NPCI denies breach of BHIM app data

insightsonindia.com/2020/06/02/npci-denies-breach-of-bhim-app-data/

Insights Editor June 2, 2020

Topics Covered: Cyber security related issues.

What to study?

For Prelims: What is NPCI? How BHIM works?

For Mains: Concerns over data breach, measures in place and how to
address the challenges ahead?

What happened?

A recent report by security researchers alleged leak of personal data of millions of users
of the BHIM payment application due to a website breach.

As per the report, 409-gigabyte of data, comprising 7.26 million records, were
leaked, and the trove included personal identifiable information such as Aadhaar
details, residence proof, bank records and complete profiles.

However, the National Payments Corporation of India (NPCI) has denied the claim,
asking “everyone to not fall prey to such speculation”.

What is BHIM?

Bharat Interface for Money (BHIM) is a UPI based payment interface.

Developed by National Payments Corporation of India (NPCI).

Allows real time fund transfer.

Launched in December, 2016.

The BHIM apps has three levels of authentication:

1. For one, the app binds with a device’s ID and mobile number.
2. Second a user needs to sync whichever bank account (UPI or non-UPI enabled) in
order to the conduct transaction.
3. Third, when a user sets up the app they are asked to create a pin which is needed
to log into the app. The UPI pin, which a user creates with their bank account is
needed to go through with the transaction.

About NPCI:

NPCI is an umbrella organisation for operating retail payments and settlement systems in
India.

1/3
It is an initiative of Reserve Bank of India (RBI) and Indian Banks’ Association
(IBA) under the provisions of the Payment and Settlement Systems Act, 2007, for
creating a robust Payment and Settlement Infrastructure in India.

It has been incorporated as a not for profit company.

The Company is focused on bringing innovations in the retail payment systems through
the use of technology for achieving greater efficiency in operations and widening the
reach of payment systems.

Initial promoters:

The ten core promoter banks are State Bank of India, Punjab National Bank, Canara
Bank, Bank of Baroda, Union Bank of India, Bank of India, ICICI Bank, HDFC Bank,
Citibank N. A. and HSBC. In 2016 the shareholding was broad-based to 56 member
banks to include more banks representing all sectors.

What does the NPCI offer?

NFS: National Financial Switch (NFS) ATM network with 37 member banks and
connecting 50,000 ATMs was taken to NPCI’s authority from the Institute for Development
and Research in Banking Technology (IDRBT) on 14 December 2009. After taking over,
NFS ATM network has grown many folds.

IMPS: Immediate Payment Service (IMPS).

AePS: Aadhaar-enabled Payment Service (AePS).

CTS: Cheque Truncation System (CTS) facilitates extended cut-off time to accept
customer cheques by banks and reduces timelines for clearing.

RuPay: RuPay is a new card payment system launched to satisfy RBI’s vision to offer a
domestic, open-loop, and the multilateral system.

NACH: National Automated Clearing House (NACH) is a web-based solution that

facilitates interbank, high volume electronic transactions that are repetitive in nature.

APBS: Aadhaar Payment Bridge (APB) System is used by the government and
government agencies to make direct benefit transfers with respect to various Central and
state-sponsored schemes.

*99#: is a USSD-based mobile banking service of NPCI launched in November 2012.

UPI: Unified Payments Interface (UPI) is a system that makes multiple bank accounts to
be accessed from a single mobile application.

Bharat BillPay: is a system conceptualised by the Reserve Bank of India (RBI) and
driven by NPCI.

2/3
NETC: National Electronic Toll Collection (NETC) is a nation-wide programme designed
to meet the electronic tolling requirements in India.

BHIM: Bharat Interface for Money (BHIM) was launched to make payments simpler
and easier. Instant bank-to-bank payments can be made using a mobile number or virtual
payment address (UPI ID).

BharatQR: Basically, a QR code is a series of black squares arranged in a square grid

that can be read by a camera.

InstaLinks:

Prelims Link:

1. Various services provided by NPCI.

2. Who controls ATMs in the country?
3. What is UPI?
4. What is National Automated Clearing House (NACH)?
5. What is National Financial Switch?
6. Three levels of authentication in BHIM.

Sources: the Hindu.

3/3