Introduction to Digital Wallets
Digital wallets, also known as e-wallets, are software-based applications that store payment information and enable users to make transactions online or at physical stores without using cash or physical cards. They can be linked to bank accounts, credit cards, or other payment methods, offering a secure and convenient way to manage finances. In India, digital wallets have become integral to the digital payment ecosystem, driven by increased smartphone penetration and government initiatives.
What is a Digital Wallet?
A digital wallet is defined as a virtual platform where users can add, store, and transact money digitally for payment requirements. It functions similarly to a physical wallet but in digital form, allowing users to pay for goods and services seamlessly. For instance, users can link their bank accounts or credit cards to the wallet, enabling transactions via mobile devices. This definition aligns with the regulatory framework under the Payment and Settlement Systems Act, 2007 (PSS Act), which governs payment instruments, including digital wallets.
Types of Digital Wallets: Open, Semi-Closed, and Closed Systems
Digital wallets in India are classified into three main types based on their functionality and usage, as outlined by the Reserve Bank of India (RBI) under the Payment and Settlement Systems Act, 2007:
– Closed System Wallets: These wallets can only be used for purchases from the issuer, such as an online retailer’s platform. They do not require RBI approval as they are limited to the issuer’s ecosystem, ensuring no cash withdrawal or transfer to other banks.
– Semi-Closed System Wallets: These wallets can be used at multiple merchants but do not allow cash withdrawal. They are widely used for both online and offline purchases across various platforms. Issuers must obtain authorization from the RBI, with guidelines specified in the Master Direction on Issuance and Operation of Prepaid Payment Instruments (PPIs), first issued in 2009 and updated in 2019.
– Open System Wallets: These wallets function like bank accounts, allowing cash withdrawal and payments at any merchant. They are issued exclusively by banks and are fully interoperable, meaning they can be used across different payment systems. They are also regulated under the same Act, with full Know Your Customer (KYC) compliance required.
This classification is crucial for understanding the regulatory compliance and operational scope of each wallet type, with recent updates showing increased transaction limits for semi-closed wallets, such as UPI Lite’s balance limit raised to ₹5,000 in 2023.
Key Regulatory Bodies Governing Digital Wallets in India
Several regulatory bodies oversee digital wallets in India, ensuring security, innovation, and widespread adoption. Their roles are detailed below, with specific functions and recent developments.
RBI: Functions and Oversight
The RBI is the primary regulator for digital wallets, operating under the Payment and Settlement Systems Act, 2007. Its functions include:
– Authorization and Regulation: Entities issuing semi-closed or open system digital wallets must seek authorization from the RBI. The Master Direction on PPIs, issued in 2017 and revised in 2019, lays down eligibility criteria, such as a minimum net worth of ₹5 crore at application, increasing to ₹15 crore within three years. Non-bank entities proposing to issue such instruments must comply with these guidelines, as per Section 18 read with Section 10(2) of the Act.
– Security and Compliance: The RBI mandates strict security measures, including Additional Factor of Authentication (AFA) for online transactions, data encryption, and compliance with the Prevention of Money Laundering Act, 2002. Digital wallet issuers must adhere to the RBI Master Direction on KYC, 2016, which requires KYC procedures.
– Interoperability: The RBI has promoted interoperability among digital wallets through initiatives like UPI. In 2018, the RBI issued guidelines for interoperability, enabling access to a wide number of merchants, enhancing convenience and cost-effectiveness.
– Innovation and Supervision: The RBI encourages innovation through the Regulatory Sandbox, launched on November 4, 2019, with themes like mobile payments and offline solutions. It also conducts off-site and on-site inspections, with PPI issuers inspected annually, biennially, or triennially based on risk profiles.
– Consumer Protection: The RBI introduced the Ombudsman Scheme for Digital Transactions, 2019, effective January 31, 2019, for complaints related to digital transactions, including wallets. Large non-bank PPI issuers (over 1 crore outstanding PPIs) must have Internal Ombudsman Schemes by January 20, 2020.
Recent updates include the introduction of a pilot for offline payments using wallets, announced on August 6, 2020, running till March 31, 2021, to support remote or proximity payments.
