Three weeks after the demonetisation of the Rs. 500 and Rs. 1000 notes, it's still chaos for many. Amongst the few who have cause to cheer are the various mobile wallet companies, such as Paytm, FreeCharge, and MobiKwik. These companies have seen a huge increase in downloads, signups, and transactions, as it becomes hard to find cash.
We're looking for more and more alternatives to cash, so when Paytm last week announced the launch of its app POS system, many were full of praise for the idea. The way it works is simple - it allows small vendors, such as your roadside vegetable seller, who can not accept card payments, to start using the Paytm app as a replacement for the EDC aka card swipe machine. Then, just a day later, Paytm pulled the plug on the idea, citing security concerns in a now deleted blog post.
Just two days later, Paytm resumed the service, claiming the risks are no different from using a card swipe machine. On Monday Gadgets 360 reached out to Paytm asking to know what changes or security features have been added, but there has been no response. Based on what the company has revealed, it sounds like a great idea for small merchants, as it will enable them to start accepting card payments.
The EDC machines are expensive - you have to pay several thousand rupees for one, and you need infrastructure in place to use it. It can be bought, or rented from banks, but it's something that doesn't really make sense for small shops, forget about your local thelawala. That's why wallet companies have begun the process of on-boarding these merchants - the costs are lower, and as FreeCharge's CEO, Govind Rajan pointed out to Gadgets 360, getting small merchants on board with wallets will drive adoption among consumers as well.
The catch is that if you want to buy fruits from a vendor who supports Paytm, then you need to install the Paytm app on your phone, and load money into the app before you can pay; if the vendor has only signed up with MobiKwik, then you need a MobiKwik account. That's why Paytm's announcement sounds so appealing at first glance. Now, you're no longer locked to your Paytm account - as long as you have a credit or debit card, you can simply use that to pay anywhere that Paytm is accepted. It adds a huge amount of convenience and makes the vendor using Paytm much more useful than one on another wallet.
However, although Paytm CEO Vijay Shekhar Sharma says that "India needs a very innovative mobile POS machine," the fact is that Paytm's solution does not include an actual machine. And that's a problem.
Why is that a big deal, you might be wondering? There's no machine to physically swipe, but you can still use your card, anywhere. Thanks to this you'll be able to use your debit card to pay the auto fare, or take care of the ironing bill. What could be better?
Well, Paytm's implementation could have been a lot better. Here's how it works, based on our understanding from what Paytm said and showed at the launch. Paying with a debit card follows these steps:
What it has done is essentially find a way to carry out an online transaction, but on the spot. And instead of using your phone, it's using the merchant's device to do this. This is problematic solution for a number of reasons. First up, having to type out your card details every single time you need to make a transaction is hugely cumbersome. In the pre-demonetisation days, you'd have pulled out a couple of hundred rupee notes, multiple times in the day, handed them over, take your change, and been on your way in under 10 seconds.
Now you're going to pull out your wallet to get your card, carefully enter the details on a phone which probably has a small, low-res screen (remember, this is mostly for small vendors who can't have a regular POS terminal), and then you've got to hope that the SMS OTP comes in a timely fashion, put the wallet back in and pull your own phone out to read the OTP, and then enter that into the phone, before the transaction is done.
Imagine doing that every time you take an auto or buy some vegetables, and you'll see why the interface needs a complete overhaul.
The other issue is that you have no real assurance of security in this transaction. The phone being used is the merchant's, not yours, and it could easily have some kind of software installed to capture all your transaction data. Of course, a seller could steal your card number and CVV with a physical card too, but it's harder to do if the transaction is taking place in front of you. Malicious intent isn't the only problem either. The phone in question isn't only going to be used as a card reader. It's connected to the Internet, and it's going to be used online. Android malware remains a problem, so even if the merchant can be trusted, the phone might not be safe.
So what, you might still say. The OTP can provide protection, you might be thinking. And that is right - it is a minor inconvenience that serves a very useful purpose. Of course, in the case of a malicious software that's stealing your card data, there's a real risk that those details will be used to carry out transactions in a foreign market, which does not have India's two-factor authentication requirement. If you have an international debit card, it's suddenly a lot more worrying if someone has your card number, expiry date, and CVV.
On the other hand, with a chip and PIN card it is harder to skim the details, if the transaction happens in front of you, and the process is fast and almost as easy as using cash. So Paytm's solution loses out in terms of safety and ease of use both.
Although Paytm's app POS is an interesting idea the implementation leaves a lot to be desired, and at least for now, we'd suggest loading up the wallet of your (merchant's) choice, and using that method for payments instead.
Disclosure: Paytm's parent company One97 is an investor in Gadgets 360.