Limit usage of non-financial requests to UPI: NPCI to banks
Live Events
The National Payments Corporation of India (NPCI) has asked banks to restrict the number of non-financial transaction requests they send to the central network of the Unified Payments Interface (UPI).The NPCI has told banks to audit their systems through an auditor certified by the Indian Computer Emergency Response Team ( Cert-In ) to review usage of these transaction requests. It has also directed them to conduct an annual audit of their systems from now on.In a circular issued on April 26, the Mumbai-based payment network said banks can initiate up to three 'check transaction' API requests in the first two hours of initiating a transaction.This API is used by banks to check with the NPCI network if a transaction has been processed. If a transaction gets stuck due to some reasons, then the bank checks the status of the transaction before initiating a failure message to the customer.This direction from the NPCI comes in the wake of the two outages observed on UPI in March and April, which resulted in transactions failing across the country for several hours. A diagnosis of the systems after the outages had revealed excessive use of 'check transaction' API done by banks, which clogged the network.Additionally, the NPCI has asked banks to wait for 90 seconds before they initiate such requests to the UPI servers, so that there is no clogging of the network. On a monthly basis, UPI processes around 18 billion transactions with more than 550 million transactions settled daily.In another step towards regulating the most popular digital payment system, the NPCI has asked UPI apps and banks to only show the beneficiary name to the customer while undertaking a person-to-person and to-merchant UPI payment.'Names extracted from QR codes, user-defined names of the payee or any other logic should not be displayed to the payer in the UPI app,' it said in another circular issued on April 24.There is a major push on the Indian financial services ecosystem to adopt UPI for all forms of digital payments. The finance ministry also wants the NPCI to take concrete steps around taking UPI to the global stage.On Monday, finance minister Nirmala Sitharaman met NPCI chief executive Dilip Asbe and asked the corporation along with all stakeholders to work together to be able to support a billion transactions per day in the next two-three years.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
35 minutes ago
- Time of India
Rapido cuts food delivery charges by half to counter Zomato, Swiggy
Ride-hailing app Rapido has finalised online food delivery partnership costs and terms with restaurants at nearly half the commissions from entrenched rivals Swiggy and Zomato , challenging the duopoly, people directly aware of the developments said. According to the agreed terms with industry body National Restaurants Association of India (NRAI), Rapido is expected to charge commissions in the range of 8-15% from restaurants, compared to 16-30% Zomato and Swiggy charge, the executives said. The partnership terms state Rapido will charge a fixed fee of Rs 25 on orders below Rs 400 and Rs 50 on orders over Rs 400, the people quoted earlier said. This translates to a range of 8-15% commissions from restaurants, compared to 16-30% charged by Zomato and Swiggy. Consumers will be able to place orders on the Rapido app where restaurants will be listed. "This will specially help small restaurants ," one of the executives mentioned above said. The pilot is expected to go live in June-end or first week of July, starting with Bengaluru . ETtech "We've been in discussion with Rapido over the last few months just the way we are working closely with ONDC. We are discussing a structure which is economically and democratically much more viable for restaurants to sustain," NRAI president Sagar Daryani said. He declined to comment on specific partner terms. "It's also very important for us to know our customers and the same has been candidly communicated to them," Daryani added. Allegations of data masking have been a core point of disagreement between restaurants and the large platforms. Discover the stories of your interest Blockchain 5 Stories Cyber-safety 7 Stories Fintech 9 Stories E-comm 9 Stories ML 8 Stories Edtech 6 Stories An email seeking comments from Rapido remained unanswered. The ride-hailing unicorn's bike-taxi riders currently have a select 'idle-time' arrangement with Swiggy to deliver food in select cities, but the arrangement is non-exclusive. The NRAI, which represents over 500,000 restaurants, had initiated a similar partnership with the government-backed ONDC in January, but the terms are still being ironed out amid slower traction. Recent months have seen multiple small restaurant owners calling out what they alleged are "steep charges" levied by Zomato and Swiggy. "Zomato is becoming unsustainable for small restaurant owners like us," Vandit Malik, founder, The Garlic Bread, wrote on Linkedin three weeks back. "To even be visible on the platform, I'm forced to spend Rs 30+ per order on ads. What's left? Pennies. Sometimes, not even that," he alleged. The owners of another NCR-based small restaurant, Saffroma, wrote on X last week, which went viral, that it was quitting Zomato alleging "zero payouts, mystery service charges and advertisements initiated without approval." The post has since been deleted.
