digital indians

UPI upgrade aims to let India’s smartphone users make payments using Aadhaar-linked fingerprints

The next update to the digital payment system could come with biometric authentication as an alternative to PINs.

The United Payments Interface, a digital application that allows users in India to transact across 30 banks using their smartphones, is set for a big overhaul. It may allow users to authenticate transactions using the scans of their irises or fingerprints linked to their Aadhaar numbers, according a draft paper published by the National Payments Corporation of India, an umbrella organisation of banks that has developed the interface. Aadhaar is the 12-digit biometrically linked unique identification number that the government wants every Indian resident to have.

So far, payments on UPI require a Personal Identification Number. Launched in August 2016, the interface had gained popularity after Prime Minister Narendra Modi demonetised 86% of currency in circulation in November.

According to the paper, two other features could be introduced soon. First is the ability to automate recurring payments, similar to the way customers give their banks standing instructions to transfer money on a regular basis to a particular entity. The draft paper also suggests a feature that will protect consumers against hoax entities pretending to be merchants. Through this feature, bankers will have to ensure that a merchant demanding money is registered with the National Payments Corporation of India and partner banks. Entities that are not registered will be able to send transaction requests too, but the United Payments Interface is likely to flag those requests with a warning.

The paper was released largely for coders and developers. It was reviewed by and it suggests that the service could use Aadhaar-linked biometrics to bypass the use of Personal Identification Number or PIN to authorise transactions. The paper says this could result in more efficiency as users often forget their PIN, or make mistakes while entering it to authenticate transactions.

The draft paper states: “While PIN has been used across the payment systems, the issues related to this such as users having to remember multiple PINs, forgetting PIN or entering wrong PIN have been the major cause of the transaction declines.”

The paper adds that there is an additional security concern in case of phone theft when the thief could make a transaction by simply entering the PIN – all of which, the paper claims, could be fixed by allowing for biometric authentication. This feature, however, is going to be optional as the PIN will remain the default authentication source for those unwilling to move to biometrics, the paper states.

“Biometrics is emerging as an effective mechanism to both identifying users as well as authorising any financial transactions,” it adds, giving the example of the Unique Identification Authority of India, which has generated 116 crore 12-digit Aadhaar numbers using biometrics.

The United Payments Interface integrates bank accounts with mobile phone numbers and allows people to pay or receive money in real time through the mobile apps of their respective banks, or through common apps such as Bhim and PhonePe. This payment mode saw a surge in usage after demonetisation as depicted in the chart below, with more than 1.6 crore transactions a month taking place on the United Payments Interface platform.

For the second version of the payments interface, the government is hoping that mobile manufacturers will soon start producing phones with biometric capabilities that are compatible with Aadhaar.

This will allow the United Payments Interface’s own biometric authentication to go through seamlessly by linking it through Aadhaar’s central depository of biometrics, which can verify a user’s biometrics and provide the approval for the transaction if the biometrics match, or decline a transaction in case it does not.

Here is the proposed transaction flow, according to the draft document put out by the National Payments Corporation of India.

Transaction flow for a biometrics-based United Payments Interface transaction.
Transaction flow for a biometrics-based United Payments Interface transaction.

As seen in the chart above, the process flow will involve a user opting for biometric authentication instead of a PIN to authenticate transactions. When the user makes a transaction, their biometric input such as fingerprints or iris scans will be forwarded to the Unique Identification Authority of India, which will then verify it with its own database and reply with a yes/no response. If the response is positive, the banks of the two entities involved in the transaction are debited and credited.

“This functionality will be available to the entire UPI ecosystem and users with compatible smartphones shall be able to use this as an alternative to authorize transaction. Inclusion of Iris authentication and fingerprint into UPI will not only make payments more secure but will also take a huge leap towards integrating next generation technology with current payments system.”

— National Payments Corporation of India's draft paper on UPI 2.0

However, it is not as if the use of biometrics to authenticate financial transactions is not without concerns. On Sunday, the Uttar Pradesh Police arrested 10 men in connection with a racket in which they created fake Aadhaar numbers after they cloned biometrics of Aadhaar enrolment operators to access the Unique Identification Authority’s official client application.

In its defence, the Aadhaar authority said in a press release on Monday that it filed the First Information Report in the Uttar Pradesh case itself and its system is “robust” enough to detect “anomalies and abnormal activities” in the enrollment process. It added that its systems and data cannot be breached. The agency said that this is because it only accepts Unique Identification Authority of India-certified devices for the enrollment and authentication of individuals. However, if the device is not as per the authority’s standards, the system rejects the attempt to breach the system automatically, the authority added.

A representative of the corporate communications division of the National Payments Corporation of India said on the phone that the organisation would not comment on the draft at this stage. An email questionnaire to National Payments Corporation of India went unanswered and this report will be updated if and when the organisation responds to the queries.

