The National Payments Corporation of India (NPCI) is in discussions with a few startups to enable biometric authentication for the popular mobile-based UPI payments, according to a couple of sources aware of the matter.
UPI uses a personal identification number (PIN) as the second-factor authentication - similar to OTP (one-time password) for card payments - for mobile payments as of now.
Enabling biometrics would mean that consumers will use their fingerprint on the Android platform and face ID on iPhones for UPI transactions, instead of four or six-digit UPI PIN.
For UPI, primary factor authentication is the device binding done through SMS, while customers enrol for UPI on their mobile devices.
While the primary initiative on alternative payment authentication started more than three years ago, the urgency now stems from the Reserve Bank of India’s concern about multiple UPI scams that keep happening because of PIN-related frauds.
Last week, the regulator published a framework for alternative payment authentication other than OTP for card transactions. The regulator prefers behavioural risk patterns and biometrics over other means as of now.
“In order to enable the payments ecosystem to leverage the technological advancements and implement alternative authentication mechanisms, it has been decided to publish a Framework on Alternative Authentication Mechanisms for Digital Payment Transactions,” the RBI statement said.
“While this did not mention UPI, the regulation and implementation of UPI policies is directly within the regulator and NPCI, which is also a quasi-regulator. And this has been in the works,” said the first source mentioned above, adding that the NPCI tried accessing Digilocker for enabling biometrics, but was not successful and hence started exploring partnerships with startups.
The NPCI has not finalised any partner for this initiative and discussions have been happening on financial and legal terms of the partnership. The rollout is expected to take more than three months after NPCI ropes in a technology service provider. During the initial stages, both PIN and biometric authentication are likely to coexist.
The NPCI did not respond to Moneycontrol queries regarding its plan for alternative payment authentications.
A long wait
“While the NPCI is certain to implement the biometric authentication in a few months, the startup partner has not yet been decided. Since the regulator is keen on alternative methods to ensure risk mitigation to reduce frauds, NPCI is likely to accelerate the plan,” says the second source quoted above.
In 2021, the NPCI held a hackathon called NPCI PayAuth Challenge for startups to come up with various alternative authentication methods. The startup winners included Tech5, payment processor Juspay, MinkasuPay and Infobip.
The startups were allowed to present a proof of concept (POC) to the UPI Steering Committee, which comprises several banks and UPI apps. While Tech5 and MinkasuPay made their presentations, banks preferred MinkasuPay as it did not require the issuing banks to make any major changes.
The UPI is the most popular digital payment method in the country controlling 80 percent of all online transactions. The platform, launched in 2016, enables over 14 billion transactions every month worth over Rs 20 lakh crore.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