National Payments Corporation of India (NPCI): Role in Payment Systems
The National Payments Corporation of India (NPCI), established under the Payment and Settlement Systems Act, 2007, is an umbrella organization for retail payment systems. Its role in digital wallets includes:
– Operating UPI: NPCI developed and manages UPI, a real-time payment system that integrates digital wallets with bank accounts. In March 2023, NPCI enabled wallet integration with UPI, allowing balances to be used for payments by scanning QR codes, extending UPI to include PPIs. This move attracted a merchant fee for payments over ₹2,000, with wallet issuers getting a 1.1% interchange.
– Promoting Interoperability: NPCI ensures digital wallets can be used across platforms, enhancing merchant acceptance. For example, UPI Lite, introduced in 2019, allows low-value transactions (up to ₹500 initially, raised to ₹1,000 per transaction by 2023) without a PIN, with a total wallet balance limit increased to ₹5,000, effective immediately.
– Innovation: NPCI continuously innovates, such as introducing auto top-up features for UPI Lite, allowing automatic fund transfers from linked bank accounts when the balance is low, with unused funds credited back by March 31, 2025.
– Regulatory Compliance: NPCI works with the RBI to ensure compliance, facilitating secure and efficient payment solutions. It also collaborates with stakeholders to promote digital payment adoption, with recent data showing over 3 billion UPI transactions in the last quarter of 2024, amounting to ₹5.9 trillion.
Ministry of Electronics and Information Technology (MeitY): Digital Initiatives and Policies
The Ministry of Electronics and Information Technology (MeitY) does not directly regulate digital wallets but plays a significant role in promoting digital payments through policy and initiatives. Its contributions include:
– DigiLocker: MeitY launched DigiLocker, described as India’s Digital Wallet for storing and sharing digital documents securely, under the Digital India program. As of October 18, 2024, it has over 100 million users, providing a secure cloud-based solution for citizens to store and verify documents. While primarily for documents, it underscores MeitY’s commitment to digitalization.
– Incentive Schemes: MeitY has introduced schemes to boost digital payment adoption, such as the BHIM-Cashback Scheme for Merchants, offering cashback on minimum 50 transactions (at least 20 from unique customers, minimum value ₹25), with merchants earning up to ₹1,000 per month. The BHIM-Referral Bonus Scheme for Individuals rewards users for referring others, promoting wallet usage.
– Digital India Program: MeitY oversees the Digital India program, aiming for a digitally empowered society. It includes the Digital Payments Scorecard, recognizing banks and payment companies for digital transaction volumes, with SBI leading in 2021 with 64 crore UPI transactions. This initiative supports wallet adoption, especially in rural areas, with a 35% increase in adoption as of January 2025.
– Promoting Digital Literacy: MeitY conducts awareness campaigns, such as the ‘Ask Our Experts’ series launched on October 18, 2024, to demystify digital projects, streamed on, encouraging wallet usage among diverse populations.
Primary Legislation Impacting Digital Wallets
Payment and Settlement Systems Act, 2007: Legal Framework for Payment Systems
The Payment and Settlement Systems Act, 2007 is the cornerstone for regulating payment systems, including digital wallets. Enacted to ensure the safety, efficiency, and reliability of payment systems, this act empowers the RBI to authorize, regulate, and supervise payment system operators. Under Section 18 read with Section 10(2) of the PSS Act, the RBI has issued key directions, notably the Master Direction on Issuance and Operation of Prepaid Payment Instruments (PPIs), which directly governs digital wallets.
Key Provisions
– Defines payment systems to include instruments like credit cards, debit cards, smart cards, and money transfers, encompassing digital wallets.
– Mandates that all payment system operators, including non-bank entities issuing PPIs, must comply with RBI guidelines.
– Authorizes the RBI to issue directions to ensure smooth functioning, setting standards for security, interoperability, and customer protection.
This act is crucial as it provides the legal basis for the RBI’s regulatory oversight, ensuring digital wallets operate within a standardized and secure framework. For instance, it facilitates the authorization process for non-bank PPI issuers, requiring them to seek RBI approval, as detailed in the Master Direction.