Recurring payments made easy

The document also pointed to the possibility of the United Payments Interface ecosystem allowing users to make recurring payments such as bills for utilities or credit cards using standing instructions. The update is likely to allow users to permit their accounts to be debited by their respective billing companies, and the money will be transferred in real time using the United Payments Interface each time the bill is due without the customer having to intervene.

The draft states that even as the United Payments Interface currently offers the quick response or QR code functionality already to receive or send money, the next version will likely come with the ability to do the same for recurring payments.

Introducing trust

Another change that could come in UPI 2.0 is the introduction of “trusted sources”, which refers to merchants who can register with the National Payments Corporation of India to guard their customers against fraudulent entities pretending to be them. This system will be called “signed intent” as each collection request from a registered merchant will come with a digital signature of the bank verifying that they are real.

This is likely to be done by registering merchants with the National Payments Corporation of India and banking partners. Afterwards, any collect request from the merchant will be verified against their registered key at the bank, and the user will get a signed notification to be able to transfer money securely.

In case the request cannot be verified as one made from a trusted source, the application for the United Payments Interface will flag those requests with a warning. The draft suggests that this will allow people to be sure that the entity they are paying using the interface is a legitimate one.

We welcome your comments at
Sponsored Content BY 

Virat Kohli and Ola come together to improve Delhi's air quality

The onus of curbing air-pollution is on citizens as well

A recent study by The Lancet Journal revealed that outdoor pollution was responsible for 6% of the total disease burden in India in 2016. As a thick smog hangs low over Delhi, leaving its residents gasping for air, the pressure is on the government to implement SOS measures to curb the issue as well as introduce long-term measures to improve the air quality of the state. Other major cities like Mumbai, Pune and Kolkata should also acknowledge the gravitas of the situation.

The urgency of the air-pollution crisis in the country’s capital is being reflected on social media as well. A recent tweet by Virat Kohli, Captain of the Indian Cricket Team, urged his fans to do their bit in helping the city fight pollution. Along with the tweet, Kohli shared a video in which he emphasized that curbing pollution is everyone’s responsibility. Apart from advocating collective effort, Virat Kohli’s tweet also urged people to use buses, metros and Ola share to help reduce the number of vehicles on the road.

In the spirit of sharing the responsibility, ride sharing app Ola responded with the following tweet.

To demonstrate its commitment to fight the problem of vehicular pollution and congestion, Ola is launching #ShareWednesdays : For every ​new user who switches to #OlaShare in Delhi, their ride will be free. The offer by Ola that encourages people to share resources serves as an example of mobility solutions that can reduce the damage done by vehicular pollution. This is the fourth leg of Ola’s year-long campaign, #FarakPadtaHai, to raise awareness for congestion and pollution issues and encourage the uptake of shared mobility.

In 2016, WHO disclosed 10 Indian cities that made it on the list of worlds’ most polluted. The situation necessitates us to draw from experiences and best practices around the world to keep a check on air-pollution. For instance, a system of congestion fees which drivers have to pay when entering central urban areas was introduced in Singapore, Oslo and London and has been effective in reducing vehicular-pollution. The concept of “high occupancy vehicle” or car-pool lane, implemented extensively across the US, functions on the principle of moving more people in fewer cars, thereby reducing congestion. The use of public transport to reduce air-pollution is another widely accepted solution resulting in fewer vehicles on the road. Many communities across the world are embracing a culture of sustainable transportation by investing in bike lanes and maintenance of public transport. Even large corporations are doing their bit to reduce vehicular pollution. For instance, as a participant of the Voluntary Traffic Demand Management project in Beijing, Lenovo encourages its employees to adopt green commuting like biking, carpooling or even working from home. 18 companies in Sao Paulo executed a pilot program aimed at reducing congestion by helping people explore options such as staggering their hours, telecommuting or carpooling. After the pilot, drive-alone rates dropped from 45-51% to 27-35%.

It’s the government’s responsibility to ensure that the growth of a country doesn’t compromise the natural environment that sustains it, however, a substantial amount of responsibility also lies on each citizen to lead an environment-friendly lifestyle. Simple lifestyle changes such as being cautious about usage of electricity, using public transport, or choosing locally sourced food can help reduce your carbon footprint, the collective impact of which is great for the environment.

Ola is committed to reducing the impact of vehicular pollution on the environment by enabling and encouraging shared rides and greener mobility. They have also created flat fare zones across Delhi-NCR on Ola Share to make more environment friendly shared rides also more pocket-friendly. To ensure a larger impact, the company also took up initiatives with City Traffic Police departments, colleges, corporate parks and metro rail stations.

Join the fight against air-pollution by using the hashtag #FarakPadtaHai and download Ola to share your next ride.

This article was produced by the Scroll marketing team on behalf of Ola and not by the Scroll editorial team.