1. Home
  2. WhatsApp Pay may put Indian digital banking at risk: Experts

WhatsApp Pay may put Indian digital banking at risk: Experts

Agencies
November 8, 2019

After WhatsApp accounts of 121 Indians were compromised by the Israeli spyware Pegasus, experts have warned that the payment feature the Facebook-owned platform is planning to launch in India may put the digital banking system at risk.

"WhatsApp payment needs to be seen with microscopic eye, primarily because in payment you will be dealing with sensitive personal data and cyber security is going to be an essential building block component for WhatsApp to demonstrate its due diligence," Pavan Duggal, one of the nation's top cyber law experts, told IANS.

The Ministry of Electronics and Information Technology (Meity) has already expressed dissatisfaction over the manner WhatsApp communicated about the compromised accounts.

The piece of NSO Group software called Pegasus allegedly exploited WhatsApp's video calling system by installing the spyware via missed calls to snoop on 1,400 users globally. The devices were compromised with just a WhatsApp video call.

In May, WhatsApp, which has 400 million users in India, urged its 1.5 billion global users to upgrade the app after discovering the vulnerability.

"WhatsApp's recent operations have shown that it's difficult for the government to get information from it. WhatsApp is an intermediary under the Information Technology Act and is mandated to exercise due diligence under the law. But it has failed to do due diligence," Duggal said.

"You should not be in a hurry to grant new licences or permission to WhatsApp without being satisfied with its adherence to cyber-security norms, international best practices and Indian laws," he said.

The Facebook-owned company is learnt to have countered the government charge that it didn't inform it about a privacy breach on the messaging platform. WhatsApp didn't even comply with the data breach notification law in India, Duggal said.

"It (WhatsApp) didn't follow reasonable security practices as mandated in Section 43A of the IT Act, 2000. In fact, it abetted the crime of un-authorised access too. Granting WhatsApp pay licence should be given a second thought by the Reserve Bank of India," said Prashant Mali, cyber lawyer at Bombay High Court.

In light of the recent hack, the government, the RBI and the National Payments Corporation of India (NPCI) is reportedly evaluating the risk of allowing social media apps into the digital payment ecosystem.

"With the government, the RBI and the NPCI planning to evaluate the risks involved in making payments via social media apps and services, the security of the UPI payment infrastructure on WhatsApp Pay has been rendered under a cloud of vulnerability," said Salman Waris, Managing Partner at TechLegis Advocates & Solicitors, a law firm.

The RBI revealed in an affidavit in the Supreme Court earlier that WhatsApp had not complied with the data localisation norms. In an April 2018 circular, the RBI stated that the data of any payment banking system have to physically located in India.

"The history of WhatsApp has shown that it's not cooperative with the government in sharing of information. If financial information is compromised, it will not only have an impact on users, but it can also have an impact on the sovereignty and security of India," Duggal said.

The government must go slow till the time WhatsApp demonstrates compliance to Indian law and showed that the platform was secure, he said.

"Because almost every phone user in India is on WhatsApp, it's all the more important for the government and the RBI to ensure that WhatsApp not only complies with the parametres of cyber security and data localisation norms, but also the IT Act and the rules and regulations thereunder.

"If WhatsApp doesn't comply with the data localisation norms, rules and regulations of the IT Act, then there is no question of granting new permission," Duggal said.

In a statement, a WhatsApp spokesperson said that safety and security of users remains the platform's highest priority.

"In May, our security team caught and stopped a cyber attack designed to send malware to mobile devices. Unable to break end-to-end encryption, this kind of malware abuses vulnerabilities within the underlying operating systems that power our mobile phones," the WhatsApp spokesperson said.

"Technology companies are constantly working to stay ahead of these kind of challenges through updates and patches. The safety and security of our users remains our highest priority, which is why in May we blocked the attack and have taken action in the courts to hold NSO accountable," the statement added.

