How secure is your payment ecosystem?
The other day I was chatting with a villager on my trip to Rajasthan. He was the owner of a large oilseeds field. Unfortunately, he faced a crop failure due to a delay in rains. Luckily, the crop insurance scheme was his savior.
“What mode do you use for insurance payment?” I asked inquisitively.
“I prefer the UPI Madam. It is so convenient. Direct bank to bank transfer. It has made our lives easier. Previously, I made use of wallets. But, loading money gets hectic sometimes. Also, the security is minimal. How can we be assured that our money is in safe hands?” he replied.
It was amazing to see the outreach of the UPI payment system to the deep pockets of the rural regions of India. Interestingly, the security features of the UPI payment mode left me in awe.
UPI boasts of a superior payment mode as compared to wallets and digital cards. With UPI 2.0, the signed intent & QR and Invoice in the inbox security features are added.
In the course of this blog, let us compare the security features of UPI vis a vis Digital Cards and Wallets.
Security Features of UPI
UPI Security feature 1: Binding with mobile number
This is a significant feature of UPI that brings in the first layer of security. UPI verification of the user happens during the initial login and registration. The UPI app binds with your mobile number to verify your identity. In case, you change the phone or the number, you need to verify your identity again. This option ensures that your credentials stay safe in case of a mobile threat or identity threat.
UPI Security feature 2: Two-factor authentication
The second security feature comes into effect during the transaction process. While registering on UPI, users are given an option to set an MPIN (Mobile PIN). It is a 4 or 6 digit number set up while registering on the UPI app. You can generate it by clicking on create/generate MPIN tab and entering the debit card details (last six digits and card expiry details). In the course of transactions, this MPIN is used to authenticate a transaction. You can also change the MPIN if you forget it, using the same create/generate MPIN tab.
UPI Security feature 3: Signed intent and QR
With a quick response code (QR) and signed intent option, users can check the authenticity of the merchants. Users have the option to check if the merchants are UPI verified or not. In case the merchant is not UPI verified, users get information via notifications. This security feature ensures that QR code tampering frauds remain low. Hence, signed intent and QR features bring in secure and tamper-proof transactions.
UPI Security feature 4: Invoice in the inbox
This is a noteworthy and secure feature addition to the UPI. Before initiating your payment to the merchant, it is possible to view the generated invoice. This brings in security by verifying the credentials of the transacting merchant. In other words, this feature safeguards you from fraudulent transactions.
Security Feature of Digital Card
Comparatively, Digital card offers different security features. Nevertheless, it is unique and robust in itself.
For example, Digital cards have an option of confirming the transaction either using password or an OTP (one time password). Also, some banks require you to not repeat the previous three used passwords. Further, SMS cum Email alert is sent for each transaction.
Security Feature of Wallet
As compared to UPI, wallets offer a lesser level of security. For example, many wallets do not offer two-factor authentication. But on the other hand, the QR code feature of wallets minimizes the payment data.
Nevertheless, there is a chance of security compromise in the case of wallets due to the indirect involvement of the bank. It is basically a wallet to wallet money transfer.
- UPI offers security via 2 factor authentication, QR & Signed Intent and Invoice in Inbox
- Digital Card security is via password or OTP
- Wallet security follows a 1 factor authentication