TRAP (Third Party App Provider) v. Payment System Operator

In 2020, we are still looking for answers in the innovation of online payment apps. If you scan the current retail market and look for third-party payment apps that can be adopted, you either have more than two choices or one dominant player. However, when we view the payment applications and their usage in the seller marketplace, consumers tend to trust the direct payment system of the seller marketplace rather than opting for a third-party payment solution.

In this Article, it will be discussed as how the Third-party app provider is different from Payment operating system, along with the recent controversy of the Google pay app that has been going on in the High Court of Delhi.

Introduction

The lack of added value for the mobile payment compared to the cash-based payment has been causing for very modest acceptance of digital payment. However, in 2019, we witnessed a significant growth in terms of mobile payment with open banking APIs and improved experience that could enhance the customer experience with added benefits of rewards and instant alerts through digital channels[1]. We see a generation of consumer rise through cash-based system demanding an exceptional digital payment experience on all the platforms, especially on their smartphones. 

Third Party App Provider & Payment Operating System

A third party app provider or TRAP is basically an application that is created or made by the developer who isn’t the actual manufacturer or the actual owner of the website which offers the third party app. Third party app can be classified in many ways, for e.g., if we are using any application such as Instagram or Facebook and a link pops up, if we click on the link it will either give an option to run in the same app or the browser, when it opens in the browser that is called the Third party app provider. 

There can be various measures from where a Third-party app can be obtained, such as apps created for the app stores, the apps that follow the development criteria are given permission by those app stores to run. The other means for such apps is unauthorised sites that are not affiliated by the app store of the device, they can be available at rather an unauthorised app store, these types of third-party app can cause malwares. Another mode for the same is a third-party app that requires permission from ‘a first party app’ such as Facebook, to access certain parts of the same app. It basically grants access to potentially sensitive matters of the concerned app. 

The reason why a third-party app is considered a threat is because of its tendency to access accounts and profiles and look into the sensitive information of the user. 

Long before central banks became responsible for monetary policy, they were the banks designated to issue banknotes: the means of payment protected by legal tender status. The origin of central banking lies precisely in this revolution in payment technology: from metal to paper, from commodity money with intrinsic value to fiduciary money. From the Latin “fiducia”, the value of this kind of money lies in the trust it generates. However, trust is not something that can be left simply for the invisible hand to generate. Trust needs institutions to maintain it. The central bank was the institution designed to maintain trust in money

The payment system operator basically connects a user’s bank account to that of an online platform that further deals with the monetary transaction of the customer. Payment system operator is anything that deals with the online transaction of a particular user, it mainly deals with the financial transaction of the user, it can include anything such as institutions, instruments, peoples, rules, procedures, standards, or technology etc. 

The recent matter that is going between the Reserve Bank of India  and Delhi High Court, about whether google pay is a third party app or a payment system operator came into light after financial advisor Abhijit Mishra filed a Public Interest Litigation in the High court of Delhi, alleging that the Google pay was facilitating financial transactions without the requisite authorisation from Reserve Bank of India, He claimed that Google pay was acting as a system provider in violation of the Payment and Settlement Act[2] as it has no valid authorisation from the Central bank of the country to carry out such functions.

Section 2 (i) of the Payment and Settlement Act, 2007 says that payment system means a system that enables payment to be effected between a payer and a beneficiary, involving clearing, payment or settlement service or all of them, but does not include a stock exchange; Explanation .For the purposes of this clause, payment system includes the systems enabling credit card operations, debit card operations, smart card operations, money transfer operations or similar operations.

It further says in Section 4:

(1) No person, other than the Reserve Bank, shall commence or operate a payment system except under and in accordance with an authorisation issued by the Reserve Bank under the provisions of this Act:

Provided that nothing contained in this section shall apply to—
a) the continued operation of an existing payment system on commencement of this Act for a period not exceeding six months from such commencement, unless within such period, the operator of such payment system obtains an authorisation under this Act or the application for authorisation made under section 7 of this Act is refused by the Reserve Bank;

(b) any person acting as the duly appointed agent of another person to whom the payment is due.

(c) a company accepting payments either from its holding company or any of its subsidiary companies or from any other company which is also a subsidiary of the same holding company;(d) any other person whom the Reserve Bank may, after considering the interests of monetary policy or efficient operation of payment systems, the size of any payment system or for any other reason, by notification, exempt from the provisions of this section.

In effect, Google Pay is not a payment systems provider: it is an authorised vendor for the acquiring banks (to whom the payment is due) which are authorised payments systems provider. To give a telecom analogy, if you go back 10 years, Bharti Airtel was the telecom licensee, and One97 Communications was the vendor, which was providing mobile Value-Added Services. Banks are like telecom operators: they are the payment service providers, and the 47 apps are the vendors authorised to provide payment services by the banks. Just like VAS companies did not need a license to operate, neither do the apps like Google Pay[3].

Mishra has also contended that Google Pay does not figure in NPCI’s list of authorised” payment systems operators” released on March 20, 2019.

Google has contended, in its reply filed through advocate Himanshu Vij, that it works within the NPCI regime and complies with its guidelines and the applicable laws. It also said that it will take steps to comply with the RBI’s March 17, 2020 Guidelines on Regulation of Payment Aggregators and Payment Gateways” which mandates that entities providing merchant services, like Google Pay, get registered with the central bank.

Google has also said that it is complying with RBI’s 2018’ data circular” which mandates that all system providers have to ensure that entire data relating to payment systems operated by them are stored only in India. Google said it is complying with the circular, even though it is only applicable to system providers and not service providers like itself.

RBI had earlier told the court that Google Pay is a third-party app provider (TPAP) and does not operate any payment systems[4].

Therefore, its operations are not in violation of the Payment and Settlement System Act of 2007, RBI had said.

