure.

According to the results of a recent IDEMIA study, four out of five people globally are looking forward to using fingerprint technology over PIN codes during card transactions. We're seeing major corporations investing in crypto or expanding crypto services to millions of customers. In addition, 86% of central banks are actively researching the potential of their own digital currencies. To engender trust in these technologies, we must ensure that innovation never outpaces trust. This means building security and privacy protections into solutions from the start — not as an afterthought. In short, deploying capabilities across AI, biometrics and digital assets that work together like an invisible shield behind the scenes is vital if we're to truly embrace digital innovation without compromising privacy and protection, and if we're to actively meet the challenge of increasingly sophisticated and well-funded hackers and fraudsters.

Tokenisation Framework

A recent case study where Innovation and Customer trust goes hand in hand is the RBI's device-based tokenisation framework which has been extended to Card-on-File Tokenisation (CoFT) services as well. Card issuers have been permitted to offer card tokenisation services as Token Service Providers (TSPs). It must be noted that the introduction of CoFT while improving customer data security, will offer customers the same degree of convenience as now.

Tokenisation is very convenient for customers in the case of fraud or theft. This works because multiple tokens are issued for the same card payment on different platforms that use tokenisation. This means that even if a website faces a data breach and the tokens are acquired by the cybercriminal/hacker. It will be extremely difficult to reverse engineer the actual card number, hence safeguarding your card information. Tokenisation will also make recurring payments convenient and safe, by allowing payment providers to save cards using tokens.

Video KYC

RBI introduced Digital KYC allowing video-based KYC in Jan 2020. A report by The Economic Times notes that the Aadhaar-based eKYC has dropped the costs from INR 150 per KYC to just INR 20. Plus, it's been a game point in achieving scale, a crucial factor for many fintech companies in India. Another big advantage of Video KYC is going completely remote as compared to the digital KYC, which requires a visit to the customer's doorstep or the nearest access point. Moreover, the video KYC requires no wet signatures, a compulsory requirement with digital KYC. The cost-effective method is helping to achieve compliance even in remote locations.

Data privacy based regulations

Apple’s move to a more private, consumer-driven data model with the announcement of its App Tracking Transparency (ATT) feature puts the consumer in the driver’s seat of data privacy, allowing them to opt-in or opt-out of data sharing. More often than not, consumers incorrectly assume that their data is isolated to one particular app, when in fact it’s usually shared with a whole network of partners. One thing companies should consider when creating consent options is the use of dark patterns. These carefully crafted user interfaces can be designed to either enlighten or confuse a user. Examples include confusing language that contains double negatives, such as “don’t sell my personal information” and making it appear that the user must submit or share non-essential information to continue using a product or access a webpage. Companies should take what they’ve learned about dark patterns and user behaviour to help consumers understand what they consent to. This will establish better relationships with their customers in the long run.

On 10 September 2021, the UK’s Department for Digital, Culture, Media & Sport issued a consultation seeking views on the government’s plans to reform the UK’s data protection laws, specifically the GDPR (as implemented in the UK) and Data Protection Act 2018 (the UK GDPR). The aim of the reforms is to create a more pro-growth and pro-innovation data regime by removing unnecessary burdens on businesses or barriers to transfers, whilst also maintaining high standards of data protection and public trust.