NPCI Stops Onboarding Truecaller Users on UPI After Data Breach

On 30 June, Truecaller had registered users to the UPI account with ICICI Bank without their permission.

Updated07 Aug 2019, 09:52 AM IST
Tech and Auto
2 min read

The National Payments Corporation of India (NPCI), in a letter to the Internet Freedom Foundation, stated that it has stopped onboarding new Truecaller users on its UPI platforms.

“We wish to reiterate that no sooner the bug was noticed on 30 July 2019, NPCI has stopped Truecaller new user onboarding services on UPI platform,” wrote Dilip Asbe, NPCI Managing Director and CEO.

IFF had written to NPCI on 1 August, expressing concern about the “non-consensual automated sign-ups for UPI,” and urged it to undertake an investigation into the security breach.

A bug in caller-ID app Truecaller risked its users’ financial data on Tuesday, 30 July. The app, which helps people avoid spam callers, started registering users to the Unified Payment Interface (UPI) account without their permission.

Truecaller’s payment service works in India through its payments partner, ICICI Bank, which facilitates UPI service for the platform.

The bug in Truecaller became active when one downloaded the app’s 10.41.6 update.

“The matter is under investigation and will be informed once due diligence is completed in all aspects.”
Dilip Asbe, NPCI Managing Director and CEO

IFF, in a statement issued on Wednesday, said: “This is not only about Truecaller. It is about user consent more widely. The privacy, safety and security of users on the UPI interface.”

“While for a complete remedy, we need a data protection law (which India does not have yet) that is user centric (like the Indian Privacy Code), we appreciate and commend the actions being taken by NPCI within its mandate and urge it do more,” it added

Truecaller had released a statement confirming the presence of the bug. The company will be releasing a new version of the app with a fix. It told The Quint:

“We have discovered a bug in the latest update of Truecaller that affected the payments feature, which automatically triggered a registration post updating to the version.”

Liked this story? We'll send you more. Subscribe to The Quint's newsletter and get selected stories delivered to your inbox every day. Click to get started.

The Quint is available on Telegram & WhatsApp too, click to join.

Published: 07 Aug 2019, 06:01 AM IST
Stay Updated

Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.

Join over 120,000 subscribers!