No vulnerability, loophole in BHIM app, says NPCI after media reports

NPCI, which has developed the BHIM app, issued a statement saying the app doesn't have any vulnerability

By: Tech Desk | Published: March 21, 2017 11:18 am
NPCI, BHIM, BHIM App security, BHIM app security concern, BHIM app loopholes, BHIM app users, National Payments Corporation of India, BHIM app India, BHIM App downloads, how to use BHIM NPCI, which has developed the BHIM app, issued a statement saying the app doesn’t have any vulnerability

The National Payments Corporation of India (NPCI), which has developed the Unified Payments Interface based app BHIM, issued a statement saying the app doesn’t have any vulnerability or loopholes. The body says the app has been secured by robust design.

“NPCI has done intensive testing, robust design of security controls and continuous monitoring of its UPI infrastructure. The environment in which BHIM or UPI is run by NPCI is highly secure and certified with best global practices like PCI DSS ISO 27001,” said the body in a press statement. NCPI also said the packages have also been audited by reputed IT security firms.

NCPI claims significant downloads have been taken place since the BHIM app was first launched by the PM, but admitted downloads have not always translated into activation and usage. According to the NCPI statement, BHIM has been downloaded 19.16 million times, but out of this only 5.1 million customers have linked their bank accounts.

Also read: BHIM app: Three-factor authentication is key safety feature on this

According to the body, in many cases customers downloaded the application but found that the bank account was not linked to the mobile number. This is required in order for a user to be able use the app to transfer money and sync bank accounts.

“This is the reason for launching a special drive by the Government of India for linking of mobile number with bank accounts. Banks are expected to reach out to all their customers by various means and ensure universal acceptance of mobile banking services at the earliest,” said A P Hota, MD & CEO, NPCI.

BHIM, which stands for Bharat Interface for Money, is based on UPI payments system, that was announced by NPCI along with the Reserve Bank of India (RBI) in April 2016. UPI essentially lets users pay to Virtual Payment Address; this address can be their mobile number or a special address they come up with. If you have an ICICI account, then your UPI address can be xyz@icicibank or on BHIM it can be your mobile @UPI.

BHIM has three levels of authentication. The app binds with the device ID and mobile number, then a user needs to set up a login pin on the app, and finally a UPI password pin is needed to complete any transaction. This PIN is the one a user sets up when they create a UPI id with the bank.

BHIM app recently got support for Aadhaar-based payments, where a user can transfer money via the Aadhaar number.

For all the latest Technology News, download Indian Express App

    Live Cricket Scores & Results