Abhishek Gupta – Senior Director, Product & Payments at FreeCharge
Since its launch in August 2016, BHIM UPI by NPCI (National Payments Corporation of India) has been a great success story in the Indian payments ecosystem. Currently, there are close to 40 mn+ distinct BHIM UPI users. As per recent data published by NPCI, there were 189.48 mn transactions (amounting close to Rs. 33.3k crore) processed through UPI in the month of May 2018.
With such technology products, there’s always an uncertainty and fear around safety and security amongst users, specially during times when big social media platforms are being questioned about data privacy and user information security.
Hence, this article is intended towards letting you all know how secure it is to transact using BHIM UPI, now on FreeCharge:
- BHIM UPI creates and uses a virtual address and hence you’re not required to share your confidential account number/card details.
- Every debit UPI transaction processing requires a 2 factor authentication i.e. user’s device information and user generated 4 to 6 digits BHIM UPI PIN.
- Mobile verification is done by sending an SMS from your mobile instead of a conventional OTP device binding.
- Your BHIM UPI PIN is not accessible/stored to the APP you’re using. It is securely encrypted in NPCI library.
- Users can change or reset their BHIM UPI PIN anytime using their BHIM UPI app.
- As prescribed by NPCI, users shouldn’t be allowed to create UPI ID with another user’s mobile number
- On entering the BHIM UPI ID of the recipient, the name corresponding to the linked bank account is fetched and displayed so you can confirm the recipient.
- Any collect/money request coming from a verified merchant will have a ‘verified merchant tag’ thus confirming that amount will be paid to the right merchant.
- Your UPI transactions are monitored under real time Fraud and Risk Management system of NPCI
- A negative list of mobile numbers is maintained at NPCI’s end as per requests from its member banks and all transactions to and from such mobile numbers are blocked.
- All the rooted or jailbroken devices are restricted from accessing BHIM UPI payment options
- Every UPI enabled APP has to undergo a third party App Security audit before going live which essentially tests the defenses built against unauthorized attacks and identifies potential vulnerabilities. Only after verification of compliance and obtaining the clean report from NPCI, can the APP go live.
Have more queries? Leave a comment below and I’d be happy to answer!