Last Updated : Jan 04, 2017 10:11 AM IST | Source:

How a startup by 20-year olds secured the BHIM App

Launched last week by government, BHIM became the top trending app on Google Play store in India. However, few know that the UPI based payments app has been made secure by a bunch of hackers in their late twenties.

Harsimran Julka

Moneycontrol Bureau

Prime Minister Narendra Modi launched the BHIM app for Unified Payments Interface (UPI) based bank transfers last week in a bid to support cashless transactions post demonetisation.

However, very few people know that the app was made secure by a New Delhi based-startup called Lucideus founded by a bunch of hackers in their late twenties.

Angel Funded by former Snapdeal's former CTO Anand Chandrashekharan and ex-CFO of Flipkart Sanjay Baweja, Lucideus worked on the security assessment of the UPI common library last year.

As a result, it also received the security assessment contract for BHIM app this year from NPCI (National Payments Corporation of India).

"A dozen of security experts from our team worked on this app for the last few weeks. The app has a three factor authentication, which makes it more secure compared to any other mobile payment application and minimizes the risk of fraud,” said Saket Modi, CEO and Co-Founder, Lucideus. Other two co-founders of the startup include Rahul Tyagi and Vidit Baxi.

The three factor authentication for BHIM app works like this. The app ties itself to a device ID and mobile number. Whenever a person changes his or her mobile phone and installs the app on another, the BHIM app automatically unbinds itself from the previous device. The mobile number is KYC-enabled by banks. Every time a person transacts, he or she has to enter the UPI and BHIM PIN.

Also read: BHIM app can give Paytm & co a run for their money

What if a phone is stolen and a hacker uses an algorithm to crack the 4-digit password? "There is nothing that is 100% safe in this world. However the three layers make BHIM app more secure than usual m-wallets which store cash," says a spokesperson for Lucideus.

All three founders of the startup are hackers and IT experts by qualification aged in their late twenties. The company was incubated in IIT Bombay's incubation centre in 2012 and focuses on IT security assessment, cyber forensics, fraud investigation and training. It has done security assessment for apps of a large number premier banks and consumer companies in India. Some of it's clientele now include Standard Chartered, ICICI Bank, DCB, UTI, RBI, Bharti Axa, Jabong, etc.

First Published on Jan 3, 2017 04:04 pm
Follow us on
Available On