Reserve Bank of India Act, 1934: RBI’s Regulatory Authority
The Reserve Bank of India Act, 1934, established the RBI as India’s central bank, granting it extensive regulatory powers over banking and payment systems. Section 17 of this act allows the RBI to conduct business as the central bank, including regulating the issue of banknotes and operating the currency and credit system. This authority extends to supervising payment systems, which are integral to the economy.
Key Provisions
– Empowers the RBI to issue guidelines and directions to ensure monetary stability and regulate financial transactions.
– As the central bank, the RBI has the authority to supervise and regulate all payment systems, including digital wallets, to maintain public confidence and financial integrity.
This act underpins the RBI’s role in issuing regulatory frameworks like the PPI Master Direction, ensuring that digital wallets align with national financial policies.
Information Technology Act, 2000: Legal Recognition of Electronic Transactions
The Information Technology Act, 2000 (IT Act) is pivotal for the digital economy, providing legal recognition to electronic records and digital signatures, which are fundamental for digital wallet transactions. This act ensures that contracts, agreements, and transactions conducted electronically are legally valid, facilitating the growth of e-commerce and digital payments.
Key Provisions
– Section 4 recognizes electronic records as legally valid, provided they meet certain criteria, ensuring digital wallet transactions are enforceable.
– Section 5 provides legal recognition to digital signatures, crucial for authenticating transactions in digital wallets.
– Addresses cybercrimes under various sections, providing a framework for data protection and security, which is critical for safeguarding digital wallet transactions.
The IT Act is essential for digital wallets as it establishes the legal foundation for electronic transactions, ensuring their enforceability and security. For instance, it supports the legal validity of mobile wallet payments, reducing disputes over electronic contracts.
RBI’s Guidelines and Directions for Digital Wallets
The RBI has issued detailed guidelines and directions to regulate digital wallets, ensuring their operation aligns with legal standards and customer protection requirements. These are primarily encapsulated in the Master Direction on PPIs and related KYC and grievance redressal frameworks.
Master Direction on Issuance and Operation of Prepaid Payment Instruments (PPIs)
The Master Direction on Issuance and Operation of Prepaid Payment Instruments (PPIs), issued in 2017 under Section 18 read with Section 10(2) of the PSS Act, is the primary regulatory framework for digital wallets in India. This direction provides comprehensive guidelines on the issuance, operation, and regulation of PPIs, ensuring their safety, security, and interoperability.
Key Features
– Eligibility:
– Banks can issue semi-closed and open PPIs after RBI approval.
– Non-banks can issue only semi-closed PPIs and must be Indian companies under the Companies Act, 1956/2013, with a minimum net-worth of Rs. 5 crore initially, increasing to Rs. 15 crore within three years from authorization.
– Interoperability:
– KYC-compliant wallets must be interoperable via the Unified Payments Interface (UPI) within six months from the direction’s issuance, enabling seamless transactions across different wallets and bank accounts.
– Phased interoperability with bank accounts and cards, with operational guidelines issued separately.
– Customer Protection:
– PPI issuers must disclose terms and conditions clearly in English, Hindi, and local languages, including charges and expiry dates.
– A grievance redressal framework must be established, with complaints resolved within 48 hours (maximum 30 days), and display agent details and FAQs on website/app.
– Zero liability for customers in cases of fraud by the issuer; limited liability based on reporting time for other frauds:
– 0-3 days: Zero liability.
– 4-7 days: Liability up to Rs. 10,000 or the transaction value.
– Beyond 7 days: Liability as per the issuer’s board policy, following guidelines from January 4, 2019 circular.
This direction ensures that digital wallets operate in a secure and customer-friendly manner, fostering innovation while mitigating risks.
KYC Norms and Anti-Money Laundering (AML) Requirements
Digital wallet issuers must comply with the RBI’s Master Direction – Know Your Customer (KYC) Direction, 2016, updated with amendments effective November 6, 2024, aligning with legal frameworks like the Prevention of Money Laundering Act, 2002, and Unlawful Activities (Prevention) Act, 1967. These norms are designed to prevent money laundering, terrorist financing, and other financial crimes while ensuring customer identification and due diligence.
