PAN details: Centre to curb unauthorised use of PAN details by tech companies

Share This Post


As the Union government prepares to notify the Digital Private Data Protection Act, 2023 (DPDP), law enforcement authorities are cracking down on almost every unauthorised use of personally identifiable information (PII) by technology companies.

In one of the latest moves, the Union home ministry through the Indian Cybercrime Coordination Centre (I4C) has asked to shut down any unauthorised use of Pan (Permanent Account Number) of Indian citizens by fintechs and other consumer technology companies, according to three people in the know.

“This was known as a ‘Pan enrichment’ service, which would help loan distribution companies create a profile of their customers against their Pan numbers, for cross sell of credit and other financial products,” said a top executive at a fintech firm on the condition of anonymity. “Sometimes this data was also used to cross check the details put in by the customer in his or her application form,” he added.

These services have been facing disruptions for the past few weeks as most of these unauthorised services are being shut down after government intervention, ET has learnt.

Emailed queries to I4C and the Income Tax department went unanswered till press time.


ET wrote on October 24 that the National Payments Corporation of India has shut down all unauthorised use of customer data related to Unified Payments Interface handles.

Discover the stories of your interest


Modus operandi

According to three industry insiders, many companies would use the Pan number of a customer and use the Income Tax department’s backend systems to access the customer’s full name, address, phone number and many such details. Pan number is linked to consumers’ credit scores as well, which is a very valuable data source, one of the executives said.

While this was not a case of data leakage, it was an unauthorised usage of the backend systems of the Income Tax department, which is managed by technology services companies.

“There has been no disruption in the authorised service which is through the National Securities Depository (NSDL), where they do not share any personal data against the Pan number but just says whether the details provided match with their database,” the executive added.

While it is not exactly possible to determine which fintechs used this service given it is part of their internal processes, multiple people in the know said that most consumer lending, loan sourcing channels or direct sales agents, and credit aggregators used this unauthorised service extensively.

Larger crackdown

One of the executives quoted earlier in the story pointed out that these could be part of the government’s larger plan of shutting down any unauthorised access to PII of Indian citizens, which will come under scrutiny post the notification of the data protection rules.

The DPDP Act of 2023 clearly mandates that citizens’ data can only be processed by service businesses after taking due consent and through authorised channels only.

“After the Supreme Court judgement on Aadhaar, the rules around access to this database had gotten codified and formalised; now the government will crackdown on every unauthorised access to any government database,” the executive said.

While industry insiders said that there will be disruption because of the clampdown, they added that it will also help clean up all the systems before the strict data protection rules come into effect.



Source link

spot_img

Related Posts

spot_img