RBI had also told the high court that since Google Pay does not operate any payment system, it does not find a place in the list of authorised payment system operators.

Google has contended that it was complying with the NPCI procedural guidelines which govern functioning of all third-party application providers (TPAPs) like Google Pay.

It has also claimed that the petition was not maintainable as Sharma has available to him several alternate remedies like the customer care feature in the app or approaching the NPCI in accordance with the Payment and Settlement Systems Act of 2007 or asking RBI to exercise its supervisory jurisdiction. Google has further contended that there are other TPAPs like Google Pay, but the petition has been “selectively filed” against it.

Google has furthered clarified on the allegation that it shares the information with the third-party app provider. It has stated that “Google Pay does not share customer transaction data with any third party outside the payments flow. The clarification from Google came after reports cited the company’s submission to the Delhi High Court saying it is allowed to share customers transaction data with third parties with the prior permission of NPCI and payment service providing (PSP) banks”[5].

Adding to the above statement it was also contended that Sharma, in his plea, has also sought a direction to Google to give an undertaking to not store data on its app under UPI ecosystem and further not to share it with any third party, including its holding or parent company.

The plea has claimed that the company was storing personal sensitive data in contravention of UPI procedural guidelines of October 2019, which allows such data to be stored only by PSP bank systems and not by any third-party application.

Google has denied the claim, saying customers’ payment sensitive data is stored with the PSP banks and Google Pay only accesses it in accordance with the guidelines.

It has also denied the allegation that it accesses customers’ location to gain revenue from offering highly targeted or personalised advertising opportunities to advertisers. It was further added that Google Pay is in full compliance with Unified Payment Interface (UPI) procedural guidelines, issued by the National Payments Corporation of India (NPCI) and the applicable laws.”…and does not share customer transaction data with any third party outside the payments flow,” the spokesperson further said.

The submission by Google was filed before a bench of Chief Justice D N Patel and Justice Prateek Jalan in response to a PIL seeking action against Google Pay for allegedly violating the RBI’s guidelines related to data localisation, storage and sharing[6].The matter is still pending before the High court as there is yet a response to come from the reserve bank of India.

Google has agreed to the fact that it is a third-party app and not the payment operator that makes it free of the liability of the Payment and Settlement Act[7], but now the issue is evolving with new discoveries and contentions, on the side where the Reserve bank of India is involved and is expected to answer the questions.

Conclusion

The payment industry has shifted its dome from the card-based payment system to phone or app-based payment system. The next stage is the phone to phone dominance, payments have now shifted towards the Payment of Sale machine manufactures, Online and between app to app. Using the app-based payment system consumers and business are able to make an easy transition towards the peer to peer payment, peer to business payment and even between businesses.

The payment industry has gone through some major transitional phases during the last decade. Whether it is the evolvement of third-party apps or Payment operating system, the arena has taken drifts, with this new age we have come across the ease in payments modes and online transactions, but there is no doubt that with certain liberty, there also comes a substantial threat that could result in online fraud and other mishappening. In a country like India since it has enormous laws that governed almost every sphere, has laws pertaining to the apps that are connected for online transactions and are linked to the bank accounts.

The laws are stringent in nature so as to make sure the proper regularity of the app. The judiciary tends to look into any potential matter that could affect the online transaction that’s quite user sensitive in nature.

FAQs

How Is Third Party App Different From Payment Operating System?

Ans: A third party app provider or TRAP is basically an application that is created or made by the developer who isn’t the actual manufacturer or the actual owner of the website which offers the third party app However, The payment system operator basically connects a user’s bank account to that of an online platform that further deals with the monetary transaction of the customer. 

What Is The Work Of NPCI In Assuring A Proper Online System Of Transaction?

Ans: National Payments Corporation of India (NPCI), an umbrella organisation for operating retail payments and settlement systems in India, is an initiative of Reserve Bank of India (RBI) and Indian Banks’ Association (IBA) under the provisions of the Payment and Settlement Systems Act, 2007, for creating a robust Payment & Settlement Infrastructure in India.

What Is The Role Of RBI In Ascertaining A Proper Regulation Of Online Operating Systems?

Ans: As per Section 3 of the Payment and Settlements Act 2007, RBI is the designated authority for the regulation and supervision of payment systems under the Act.

What Is The Payment System Under Payment System Settlement Act, 2007?

Ans : According to Section 2(1) (i) of the PSS Act 2007, payment system enables payment to be effected between a payer and a beneficiary, involving clearing, payment or settlement service or all of them, it includes the systems enabling credit card operations, debit card operations, smart card operations, money transfer operations or similar operations.

Are Foreign Entities Allowed To Operate A Payment System In India?

Ans: Yes, the foreign entities are allowed to operate a payment system in India, The PSS Act 2007 does not prohibit foreign entities from operating a payment system in India. 


[1] https://www.fintechdemand.com/insights/finance/bank-payment-apps-vs-third-party-payment-apps-time-for-interoperability/

[2] The Payment and Settlement Systems Act, 2007

[3] https://www.medianama.com/2019/04/223-does-google-pay-need-the-rbis-approval-to-operate-in-india/

[4] https://www.financialexpress.com/industry/banking-finance/gpay-does-not-need-rbi-authorisation-as-not-a-payment-system-operator-google-to-hc/2032074/

[5] https://gadgets.ndtv.com/apps/news/google-pay-doesnt-share-customer-data-with-third-party-outside-of-payments-flow-company-says-2300910

[6] https://gadgets.ndtv.com/apps/news/google-pay-doesnt-share-customer-data-with-third-party-outside-of-payments-flow-company-says-2300910

[7] The Payment and Settlement Systems Act, 2007

Leave a Reply

Your email address will not be published. Required fields are marked *