Key Requirements
– Customer Due Diligence (CDD):
– Must be performed for transactions of Rs. 50,000 and above, including PPI reloads, as per paragraph 13, point 4 of the KYC Direction.
– Involves identifying and verifying the customer and beneficial owner using reliable sources, as defined in paragraph 3(b)(v).
– Small Accounts for PPIs:
– General small account limits apply: Aggregate credits ≤ Rs. 1,00,000/year, aggregate withdrawals/transfers ≤ Rs. 10,000/month, balance ≤ Rs. 50,000 at any time (paragraph 23).
– Non-Face-to-Face Onboarding:
– Video-based Customer Identification Process (V-CIP) can be used for PPI customers (paragraph 18).
– Enhanced Due Diligence (EDD) required for non-face-to-face onboarding, including verifying PAN and ensuring the first credit comes from a KYC-compliant account (paragraph 40).
– Periodic Updation:
– Term changed to “periodic updation” for clarity, with updates based on risk:
– High-risk customers: Every 2 years.
– Medium-risk customers: Every 8 years.
– Low-risk customers: Every 10 years (paragraph 38).
– For PPIs, ensure mobile number for Aadhaar authentication matches registered details (paragraph 38(a)(3)).
– Reporting Requirements:
– Report suspicious transactions to FIU-IND, with delays constituting separate violations (paragraph 49).
– Use FIU-IND utilities for CTR/STR reporting.
– FATF Compliance:
– Apply EDD for transactions with countries not applying FATF Recommendations, as per RBI circulars (paragraph 54).
The November 2024 amendments streamlined processes for existing KYC-compliant customers, clarified definitions for high-risk accounts, and ensured all KYC data is uploaded to the Central KYC Records Registry (CKYCR) within 7 days or as specified, enhancing efficiency while maintaining regulatory rigor.
Customer Grievance Redressal Mechanisms
To ensure customer satisfaction and trust, PPI issuers are required to establish robust grievance redressal mechanisms as mandated by the Master Direction on PPIs.
Key Requirements
– Nodal Officer:
– Each PPI issuer must appoint a nodal officer responsible for handling customer complaints, ensuring a point of contact for users.
– Resolution Timeline:
– Complaints must be resolved within 48 hours, with a maximum resolution period of 30 days, ensuring timely redressal.
– Transparency:
– Contact details of the grievance officer must be displayed on the issuer’s website or mobile application, enhancing accessibility.
– FAQs must be provided to assist customers in understanding common issues and resolutions, improving user experience.
– Customer Liability:
– Zero liability for customers in cases of fraud by the issuer, protecting users from issuer-related risks.
– Limited liability for other frauds based on reporting time:
– 0-3 days: Zero liability, encouraging prompt reporting.
– 4-7 days: Liability up to Rs. 10,000 or the transaction value, balancing risk.
– Beyond 7 days: Liability as per the issuer’s board policy, following guidelines from January 4, 2019 circular.
These mechanisms ensure that customers have a clear and efficient channel to address grievances, enhancing trust in digital wallet services and aligning with consumer protection standards.
Compliance Requirements for Digital Wallet Providers
Digital wallets, classified as PPIs under RBI regulations, are subject to stringent compliance requirements to ensure financial stability, security, and consumer protection. These requirements are primarily governed by the Payment and Settlement Systems Act, 2007, and related RBI directives.
Licensing and Authorization Procedures
The RBI regulates digital wallets under the Payment and Settlement Systems Act, 2007, which provides the legal basis for overseeing payment systems in India. Non-bank entities intending to issue PPIs, including digital wallets, must seek authorization from the RBI. This process involves submitting an application and meeting eligibility criteria, as outlined in the RBI’s guidelines.
Banks and non-banking financial companies (NBFCs) are required to obtain approval from the RBI’s Department of Payment and Settlement Systems, ensuring alignment with financial regulations. Existing PPI issuers were mandated to comply with these guidelines within three months of their issuance, ensuring a smooth transition to regulatory standards.