Time of India
35 minutes ago
- Time of India
ID please? MeitY verifies identity verification startups
The Ministry of Electronics and IT (MeitY) has stepped up scrutiny of startups such as Surepass , Digitap, Zoop and Signzy for possible unauthorised access to Aadhaar, permanent account number (PAN) and goods and services tax (GST) databases, three people in the know told ET. The government is checking if these firms, which offer identity verification services, are using authorised service providers or bypassing protocols. MeitY has restricted access to some of these companies' websites through certain telecom networks. 'Representatives of some of these firms are trying to meet government officials over the next few days to understand the concerns and what they can do to address the issue,' said one of the people cited. The government allows regulated entities like banks to use Aadhaar under licence to authenticate their own customers. Authorities are trying to find out what routes are being used by these startups to offer such verification services. These identity verification platforms work with financial services firms, consumer-facing startups and other entities that need to authenticate businesses or consumers they work with. Live Events Typically, they use these services to check for fraud and to underwrite these clients. Discover the stories of your interest Blockchain 5 Stories Cyber-safety 7 Stories Fintech 9 Stories E-comm 9 Stories ML 8 Stories Edtech 6 Stories ETtech 'We understand that access to the Zoop website is currently restricted on certain networks,' Zoop founder Ritesh Kothari told ET. 'This appears to be part of a regular regulatory clarification process initiated by MeitY involving multiple companies offering ID verification solutions.' Kothari said Zoop has reached out to the relevant department to discuss the matter to understand the government's concerns. 'At this stage, we are not aware of the scope of or reason behind this action,' he said. 'Given this, we are unable to speculate on any causes for this takedown.' Meity, Signzy, Surepass and Digitap didn't respond to queries. 'The government is becoming extremely careful about who is accessing citizen and business databases and how they are doing it. This move is part of that larger endeavour,' said one of the people cited. ET reported on October 24 that the National Payments Corporation of India (NPCI) has been cracking down on all forms of unauthorised access to the Unified Payments Interface ( UPI ) database by various startups that were using this to enrich customer data. NPCI sent a letter in October last year asking all banks and fintechs to refrain from any unauthorised usage of the UPI database beyond payments, balance enquiries and settlement confirmations. The second person quoted above said that some of the identity verification startups usually obtain customer application forms from clients and scrape multiple databases to verify them. This data is typically available online, some through open website links and application programming interfaces (APIs) or even through dark web databases, he said. The service is used to predict fraud, verify customers and authenticate users. 'While legal and authorised access to any database is not a problem, the authorities are concerned about any unauthorised access,' he added. Experts said startups, some funded and some bootstrapped, have proliferated across the ecosystem and are scraping various government databases to offer these services. This could be unauthorised in many cases, they said. Companies such as Idfy, DigiO, Signzy and Datasutram are the most popular identity verification platforms, offering services such as customer verification and fraud detection. Only certain platforms have faced penal action from the authorities, ET has learnt. Signzy says it offers PAN, Aadhaar, driving licence and GST authentication. Digitap offers backend verification of government documents and Surepass provides Aadhaar verification APIs. The government is checking what licences are being used by these firms to offer these services. While Signzy, founded in 2015, is backed by major venture funds such as Gaja Capital, Stellaris Venture Partners and Kalaari Capital, data from Tracxn shows that Pune-based Zoop was founded in 2016 and has only raised funding from a bunch of angel investors. Digitap is an unfunded startup based in Bengaluru and Surepass is a 2019-founded startup based in New Delhi and is yet to raise funds. The third person cited above said that these trends indicate that India needs a stringent data security law urgently. 'Many technology-first platforms have accessed these databases through some means,' he said. 'They are also hoarding data and sometimes using that to offer certain services. The DPDP (Digital Personal Data Protection) Act is time-critical in this matter.'
Time of India
35 minutes ago
- Time of India
Satcom permit may force Starlink to share information on illegal kits seized
Elon Musk 's Starlink's satcom permit from the Indian government will make it mandatory for the company to share information, including details of users or owners of satellite kits seized in the country, particularly in the North-East region in the past few months, information the US company was unwilling to share earlier. India's security agencies have pointed out the misuse of Starlink devices in Indian territory, especially in the border areas, officials said. But the Musk company hasn't been cooperating in sharing details of those devices. Officials said Starlink asked the security agencies to put their requests either via the US law enforcement or international protocols. This had forced the Ministry of Home Affairs (MHA) to write to the Department of Telecommunications (DoT) in March to investigate the matter, officials aware of the details told ET. The DoT is yet to submit a report to the MHA. But officials say, now that a satcom license has been given to Starlink, it will have no choice but to share those details. Else, the company could be issued a show cause notice and even face revocation of license. An ET query sent to SpaceX, parent of Starlink, remained unanswered. ETtech Live Events Various ministries coordinate when it comes to national security. Since commercial satellite communication services, particularly through low earth orbit (LEO) operators like Starlink, is a new phenomenon, its impact is yet to be ascertained. However, the security agencies have seized some terminals that were active in the Indian territory in the Northeast region and sought details of the owners. Discover the stories of your interest Blockchain 5 Stories Cyber-safety 7 Stories Fintech 9 Stories E-comm 9 Stories ML 8 Stories Edtech 6 Stories The DoT was asked to investigate the matter and take preventive measures to safeguard national interests. Experts believe that the situation may become more complicated as Bhutan and Bangladesh are now commercially offering Starlink services and the terminals may be smuggled into Indian territory as geofencing the exact location of the international border will have limitations. Security is topmost priority when it comes to satcom and so far, none of the three licensees-Bharti group-backer Eutelsat OneWeb, Reliance Jio-SES and Starlink-have got security clearances, hobbling commercial services. While Eutelsat OneWeb and Jio-SES joint ventures have got trial spectrum and conducted demonstrations for security requirements, Starlink is yet to be given such airwaves. The US company was given a Global Mobile Personal Communication by Satellite permit only last week. Officials said while the Jio-SES demonstrations are almost over, it is expected to take more time for Eutelsat-OneWeb. Both OneWeb and Jio-SES have satcom permits and nods from space regulator IN-SPACe for over two years. In contrast, Starlink is yet to receive the nod from the regulator.
