NPCI tightens security checks on banks for UPI

MUMBAI: In the wake of the rising number of cyberattacks on the governmentsponsored Unified Payments Interface (UPI) platform, National Payments Corporation of India (NPCI), the nodal authority for payments, has tightened security checks and system audits on new candidates before granting membership.

“We already have 44 banks live on the platform, but for the next set of banks we are not letting them go live unless they go through a thorough reconciliation process and get their systems checked by the best security auditors of the country,” said A P Hota, chief executive officer of NPCI.

While UPI has picked up especially after the government sponsored BHIM (Bharat Interface for Money) application went live, there have also been attempts to siphon money from bank accounts through UPI.

The latest incident was reported in Pune when Bank of MaharashtraBSE 0.30 % filed a police complaint against 50 criminals for unlawfully making transactions through UPI.

“The amount that Bank of Maharashtra has reported to have been lost is around Rs 25 crore,” said Hota, “The culprits discovered a bug in the system and utilised it to send fake clearance messages from the technology solutions provider inspite of the core banking system of the bank denying the transaction.”

NPCI, which is a clearing house, cleared those payments on the basis of these faulty messages it received from the solutions provider which in this case was Mumbai-based technology company Infrasoft Technologies.

“We have already recovered around Rs 5 crore and few of the fraudsters have also been arrested but the others are absconding and we are trying to reconcile the rest of the funds in collaboration with the other banks where the money was taken off to,“ said a senior Bank of Maharashtra official on the condition of anonymity.

[Copyright By Pratik Bhakta]