Capital Adequacy and Security Measures
Capital adequacy is a critical component of digital wallet regulation. Banks and NBFCs must adhere to the RBI’s capital adequacy norms, which are periodically updated to reflect financial stability requirements. For non-bank entities, a minimum net owned funds of Rs 10 lakhs is required, ensuring sufficient financial backing for operations. Security measures are equally vital, with providers mandated to implement robust information security policies.
Compliance with PCI-DSS (Payment Card Industry Data Security Standard) and PA-DSS (Payment Application Data Security Standard) is compulsory, alongside regular security audits. Providers must also report cyber incidents to the RBI and CERT-In, enhancing the security framework for digital transactions.
Data Protection and Privacy Obligations
Data protection is a growing concern, with digital wallet providers required to comply with the RBI’s KYC guidelines and the Prevention of Money Laundering Act, 2002. These regulations mandate maintaining detailed transaction logs for RBI scrutiny and filing suspicious transaction reports with the Financial Intelligence Unit-India (FIU-IND). The recent enactment of the Digital Personal Data Protection Act, 2023, introduces additional obligations, requiring providers to ensure data accuracy, security, and deletion once its purpose is fulfilled.
Recent Regulatory Developments and Updates
The regulatory landscape for digital wallets has seen significant updates, reflecting India’s push towards a secure and innovative digital economy. These developments, effective as of recent years, include new guidelines and frameworks that directly impact digital wallet operations.
Introduction of the Payment Aggregators and Payment Gateways Guidelines
On March 17, 2020, the RBI issued the “Guidelines on Regulation of Payment Aggregators and Payment Gateways,” effective from April 1, 2020, under the Payment and Settlement Systems Act, 2007. These guidelines aim to regulate payment aggregators, entities that facilitate e-commerce sites to accept various payment instruments, and provide baseline technology-related recommendations for payment gateways. Key provisions include:
– Authorization: Non-bank payment aggregators must obtain RBI authorization by June 30, 2021, ensuring regulatory oversight.
– Capital Requirements: Existing aggregators must maintain a net worth of Rs 15 crore by March 31, 2021, and increase it to Rs 25 crore by March 31, 2023, with new entrants required to meet these thresholds at application and thereafter.
– Governance and Security: Stringent governance norms, including fit and proper criteria for directors, and robust security measures to prevent fraud and cyber threats, are mandated.
These guidelines are particularly relevant for digital wallet providers acting as payment aggregators, ensuring they meet operational and security standards in the digital payment ecosystem.
Impact of the Digital Personal Data Protection Act, 2023 on Digital Wallets
The Digital Personal Data Protection Act, 2023, enacted on August 11, 2023, marks a significant milestone in India’s data protection regime. This Act applies to the processing of digital personal data within India and to such processing outside India if it is for offering goods or services in India. For digital wallet providers, the Act introduces several key provisions:
– Consent Management: Personal data can only be processed with the explicit consent of the individual, except in specified legitimate cases, such as voluntary sharing by the individual or processing by the State for permits and services.
– Data Security: Providers are obligated to maintain data accuracy, security, and delete it once its purpose is met, enhancing consumer trust.
– Individual Rights: Individuals have rights to access, correct, and erase their personal data, as well as to lodge complaints, empowering data principals.
RBI’s Regulatory Sandbox for FinTech Innovations
To foster innovation in the fintech sector, the RBI introduced a Regulatory Sandbox framework, with the latest enabling framework. This framework provides a controlled environment for fintech startups, including digital wallet providers, to test innovative products and services before full-scale deployment. Key features include:
– Purpose: The sandbox aims to develop innovation-enabling regulations, allowing startups to test hypotheses in a safe environment, supervised by the RBI’s fintech department.
– Eligibility Criteria: Startups must have a minimum net worth of Rs 10 lakhs, technology ready for broader market deployment, and promoters must be ‘fit and proper.’
– Application Themes: Focuses on areas like digital payments, blockchain technologies, digital KYC, and data analytics, with applications accepted ‘on-tap’ and programs running perpetually. Exclusions include cryptocurrencies and chain marketing services.
