The National Payments Corporation of India (NPCI) has adopted a strict stance against the unauthorized use of virtual IDs generated for Unified Payments Interface (UPI) transactions. A report from the Economic Times highlights concerns over certain fintech firms offering services that allow businesses to authenticate users using their UPI IDs, which contravenes NPCI and Reserve Bank of India guidelines. In response, NPCI has communicated directly with all member banks and third-party payment apps, emphasizing the importance of compliance.
In a letter addressed to fintech companies, NPCI has instructed them to cease these unauthorized services immediately. The letter clarifies that UPI APIs are intended solely for facilitating UPI payments and for user verification related to fraud prevention, asserting that these APIs should not be repurposed for any other uses.
NPCI stated, “NPCI has observed instances of unauthorized use of UPI APIs by certain participants. In accordance with the guidelines set forth, the UPI APIs provided by NPCI are strictly for the purpose of facilitating UPI payments for customers and for required verification of users for fraud prevention. These APIs must not be used independently for any other purposes other than the above mentioned.”
The letter also warned of severe repercussions for non-compliance, emphasizing that identity verification platforms, payment aggregators, and other fintechs have been improperly utilizing UPI application processing interfaces (APIs) provided by NPCI. These APIs enable seamless integration of business systems and facilitate information flow, which NPCI insists must remain within the boundaries of their intended use.
Furthermore, NPCI has prohibited participating members from entering commercial arrangements with third parties for the provision of “APIs as a service.” Any violations of these guidelines will result in stringent actions, including the possibility of penalties or the suspension of UPI services. “Any violation of these compliance guidelines will be dealt with the utmost severity, including the imposition of penalties or cessation of UPI services,” the letter concluded.
This decisive action underscores NPCI’s commitment to maintaining the integrity and security of the UPI framework, ensuring that its APIs are used exclusively for their intended purposes, thus protecting users and the payment ecosystem at large.
 has adopted a strict stance against the unauthorized use of virtual IDs generated...){kind=link}