In this blog post, Vyoma Mehta, a student of NMIMS, School of Law, who is currently pursuing a Diploma in Entrepreneurship Administration and Business Laws from NUJS, Kolkata, writes about the liability of e-wallets in credit card frauds.


An online wallet can popularly be defined as a place where a prepaid account is created online, where one can stock money, and the same money can be used as and when required by the person. The requirement of the system of e-wallets was seen with the rapid and unprecedented increase in the e-commerce sector in India. As the buying and selling increased in an online medium, mode of payments through online mediums also had to emerge, and thus the concept of e-wallets has been established which further helps in completing transactions. Through e-wallets, understood as a pre-loaded facility, consumers will be able to buy a variety of products that range from airline tickets to grocery without always having to swipe their debit or credit card, as the details which will be required to make the payment and complete the transactions will always be stored in the online wallets. This method of payment through online wallets has emerged as another payment option amongst the various other ways in which payments can be made for online shopping. Companies which usually offer e-commerce and telecom services such as Paytm or Vodafone for example, also offer a system of payment in which consumers can preload money and use to pay for their services which are popularly known as e-wallets.


Types of e-wallets in the market

According to the Reserve Bank of India, there are three kinds of wallets[1]:

Closed wallet

A company issues an online wallet to a consumer for buying goods and services exclusively from the company issuing the wallet, which is known as a closed online wallet. It is imperative to note that cash withdrawal is not permitted from these online wallets. An example of companies which offer closed online wallets is MakeMyTrip, Flipkart, Jabong, etc.

Semi-closed wallets

In a semi-closed online wallet, goods and services can be bought including financial services at identified merchant locations or establishments which are clearly defined and which have a specific contract with the issuer to accept the payment instrument. These types of wallets also do not permit cash withdrawal or redemption of the cash by the holder. Companies which offer such semi-closed wallets are Citrus Payment Solutions, Paytm.

Open wallets

In the case of open wallets, goods and services including financial services can be purchased at merchant locations or point of sale terminals that accept cards. In the case of open wallets, cash withdrawal is possible at automated teller machines or business correspondents. Banks can only issue these kinds of wallets. An example of the open wallet is M-pesa by Vodafone India Ltd. in partnership with ICICI Bank Ltd.

Partnership concept. Isolated on white

Intermediary liability

The Information Technology Act provides the definition of intermediary in which it is stated that “with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online auction sites, online market places and cyber cafes”[2]

An intermediary according to the current standards is barred from being held liable for any third party information, data or communication link hosted by him or her in certain cases. It is to be noted that if an intermediary is merely providing access to a system  over which information can only be made available to be accessed by third parties or a system in which such information is temporarily stored or a mode where the intermediary is only hosting certain information on behalf of somebody else and the intermediary has not done any act which would amount to the initiation, modification of the content and has not specifically selected any receiver then the intermediary will not be held liable. If the intermediary has only played the role of general observance and general due diligence as a part of discharging his duties, then the intermediary cannot be brought to any liability for such content. This exemption, however, will not apply if the intermediary has actively played any role in the commission of an unlawful act by abetting, conspiring, inducing or otherwise or had any knowledge of the said unlawful information, and has failed to remove it or block access to such unlawful information expeditiously. Third party information as understood from above means any information which is dealt with by an intermediary in his or her capacity as an intermediary. This would amount to any information which is not developed by the intermediary but only used by the intermediary to provide to people viewing their content online.[3]

The Information Technology Rules provide for specific measures which the intermediaries must comply with not to be held liable, which includes that the intermediaries must comply with the due diligence standards as laid down by the Act. [4]Publication of the privacy policy, rules and regulations of the intermediary should be made available along with the user agreement if necessary, stating that the contravention of the same could lead to the termination of user’s right to access. Further certain kind of information which is harmful, libelous and violative of any intellectual property or contains certain kind of virus must not be hosted, transmitted or shared. When an intermediary is intimated through notice by any affected person that his or her computer system is storing or hosting any information which is not lawful, then he or she must remove such information within thirty six hours of receiving such notice, or render such information inaccessible so that there is no access and spread of information which is not lawful.[5]

A rather dangerous position was adopted by the Delhi High Court in a case when it assumed that an intermediary held a reasonable ground of belief in respect of the infringing activity on his/her site. While such an assumption holds true in the physical world, it breaks down in virtual space; intermediaries have little monitory control over the dissemination of information on their site. However, the High Court used this faulty line of reasoning to hold the defendant liable for running a website that facilitated the sharing of media content by users/subscribers.[6]

As the explanation of the definition and types of e-wallets and intermediaries are exhaustively given above, it can be inferred from the same that e- wallets act as intermediaries as they help to store information regarding the credit or debit card details or any other details which support electronic payment for buying of goods and services. However, if there is any discrepancy or a hack that has been made for which some other party has made payment in the name of the owner, then the intermediary by the rules will have to intimate the banks as well as the customers. The intermediary cannot be held liable for the frauds that are committed and according to Reserve Bank of India, the customers’ liability arising out of fraudulent electronic transactions will be capped, and has warned banks that they should plug the loophole leading to mis-selling of insurance products, failing which they would be penalized. Thus in cases of credit card frauds, the banks will be responsible for making good the loss for the customers. There, however, is no codified law to back the same but the Reserve Bank of India considering the same and plans to come up with guidelines regarding the liability when any electronic transactions fail.



[1] http://www.financialexpress.com/personal-finance/e-wallets-money-on-the-move/28571/

[2]  http://articles.economictimes.indiatimes.com/2013-06-14/news/39976342_1_e-wallet-facility-airtel-money-flipkart

[3] Section 79, Information Technology Act, 2008

[4] Rule 3, Information Technology(Intermediary Guidelines, 2011).

[5] Section 79(2), Information Technology Act, 2008

[6] Super Cassettes v. Myspace (2011) 48 PTC 49. (Del)


Did you find this blog post helpful? Subscribe so that you never miss another post! Just complete this form…