Security Concerns Stall Paytm PoS within a Day of Launch

To expand the array of options through which Paytm-empowered Merchants can accept cashless payments, the recent update to Paytm app had brought Point of Sale (PoS) functionality on board. The Paytm PoS feature allowed merchants to receive payments for the sale of services using Credit and Debit cards of customers without needing a card machine. While this might have been sought as an option to leverage added payment options to the merchants, financial institutions Visa and MasterCard have expressed resent citing security issues causing Paytm to roll back the service.

Take, for instance, you visit a vendor or merchant who accepts cards as a Paytm PoS. You may enter your card details in the merchant’s Paytm-enabled device (phone or tablet), following the two-factor authentication as mandated by the RBI for all online card transaction. Although Paytm said in a recent blog post that the transactions are PCI DSS (Payment Cards industry Data Security Standard) certified, this could be turned into an episode of malice if the merchant secretly takes a screenshot of your card details. Please note, we don’t endorse that every merchant may illicitly steal away your card’s credentials, but there is a high likeliness (and associated hesitation in customer) to it.

Paytm has always maintained that their transactions are end-to-end encrypted and that it holds no information of transactions or credential to users’ financial instruments. Despite efforts and claiming their move in favour of easing payments for merchants, the Noida-based e-wallet solutions company faced criticism from banking institutions like Visa and Mastercard. Citing safety and security shortcomings, Paytm was forced to pull the feature back within the first day of launch.

https://paytm.com/blog/wp-content/uploads/2016/11/CxbsQZ0UoAAgx3H.jpg" align="alignleft" width="400"> Gods ride the cashless train. A snippet of Kalkaji temple, Delhi accepting donations via Paytm.

Mastercard, which led the initiative to make Paytm withdraw the service, was vocal about the fact that Paytm had overlooked vital certifications, a step which could lead to breach of customers’ data. Meanwhile, competitor voiced the initiative to be lawless.

After withdrawing the service, Paytm reached out through its blog to state that it is committed to the security and privacy of its clients’ data. It continued stating that this mindset will enable and inspire Paytm to re-launch the service only after necessary updates to make it more secure. Since the demonetization of old Rs. 500 and Rs. 1000 notes in India, Paytm has witnessed a substantial leap in business, from number of transactions to multifold app download statistics, thus capturing a large chunk of the market through its cashless solutions.

Interested in learning how Paytm works? Read HERE.