The National Payments Corporation of India (NPCI) is reportedly taking a firm stance against unauthorised use of virtual IDs generated for Unified Payments Interface (UPI) transactions. According to a report in Economic Times, certain fintech firms have been offering a service that allows businesses to authenticate users using their UPI IDs, a practice that violates NPCI and Reserve Bank of India guidelines.All member banks and third party payment apps have also received a copy of the letter.
In a letter to fintech companies, NPCI has instructed them to discontinue these unauthorised services. The letter states that UPI APIs are solely for facilitating UPI payments and user verification for fraud prevention and should not be used for any other purpose.
“NPCI has observed instances of unauthorised use of UPI APIs by certain participants. In accordance with the guidelines set forth…the UPI APIs provided by NPCI are strictly for the purpose of facilitating “UPI payments” for customers and for required verification of users for fraud prevention. These APIs must not be used independently for any other purposes other than the above mentioned,” the letter read.
NPCI warns of severe action for violation of deadline
Identity verification platforms, payment aggregators, and other fintechs have been offering this service by leveraging UPI application processing interfaces (APIs) provided by NPCI. These APIs enable businesses to integrate their systems and facilitate information flow.
NPCI has emphasised that participating members are prohibited from entering into commercial arrangements with third parties for the provision of “APIs as a service.” Any violations of these guidelines will be dealt with strictly, including penalties or cessation of UPI services. “Any violation of these compliance guidelines will be dealt with the utmost severity, including the imposition of penalties or cessation of UPI services,” the letter added.
By using the NPCI network for UPI payments, these platforms can verify various details of a user, such as their name, bank account status, mobile number, and alternate UPI IDs. This information is valuable for consumer-facing brands to authenticate users, prevent fraud, and build stronger customer profiles.
While some fintech firms have halted this service, others continue to offer it. The regulatory scrutiny on fintechs has intensified, with authorities closely examining their business practices and compliance with guidelines.