In a proactive move to enhance the security and reliability of the Unified Payments Interface (UPI) ecosystem, the National Payments Corporation of India (NPCI) has issued a directive aimed at major third-party UPI apps such as Google Pay, Paytm, PhonePe, and others. The mandate, conveyed through a recent circular, requires these platforms and associated banks to deactivate UPI IDs and numbers that have remained inactive for over a year.
NPCI, a non-profit organization overseeing retail payments and settlement systems in India, emphasizes that this measure is essential to prevent unintentional fund transfers to unintended recipients. The risk arises when customers change their mobile numbers without unlinking the old ones from the banking system, as there is a chance that the old mobile numbers could be issued to new subscribers.
The Supreme Court‘s recent ruling has underscored that mobile service providers cannot be restricted from reallocating deactivated or disconnected numbers to new subscribers after the statutory 90-day period.
According to the new guidelines outlined in the circular, third-party app providers (TPAPs) and payment service providers (PSPs) are mandated to take the following actions and implement them by December 31, 2023.
1. All TPAPs and PSP banks have been asked to identify UPI IDs and associated UPI numbers and phone numbers of the customers who have not performed any financial (debit or credit) or non-financial transactions for 1 year from the UPI apps.
2. UPI IDs and UPI numbers of such customers shall be disabled for inward credit transactions. This means that they will not be able to receive money on these numbers. Further, PSPs shall deregister the same phone number from the UPI as well.
Read More: Make In India Push: India Grants Incentives For Dell, HP, Foxconn To Make IT Hardware Locally
3. Customers with inward credit on UPI IDs and phone numbers blocked shall re-register in their UPI apps for UPI mapper linkage. Costumes can make payments, and non-financial transactions using UPI Pin as needed.
4. UPI apps shall perform Requester Validation (ReqValAd) before initiating ?Pay-to-contact’ and ?pay to mobile number’. UPI apps shall show the customer name which has been fetched before initiating the transaction and shall not display the name which has been stored at the app’s end.
This directive applies to all UPI apps, including TPAPs and PSP banks, with a deadline for implementation set for December 31, 2023. NPCI emphasizes the importance of promptly communicating this directive to all relevant stakeholders for necessary actions.