Many popular instant messaging platforms are getting into digital payments, while some digital payment platforms are getting into instant messaging. Instant messaging and instant payments platforms seem to compliment each other. However, one question remains – are such payments secure?
The latest to enter the fray is WhatsApp (owned by Facebook). It now allows users to send or receive money from within the app itself. It works using the UPI (Unified Payments Interface) that was set up by the National Payments Corporation of India. Not just WhatsApp, but even apps such as PhonePe, Truecaller and Hike Messenger all use UPI to send or receive money within the app.
To figure out how secure payments through messaging platforms are, one has to first understand how UPI works.
How Does UPI Work?
When one wants to transfer money to somebody online, the choices have so far been limited. You have either used one of the wallet apps (such as PayTM, Mobikwik or Oxigen) or you asked the receiver for his/her bank account details, complete with IFSC code, added them as a payee (which could take a few hours), and then completed the transaction.
However, UPI is like an email address that is directly linked to your bank account (xxxxx@bankname). This unique identity is linked to the phone number registered with your bank. All that UPI requires is the receiver’s UPI identity or phone number. Completing a transaction simply requires the user to authenticate the transaction using a PIN number (not a one time password, as is the case with wallets or online card transactions). This makes it faster.
How Secure is UPI?
Using the United Payments Interface works out to be more secure than other platforms, because the sender and receiver do not need to share their bank account details. The only thing the sender or the receiver sees is the other person’s UPI ID or their phone number, as the case may be.
To send money, the sender also has to enter their UPI PIN (set up at the time of creating a UPI ID with your bank account). This authenticates the transaction and serves as the second factor in authorising the transaction (two-factor authorisation compliant).
How Do Messaging Systems Use UPI?
WhatsApp, Hike, Truecaller, and even PayTM have begun to use the UPI system. There are other exclusive payment platforms that use the UPI interface, like the government’s BHIM and Google’s Tez.
All these apps just link to your phone number and the associated bank account related to your UPI ID. To use any of these payment methods, you first have to set up a UPI account with your bank.
All these messaging apps have a separate tab (or in WhatsApp’s case, a button) that allows you to send or receive money. The moment you use this, it will search for the associated UPI ID – with the phone number – and once verified, the transaction can be completed using the UPI PIN number.
Can These Apps Login To My Bank Account?
No, none of these messaging apps can login or see the details of your bank account. They can only read the phone number and UPI ID associated with the bank account. However, a user also has to enter their UPI PIN number each time a transaction is carried out.
This is where it helps to transact only through recognised apps and platforms – those that are verified by Google or Apple – as malicious apps could record keystrokes (and hence your PIN number). Apps such as WhatsApp, PayTM, BHIM, Tez, Hike and Truecaller are safe.
Is Payment Through Messaging Easier Than e-Wallets?
Whether you are using a messaging platform to transfer money or an e-wallet, it’s all about the ecosystem. For example, a PayTM user can transfer money to another PayTM wallet user directly with just a couple of clicks. Similarly, one WhatsApp user can send money to another WhatsApp user in the course of a conversation, within WhatsApp itself. However, you can’t exactly send money from WhatsApp to PayTM or vice versa. It is limited to the ecosystem.