– Post-Sandbox Process: Startups may need additional regulatory clearances before consumer rollout, ensuring compliance with broader financial regulations.
This initiative is particularly beneficial for digital wallet providers, enabling them to experiment with new technologies, such as blockchain-based wallets or advanced security features, in a regulated yet innovative environment. Recent examples include HDFC Bank and Crunchfish’s retail payment solution for offline situations exiting the sandbox for market adoption on December 11, 2023, demonstrating practical applications.
Challenges and Compliance Issues in the Digital Wallet Sector
Cases of Non-Compliance and Regulatory Actions
In India, digital wallets are regulated under the RBI Master Directions on Prepaid Payment Instruments (PPIs), issued in August 2021. This regulation, enacted under the Payment and Settlement Systems Act, 2007, consolidates previous guidelines and establishes a comprehensive framework for PPIs, including digital wallets. Key provisions include:
– Eligibility and Authorization: Only banks, non-banking financial companies (NBFCs), and companies incorporated under the Companies Act, 1956/2013, can issue PPIs, requiring RBI authorization. Entities must maintain a minimum net worth of ₹50,000,000 at application, increasing to ₹150,000,000 by the third financial year.
– KYC Requirements: Small PPIs (with cash loading) require minimal KYC, such as mobile number verification and self-declaration of name and identification number. Full KYC PPIs mandate authentication per RBI regulations, ensuring robust identity verification.
– Loading and Transaction Limits: Small PPIs have a monthly loading limit of ₹10,000 and an annual limit of ₹1,20,000, while Full KYC PPIs have no separate limit but are subject to issuer-defined caps. Cash withdrawals are allowed for Full KYC PPIs, with bank-issued PPIs capped at ₹2,000 per transaction and ₹10,000 monthly.
– Interoperability: Mandatory for Small and Full KYC PPIs, requiring technical compliance with RBI Circulars from May 2021, enabling transactions across different wallets.
– Consumer Protection: PPI issuers must disclose terms in English, Hindi, and local languages, resolve grievances within 48 hours (maximum 30 days), and display customer care and nodal officer details. The RBI’s 2019 guidelines limit consumer liability to zero for unauthorized transactions due to issuer negligence.
While specific cases of non-compliance are not always publicly detailed, the RBI has enforcement powers under the Payment and Settlement Systems Act, 2007, including penalties, suspension, or revocation of authorization.
Investigations revealed crypto exchanges with dubious KYC practices, laundering over ₹1,000 crore, highlighting potential regulatory actions against wallet providers. This suggests a proactive stance, though specific wallet-related enforcement cases remain less documented.
Consumer Protection Concerns and Measures
Consumer protection is a cornerstone of India’s digital wallet regulations, with specific measures outlined in the RBI’s PPI framework and 2019 consumer protection guidelines. Key aspects include:
– Liability for Unauthorized Transactions: If an unauthorized transaction occurs due to the PPI issuer’s negligence, the customer’s liability is zero, as per RBI guidelines.
– Grievance Redressal: PPI issuers must resolve complaints within 48 hours, with a maximum timeline of 30 days, and display customer care and nodal officer details. However, the RBI relies on quarterly filings for consumer complaints data, lacking real-time access, which delays systemic issue identification.
International Perspectives: Global Regulatory Approaches to Digital Wallets
European Union’s eIDAS Regulation and Its Implications
The EU’s eIDAS Regulation (Regulation (EU) No 910/2014), updated by Regulation (EU) 2024/1183, establishes a framework for electronic identification and trust services, introducing the European Digital Identity Wallet (EUDI Wallet). Key details include:
– Scope: Mandates member states to offer at least one EUDI Wallet by 2026, enabling citizens, residents, and businesses to prove identity and share digital documents (e.g., identity cards, driving licenses) across the EU.
– Interoperability: Ensures cross-border recognition, aligning with cybersecurity legislation for enhanced security.
– User Control: Users control personal data sharing, with legal recognition of digital documents equivalent to physical ones.
– Implementation: Supported by five Implementing Acts adopted on November 28, 2024, and large-scale pilot projects testing usability across government services, bank accounts, and online payments.
