Paytm ads have been all over the place since the move to demonetise Rs 500 and Rs 1,000 currency notes was first announced on November 8. In fact, the very next day, on November 9, you had the company supporting the Centre’s decision with front-page advertisements across major dailies, complete with a beaming picture of Prime Minister Narendra Modi. The mobile wallet’s logo has since become a fixture on news channels and its theme song of “Paytm Karo” an earworm of sorts, but there is one advertisement that didn’t make as much of an impact.

On December 4, Paytm took out this ad:

This public notice, issued by Paytm’s parent company One97 Communications, announced a transition from Paytm Wallet to Paytm Payments Bank Limited. The notice informed customers that unless expressed otherwise — before December 21, 2016, that is today — all user accounts would be moved to Paytm Payments Bank Limited.

So, what exactly is a payments bank? And, after today, what will happen to all those who have mobile wallets with Paytm?

A payments bank (PB) is a banking facility with limited operations. It can only accept saving and current deposits — no fixed or recurring deposits — and it limits total transaction per customer to Rs 1 lakh.

This is to say that the 11 PBs, approved by the Reserve Bank of India (RBI), which includes Paytm Payments bank will be operational under these guidelines. Though the eased RBI guidelines allow these banks to make arrangements with other scheduled commercial banks or smaller finance banks to transact beyond the prescribed limit, the guidelines do not mandate PBs to issue passbooks.

Rather, PBs may provide a chargeable account statement upon customer’s request. So, if details of a transaction go missing from your passbook, like this user’s, there isn’t a way to hold the m-commerce platform accountable.

With RBI norms in place, to be able to use Paytm’s wallet-to-account transfer facility, a user needs to verified, must be registered on the system for over 45 days and have a minimum balance of Rs 2,000. After you’ve fulfilled all requirements, you can then transfer your money but the minimum wallet to account transfer is Rs 1,000.

“With more people opting for cashless mediums of transaction, like Paytm, this move leaves users vulnerable to cybersecurity hacks,” said Kalpesh Mehta, Partner, Deloitte Haskins & Sells. “But this security threat isn’t much different from security concerns when one used Paytm’s wallet,” Mehta said.

Indeed there are limited ways in which users can hold companies like Paytm accountable in case of fraud. “Under the IT Act, if the fraud is perpetuated by unlawful access to personal information then you could seek compensation of up to Rs 2 crore,” said Sunil Abraham, executive director, Centre for Internet and Society. But the company is not liable to compensation until it is legally proven that the “fraud happened due to unlawful disclosure of personal information collected by the company,” Abraham added.

The only real-known benefit to the user is the option to transact in a higher value if they have opted for the Paytm Payments Bank. According to Mehta, “There is not a big difference for a user in the [wallet to payment bank] shift but Paytm can use the money to invest in government bonds.” There is no clarity if the user will gain a part of the interest from this investment that Paytm makes, he added.

According to Paytm’s notice, if a user hasn’t sent an email to care@paytm.com, then their wallet account will automatically become a Payments’ Bank account. If you did want to opt-out, you should have already sent an email to Paytm along with your bank details — yes, with your bank details — for a one-time money transfer or else you should have spent all your money by now.

It is unclear if a user can still use the wallet for payments if they chose to opt-out from sharing their bank details.

However, the wallet-to-bank move requires all users to share their bank details with the company unless until they have spent the money that was in their wallet December 21.  This brings us back to the issue of security. Vijay Shekhar Sharma, founder of Paytm, acknowledged a possible hack in an interview with a journalist. Under the circumstances, where Paytm requires users to share their account details to use the Paytm Payments Bank, it is imperative that Paytm improves its security features rather than relying on in-phone application locks.

Paytm’s mobile phone application is secured by Paytm’s ID and password. So, despite Paytm’s screen-lock ‘tips’ to customers for additional security — including Rs 2,000 minimum balance mandate — if one gained access to your phone, then money in your Paytm wallet, now a payment’s bank account, is easily transferable.

Despite Paytm claiming that it is 100 per cent secure, the application does not employ a session management feature that automatically logs out inactive users. It was only recently, on December 8, that Paytm announced user-enabled password protection for its application.

With limited accountability of the company in case of a hack, Paytm takes it a step forward with its terms and conditions. The merchant’s website “reserves the right, at its sole discretion, to revise, add, or delete portions of these terms and conditions anytime without further notice.” Finally, it is on the user to revisit the merchant’s terms and conditions to stay abreast of any changes.