Print Friendly, PDF & Email

NPCI denies breach of BHIM app data

Topics Covered: Cyber security related issues.

NPCI denies breach of BHIM app data

What to study?

For Prelims: What is NPCI? How BHIM works?

For Mains: Concerns over data breach, measures in place and how to address the challenges ahead?

What happened?

A recent report by security researchers alleged leak of personal data of millions of users of the BHIM payment application due to a website breach.

As per the report, 409-gigabyte of data, comprising 7.26 million records, were leaked, and the trove included personal identifiable information such as Aadhaar details, residence proof, bank records and complete profiles.

However, the National Payments Corporation of India (NPCI) has denied the claim, asking “everyone to not fall prey to such speculation”.

What is BHIM?

Bharat Interface for Money (BHIM) is a UPI based payment interface.

Developed by National Payments Corporation of India (NPCI).

Allows real time fund transfer.

Launched in December, 2016.

The BHIM apps has three levels of authentication:

  1. For one, the app binds with a device’s ID and mobile number.
  2. Second a user needs to sync whichever bank account (UPI or non-UPI enabled) in order to the conduct transaction.
  3. Third, when a user sets up the app they are asked to create a pin which is needed to log into the app. The UPI pin, which a user creates with their bank account is needed to go through with the transaction.

About NPCI:

NPCI is an umbrella organisation for operating retail payments and settlement systems in India.

It is an initiative of Reserve Bank of India (RBI) and Indian Banks’ Association (IBA) under the provisions of the Payment and Settlement Systems Act, 2007, for creating a robust Payment and Settlement Infrastructure in India.

It has been incorporated as a not for profit company.

The Company is focused on bringing innovations in the retail payment systems through the use of technology for achieving greater efficiency in operations and widening the reach of payment systems.

Initial promoters:

The ten core promoter banks are State Bank of India, Punjab National Bank, Canara Bank, Bank of Baroda, Union Bank of India, Bank of India, ICICI Bank, HDFC Bank, Citibank N. A. and HSBC. In 2016 the shareholding was broad-based to 56 member banks to include more banks representing all sectors.

What does the NPCI offer?

NFS: National Financial Switch (NFS) ATM network with 37 member banks and connecting 50,000 ATMs was taken to NPCI’s authority from the Institute for Development and Research in Banking Technology (IDRBT) on 14 December 2009. After taking over, NFS ATM network has grown many folds.

IMPS: Immediate Payment Service (IMPS).

AePS: Aadhaar-enabled Payment Service (AePS).

CTS: Cheque Truncation System (CTS) facilitates extended cut-off time to accept customer cheques by banks and reduces timelines for clearing.

RuPay: RuPay is a new card payment system launched to satisfy RBI’s vision to offer a domestic, open-loop, and the multilateral system.

NACH: National Automated Clearing House (NACH) is a web-based solution that facilitates interbank, high volume electronic transactions that are repetitive in nature.

APBS: Aadhaar Payment Bridge (APB) System is used by the government and government agencies to make direct benefit transfers with respect to various Central and state-sponsored schemes.

*99#: is a USSD-based mobile banking service of NPCI launched in November 2012.

UPI: Unified Payments Interface (UPI) is a system that makes multiple bank accounts to be accessed from a single mobile application.

Bharat BillPay:  is a system conceptualised by the Reserve Bank of India (RBI) and driven by NPCI.

NETC: National Electronic Toll Collection (NETC) is a nation-wide programme designed to meet the electronic tolling requirements in India.

BHIM:  Bharat Interface for Money (BHIM) was launched to make payments simpler and easier. Instant bank-to-bank payments can be made using a mobile number or virtual payment address (UPI ID).

BharatQR: Basically, a QR code is a series of black squares arranged in a square grid that can be read by a camera.


Prelims Link:

  1. Various services provided by NPCI.
  2. Who controls ATMs in the country?
  3. What is UPI?
  4. What is National Automated Clearing House (NACH)?
  5. What is National Financial Switch?
  6. Three levels of authentication in BHIM.

Sources: the Hindu.