#WorldConsumerRightsDay #FairDigitalFinance #HallOfShame - The UX 'green' pattern goes to @juspay for visually decieving to obtain consent.

---
RT @logic
The merchant - before the #2FA page, redirected to #JusPay page which said "Secure your card with VISA" and had an "Secure & Pay" in a big green button and "Opt Out" in a smaller font plain link.
https://twitter.com/logic/status/1464831468644057096

Related - #CoFT implementation in India. Mandatory in 2022. 💳🗄️🇮🇳
---
RT @logic
#CashlessConsumer #CoFT aka Card on File Tokenization - implementation by #JusPay for several merchants - where #Consent is taken without providing *any* details, except saying "RBI Guidelines" and using the word "Secure" in misleading way 🧵
https://twitter.com/logic/status/1464822516459966474

https://twitter.com/logic/status/1464834149999685633

Correction - #JusPay / #TokenRequestors will be storing merchant scoped tokens and not the card number. Still - a new intermediary will now know of your transactions
---
RT @logic
It is important to note that #RBI has allowedt third parties like #JusPay to store card details and act as #CoFT service provider - with no checks and balances.

For example - the same #JusPay lost card details t…
https://twitter.com/logic/status/1464834149999685633

It is important to note that #RBI has allowedt third parties like #JusPay to store card details and act as #CoFT service provider - with no checks and balances.

For example - the same #JusPay lost card details to a databreach. https://www.hackread.com/juspay-data-breach-card-data-sold-dark-web/

It is important to note that #RBI has allowedt third parties like #JusPay to store card details and act as #CoFT service provider - with no checks and balances.

For example - the same #JusPay lost card details to a databreach. https://www.hackread.com/juspay-data-breach-card-data-sold-dark-web/

Note the URL - http://api.juspay.in/v2/txns/consent/<merchantName>/<referenceId>

The page didn't have any information - on whom I am consenting, what am I consenting, under what terms? That's classic example of how NOT to collect consent #JusPay

The merchant - before the #2FA page, redirected to #JusPay page which said "Secure your card with VISA" and had an "Secure & Pay" in a big green button and "Opt Out" in a smaller font plain link.

Note the URL - api.juspay.in/v2/txns/consent/<merchantName>/<referenceId>

The page didn't have any information - on whom I am consenting, what am I consenting, under what terms? That's classic example of how NOT to collect consent #JusPay

The merchant - before the #2FA page, redirected to #JusPay page which said "Secure your card with VISA" and had an "Secure & Pay" in a big green button and "Opt Out" in a smaller font plain link.

Just like how #RecurringPayments created new intermediaries #SIHub #MandateHQ for processing mandates, #CoFT introduces new intermediaries when you want to use "Saved Cards" from any merchant. #JusPay is one such #CoFT service provider.

Just like how #RecurringPayments created new intermediaries #SIHub #MandateHQ for processing mandates, #CoFT introduces new intermediaries when you want to use "Saved Cards" from any merchant. #JusPay is one such #CoFT service provider.

#CashlessConsumer #CoFT aka Card on File Tokenization - implementation by #JusPay for several merchants - where #Consent is taken without providing *any* details, except saying "RBI Guidelines" and using the word "Secure" in misleading way 🧵

#CashlessConsumer #CoFT aka Card on File Tokenization - implementation by #JusPay for several merchants - where #Consent is taken without providing *any* details, except saying "RBI Guidelines" and using the word "Secure" in misleading way 🧵