NPCI denies data breach of BHIM mobile app

New Delhi, Jun 3 (IANS): The National Payments Corporation of India (NPCI) on Tuesday said that there has been no data compromise pertaining to the BHIM App and has requested everyone not to fall prey to such incorrect information.

In a statement, the NPCI said that it has conducted an independent verification of the recent news, including through a leading Digital Risk Monitoring firm who has reconfirmed that the claims against the BHIM App are untrue.

"There is no data leak with respect to the BHIM app," it said.

The statement comes a day after a report said that security researchers have discovered that about 7.26 million records linked to users of mobile payments app BHIM were left exposed to the public by a website.

The exposed data included sensitive information such as names, dates of birth, age, gender, home address, caste status and Aadhaar card details, among others, said the report from VPN review website vpnMentor.

NPCI said CSC e-Governance Services India Ltd was working in 2018 on a project to educate and activate village level entrepreneurs on digital payments and also educating them to create Merchant Virtual Payment Address (VPA). Most of these VPAs were not valid UPI IDs.

Moreover, it said that UPI ID is a virtual ID that is meant to be shared conveniently, instead of real account details. The UPI ID can be used to receive money. The user can simply share his UPI ID with the payer and receive payment directly in his bank account.

This is a standard feature used by merchants, who only need to receive money using UPI, it said.

Based on the findings from the Digital Risk Monitoring firm, it is ascertained that there is not a single instance of data breach compromising financial details of the customers, the NPCI statement said.


Top Stories


Title : NPCI denies data breach of BHIM mobile app


You have 2000 characters left.


Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will be held responsible.

Security Validation

Enter the characters in the image