The Unified Payments Interface (UPI) is set to change retail payments in the country. Currently, there are 21 banks live with their UPI applications. Though interoperability is one of the key highlights of the architecture, it does however, pose a new security risk. Consider this: With the UPI, an app from Axis Bank will be able to draw out funds from, say, ICICI Bank and bypass the security infrastructure put in place by the latter. Dilip Asbe, chief operating officer for the National Payments Corporation of India (NPCI), clarified some of the security aspects put in place for the UPI in the sidelines of a recent press conference. "We have standardized across the UPI. All the banks have to follow the standards set out by the NPCI. Obviously when a bank launches a UPI app there will be a third party audit which the NPCI has mandated. Every other app which gets built using a bank's API will also undergo a security audit from a third party," Asbe explained. He also mentioned that on a secondary level, where an OTP is sent out to users who are getting onboarded on the UPI. "While onboarding on the UPI, we have two levels of authentication. One is an auto generated code which verifies the mobile number by the issuing bank. A second OTP is sent out by the receiving bank which verifies the number," Asbe said. "The second level also has the debit card details where the expiry date of the cards…