Facebook filed a lawsuit against Israel's NSO Group last month. According to Facebook, the NSO Group violated laws, including the US Computer Fraud and Abuse Act.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
December 4,2025

Udupi: A 40-year-old NRI from Udupi has reportedly lost more than Rs 12.25 lakh in an online investment scam operated through Telegram.

According to a complaint filed at the CEN police station, Leo Jerome Mendonsa, who has been working in Dubai for the past 15 years in computer accessories sales, maintains NRI accounts in Karkala and Nitte.

On November 12, 2025, Mendonsa was added to a Telegram group called Instaflow Earnings by unknown individuals. Users identified as Priya and Dipannita persuaded him to invest in “Revenue Tasks.” Initially, Mendonsa transferred Rs 1,100 multiple times and received the promised returns, encouraging him to continue.

On November 14, another user, Nishmitha Shetty, directed him to register on a website, digitvisionuoce.cc, and invest Rs 4 lakh in various shares. Over the next few days, he made multiple transfers totaling Rs 12,25,000, including Rs 50,000 via Google Pay, believing the scheme was legitimate.

After receiving the money, the alleged handlers stopped responding, and neither the invested amount nor the promised profits were returned.

The CEN police have registered a case under Sections 66(C) and 66(D) of the IT Act and Section 318(4) of the Bharatiya Nyaya Sanhita (BNS), and investigations are ongoing.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 22,2025

Mangaluru: Police Commissioner Sudheer Kumar Reddy C H has warned of strict action against individuals spreading rumours and attempting to create insecurity within the Muslim community and fuel hatred between Hindus and Muslims through social media.

Referring to a recent social media post alleging that police personnel had entered a masjid premises to check whether beef was being cooked, the commissioner said miscreants were attempting to push their communal agenda. 

“A group of people, both from Mangaluru and abroad, are trying hard to spread rumours. For the past 10 days, they have been attempting to rake up old issues, highlight routine matters as controversies, or fabricate news altogether,” he said.

He reiterated that any such attempts to disturb communal harmony would invite legal action. “Cases will be registered and the accused will be brought to book,” he stated.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
December 4,2025

Mangaluru: Chaos erupted at Mangaluru International Airport (MIA) after IndiGo flight 6E 5150, bound for Mumbai, was repeatedly delayed and ultimately cancelled, leaving around 100 passengers stranded overnight. The incident highlights the ongoing country-wide operational disruptions affecting the airline, largely due to the implementation of new Flight Duty Time Limitations (FDTL) norms for crew.

The flight was initially scheduled for 9:25 PM on Tuesday but was first postponed to 11:40 PM, then midnight, before being cancelled around 3:00 AM. Passengers expressed frustration over last-minute communication and the lack of clarity, with elderly and ailing travellers particularly affected. “Though the airline arranged food, there was no proper communication, leaving us confused,” said one family member.

An IndiGo executive at MIA cited the FDTL rules, designed to prevent pilot fatigue by limiting crew working hours, as the cause of the cancellation. While alternative arrangements, including hotel stays, were offered, about 100 passengers chose to remain at the airport, creating tension. A replacement flight was arranged but also faced delays due to the same constraints, finally departing for Mumbai around 1:45 PM on Wednesday. Passengers either flew, requested refunds, or postponed their travel.

The Mangaluru delay is part of a broader crisis for IndiGo. The airline has been forced to make “calibrated schedule adjustments”—a euphemism for widespread cancellations and delays—after stricter FDTL norms came into effect on November 1.

While an IndiGo spokesperson acknowledged unavoidable flight disruptions due to technology issues, operational requirements, and the updated crew rostering rules, the DGCA has intervened, summoning senior airline officials to explain the chaos and outline corrective measures.

The ripple effect has been felt across the country, with major hubs like Bengaluru and Mumbai reporting numerous cancellations. The Mangaluru incident underscores the systemic operational strain currently confronting India’s largest carrier, leaving passengers nationwide grappling with uncertainty and delays.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.