wordpress blog stats
Connect with us

Hi, what are you looking for?

What security infrastructure is in place for payments on the UPI


The Unified Payments Interface (UPI) is set to change retail payments in the country. Currently, there are 21 banks live with their UPI applications. Though interoperability is one of the key highlights of the architecture, it does however, pose a new security risk.

Consider this: With the UPI, an app from Axis Bank will be able to draw out funds from, say, ICICI Bank and bypass the security infrastructure put in place by the latter. Dilip Asbe, chief operating officer for the National Payments Corporation of India (NPCI), clarified some of the security aspects put in place for the UPI in the sidelines of a recent press conference.

“We have standardized across the UPI. All the banks have to follow the standards set out by the NPCI. Obviously when a bank launches a UPI app there will be a third party audit which the NPCI has mandated. Every other app which gets built using a bank’s API will also undergo a security audit from a third party,” Asbe explained.

He also mentioned that on a secondary level, where an OTP is sent out to users who are getting onboarded on the UPI. “While onboarding on the UPI, we have two levels of authentication. One is an auto generated code which verifies the mobile number by the issuing bank. A second OTP is sent out by the receiving bank which verifies the number,” Asbe said.  “The second level also has the debit card details where the expiry date of the cards needs to be entered,” he added.

Device fingerprinting

Advertisement. Scroll to continue reading.

To further strengthen security, Asbe said that the NPCI has also added device fingerprinting to verify the handset from which a transaction originates. Itcaptures distinctive details of a user’s Internet connecting device while making a payment.

Payment gateway PayU biz recently introduced device fingerprinting to curb misuse of promotional offers. PayU captures about 30 parameters from a connecting device which includes screen resolution, browser used and cookies from the computer.

At the end a 4-digit mPIN will be set by the user to authenticate a transaction. However, in all matters of security, Asbe said that they will have to keep checking for new threats every 3-6 months. “Security is a continuous investment,” he signed off.

Also readYES Bank wants to build UPI ecosystem starting with PhonePe and Capital Float

Advertisement. Scroll to continue reading.
Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



While the market reality of popular crypto-assets like Bitcoin may undergo little change, the same can't be said for stablecoins.


Bringing transactions related to crypto-assets within the tax net could make matters less fuzzy.


Loopholes in FEMA and the decentralised nature of crypto-assets point to a need for effective regulations.


The need of the hour is for lawmakers to understand the systems that are amplifying harmful content.


For drone delivery to become a reality, a permissive regulatory regime is a prerequisite.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