Trust & Safety
How Safe Are UPI Payments?
How Safe Are UPI Payments?
I was showing a friend how easy it is to use PhonePe and make payments through it, and he was impressed with the level of convenience UPI offers. His first question, understandably, was — How safe is it?
My honest answer was, it’s a whole lot safer than anything you’re currently using.
People immediately have suspicions about anything that’s incredibly easy to use. It’s human nature. It’s just the way we are. “What’s the catch?”, we ask ourselves. But the truth is that having security and ease of use is not necessarily a tradeoff. You can, and ideally should, have both.
And fortunately, UPI checks both boxes.
PhonePe runs on UPI which is built over IMPS. UPI takes IMPS a few steps ahead in terms of security, application, and convenience. Also it is an easy alternative to cash and e-wallets.
Before we get into more details, let’s take a minute to define what we mean by security here. There are two key functions that the term covers.
- Recognizing user credentials, and validating authorization.
- Making sure that these details are genuine and not fake or fraudulent.
While physical identity is fairly easy to verify, verifying one’s digital identity is not as simple. The process revolves around verifying two verification factors — something physical you possess, and a piece of confidential information you know. In the case of ATM transactions, your bank card is what you have, and your PIN is what you have to remember to carry out the transaction.
So, how does UPI make transactions safer?
In today’s rapidly advancing world, mobile phones are being increasingly used for identification on various platforms like banking, billing, and e-commerce.
UPI takes advantage of that and links itself with your mobile number for identification. When you sign up for a UPI app, your phone sends a push SMS for verification purposes.This ensures that nobody can copy the OTP from another device. Using push SMSes binds your device to your mobile number and needs to be redone every time you change your device.
UPI adds an extra layer of security by requiring you to create a PIN for your transactions. To create a PIN, you’ll need to input your card details and verify an OTP sent by your bank to your registered mobile number. Every transaction needs you to key in your PIN for authorization. Physical access to your phone will not be enough to make a transaction. Which basically means that even if your phone is stolen, your PIN will still be needed to make transactions, and the money in your account stays safe.
So, regardless which transaction mode/channel you use, the transaction can only be completed with your mobile device that was registered by verifying your mobile number via SMS, and your PIN.
Key UPI features that boost security
The selling point of the UPI platform is that your money never leaves your account before your transaction is complete. There is no intermediate step where a third party receives access to your money. In short, UPI transactions are direct bank account to bank account transactions.
The way PhonePe works, you just need the payee’s bank linked mobile number to make a transaction, provided that they are a PhonePe user too. This removes the need to share confidential details like bank account number and IFSC number.
What about wallet apps? How safe are they?
Wallet only solutions, where money has to be added to a wallet by debiting it from your account, have gained massive popularity, partly due to the first mover advantage. However, they have glaring holes in security.
With wallet solutions, OTPs sent to your phone are required for verification purposes. This means that if your phone is stolen, OTPs can be read by whoever has your phone and used to withdraw money and transact. Plus, in the event of phone theft, money already in your wallet can be sent to others or used to pay.
The way UPI works removes these risks.
Future UPI security integrations
As a platform created by the NPCI, UPI will have further security integrations in the future.
Making UPI Aadhar/UIDAI ready is reported to be in the pipeline for UPI 2.0, and if that happens, UPI will have integrations with Aadhar’s biometric database. This will give it an extra level of biometric based security in the future.