The EUDI Wallet’s implications for digital wallets include standardized identity management, increased trust, and economic growth through enhanced online transactions, setting a global benchmark for interoperability and privacy.
United States’ CFPB Regulations on Digital Payment Apps
In the US, the Consumer Financial Protection Bureau (CFPB) finalized a rule in November 2024 to supervise nonbank digital payment apps handling over 50 million transactions annually, targeting major platforms like Venmo, Cash App, and PayPal.
This rule ensures large digital payment apps adhere to federal consumer protection laws, addressing scams (e.g., $210 million lost in 2023) and enhancing market fairness.
Conclusion
The regulatory landscape for digital wallets is primarily governed by the RBI under the Payment and Settlement Systems Act, 2007, enacted on December 20, 2007. This act regulates payment systems, including digital wallets, and mandates RBI supervision and authorization for operation (Section 3 and Section 4). No person or entity can operate a payment system without RBI permission, with applications processed under Section 5 and authorizations issued after due inquiry under Section 7, considering factors like financial status and management experience.
Digital wallets are classified as PPIs under the RBI’s Master Circular “Policy Guidelines on Issuance and Operation of Pre-paid Payment Instruments in India,” first issued in 2009 and updated regularly, with the latest significant update noted in December 2014.
Eligibility to issue PPIs is restricted to banks and certain non-banks, with banks able to issue all categories and non-banks limited to closed and semi-closed PPIs, including mobile-based ones. Capital requirements include compliance with RBI’s Capital Adequacy norms for banks and NBFCs, while other persons must have a minimum paid-up capital of Rs. 500 lakh and a positive net worth of Rs. 100 lakh.
Foreign Direct Investment (FDI) and Foreign Institutional Investor (FII) companies must meet Consolidated FDI policy guidelines, and only Indian-incorporated companies are eligible for RBI authorization.
Transaction limits are subject to Domestic Money Transfer Guidelines, with no separate limit on commodity purchases. PPIs must have a minimum validity of 6 months, with non-reloadable PPIs allowing transfer of outstanding amounts to new similar PPIs. Issuers must caution holders 30 days prior to expiry via SMS/email/post, in the preferred language, with expiry and forfeiture policies disclosed at sale/reload and on the issuer’s website.
Data protection is critical, with providers required to have infrastructure to prevent and detect frauds, including a centralized database/MIS to prevent multiple purchases. Customer protection measures include disclosing all terms in clear language, including charges, fees, expiry period, and customer service contact details (telephone numbers, website URL).
Beyond RBI regulations, digital wallets are subject to the Information Technology Act, 2000, which imposes civil and criminal penalties for cyber crimes via e-banking, and the Indian Penal Code, 1860, which addresses criminal liability for cheating, forgery, fraud, and counterfeit currency. Privacy rights are protected under Article 21 of the Indian Constitution as a Fundamental Right, with The Digital Personal Data Protection Act, 2023, proposed to govern the collection, storage, and use of personal data, currently awaiting Parliament approval.
The Consumer Protection Act, 2019, applies to digital payments, ensuring consumer protection for digital wallet users, including dispute resolution and rights against unfair trade practices. The National Cyber Security Policy, 2013 aims to defend key information infrastructure from cyber threats affecting digital wallets, while Payment Card Industry Data Security Standards (PCI DSS) require merchants to secure cardholder data during transactions.
While digital wallets are regulated, cryptocurrencies like Bitcoin operate in a grey area, not recognized as legal tender, with a 30% tax on crypto gains and 1% TDS on transactions above ₹50,000 (₹10,000 in some cases) as of 2025, under the Prevention of Money Laundering Act, 2002. This affects related wallet services, with compliance required for AML and KYC norms.
Legal risks include money laundering, customer disclosures, privacy protection, contractual breaches, fraud, counterfeiting, default, and issues related to monetary policy, supervision of payment systems, bank reserves, credit facilities, clearing, settlement, liquidity, and stability. The regulatory framework aims to mitigate these risks through strict compliance and oversight.
Master the essentials of Implementation of the Digital Personal Data Protection Act, 2023 (DPDPA), ensuring compliance and robust data security.
