WhatsApp Says It May Share Payment Details Of Users With Facebook & Other Third Party Providers

WhatsApp, which launched payments on a trial basis for some users in February, has said that it may share customers’ payment data with parent company Facebook and other third-party providers and services.

This payment is based on the Unified Payments Interface (UPI) platform and WhatsApp plans to introduce the service to all its users soon.

WhatsApp may share payment data with Facebook

As per a clause in the privacy policy of WhatsApp, the payment details are transferred to maintain the transaction history, to provide customer support and protect against fraud. It reads, “We share information with third-party providers and services to help us operate and improve Payments… To send payment instructions to PSPs (payment service providers), maintain your transaction history, provide customer support, and keep our Services safe and secure, including to detect, prevent, or otherwise address fraud, safety, security, abuse, or other misconduct, we share information we collect under this Payments Privacy Policy with third-party service providers including Facebook.”

It further says, “To provide Payments to you, we share information with third-party services including PSPs, such as your mobile phone number, registration information, device identifiers, VPAs (virtual payments addresses), the sender’s UPI PIN, and payment amount.”

However, as per earlier reports, a WhatsApp spokesperson told PTI that it is not keeping track of the friends and family one messages to. The spokesperson said that the one-to-one communications are fully encrypted, however, the metadata having information about whom you are talking to and how often can still be mined.

National Payments Corporation of India (NPCI), the body that oversees the UPI platform, issued a circular, according to which the banks associated with third-party payment apps like WhatsApp and PhonePe, before sharing customer data, need to take permission from NPCI. It said, “PSP bank shall ensure that third-party app provider shall require an exclusive permission from NPCI & PSP bank for sharing individual UPI transaction data with any other third party including its own parent, subsidiaries and subsidiaries of parents other than entities such as Indian government/Indian intelligence/Indian law enforcement agencies/Indian regulatory bodies.”

This comes at a time when Facebook itself is embroiled in the Cambridge Analytica scam. Facebook in its detailed report to the Ministry of Information Technology said that more than 5.6 lakh people were potentially affected by the data breach, which is 0.6% of the people potentially affected in the world.

According to the detailed report, 335 people in India installed the app “thisisyourdigitallife”, which is 0.1% of the app’s worldwide installs. Through these 335 users, other 5,62,120 facebook friends were additionally affected, which means about 0.22% of Indian users may have been affected. Facebook estimates that data of about 87 million users worldwide has been harvested.