A rather significant privacy issue has arisen with the PayID aspect of NPP:
Basically, those who sign up are adding their phone number or e-mail address to a reverse look-up database anyone can use. This isn’t unprecedented - social media platforms let you search for other members in the same way, but people are wise to that and have their privacy settings set accordingly. We have different expectations about how banks handle our personal info.
I find NPAA’s response a bit disingenuous. They describe it as an optional feature that individual customers are making their own, informed decision about. In their view, “a person chooses to create a PayID they do so with their full consent, informed by the terms and conditions of their financial institution”. In the real world, few read T&Cs and the banks are only promoting the benefits.
Is it any more of a worry than the phone book? Not sure that’s the right question. It’s a different database linking different pieces of information - e-mail or phone number to a name, rather than name to a physical address and phone number.
