NPCI rejects claims of data breach with respect to BHIM App

The National Payments Corporation of India (NPCI), which runs the BHIM App, on Tuesday asserted that there has been no data compromise pertaining to the popular small payments application. Reacting to the allegations of security chinks at a partner's end, the NPCI said an independent verification of the news was undertaken and no data breach compromising financial details of customers was found. The BHIM App has so far had 136 million downloads.  Vpnmentor, an Israeli ethical hacking and research firm, had on Monday claimed that data of over 7 million BHIM users was alleged to have been potentially exposed due to the suspected chink in the architecture of CSC e-governance Services, one of the partner entities which helped popularise the app.

The research firm had also said that a host of personal details like the PAN cards, screenshots of financial transaction histories etc were exposed. The NPCI explained that CSC in 2018 was working on a project to educate and activate village level entrepreneurs on digital payments and also educating them to create Merchant Virtual Payment Address (VPA) and added that most of these VPAs were not valid UPI IDs. After the allegations surfaced, NPCI engaged a digital risk monitoring firm, it said, adding that there is no data leak with respect to the BHIM app. UPI ID is a virtual ID/token that is meant to be shared conveniently, instead of real account details, and can be used to receive money, NPCI said.  "Based on the findings from the digital risk monitoring firm, it is ascertained that there is not a single instance of data breach compromising financial details of the customers," the NPCI asserted.  The body added that it follows a high level of security and an integrated approach to protect its infrastructure.

(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)