caalley logo

The alley for Indian Chartered Accountants

NPCI stepping in to stop AePS frauds, suggests ways to banks

Oct 30, 2023

Synopsis
The retail payment body which runs AePS wants banks to explicitly seek customer consent regarding this service at the time of account opening.

The National Payments Corporation of India (NPCI) wants companies offering Aadhaar-enabled Payment System (AePS) to bring in additional security measures to check rising incidents of fraud attacks on the network.

In a notification issued to all banks and payment companies offering this service on October 26, NPCI wrote that just like mandatory security features on debit cards, banks need to introduce mandatory security norms for AePS transactions.

The retail payments body has asked banks to stop AePS services for accounts which have not received any AePS debits in the last 12 months by the end of next month.

It has also asked banks to immediately disable this service for accounts where the only AePS transaction noticed in the last 12 months has been reported as a fraud transaction.

“Most of the digitally active bank account holders do not use AePS services as their preferred mode of banking…AePS serves the profile of customers who are not digitally active,” said NPCI, in a letter addressed to all AePS service providers, a copy of which was seen by ET.

Similar to international transactions on cards, which are mandatorily blocked at the time of issuance of the card, NPCI wants banks to take explicit consent from customers regarding offering this service. Banks should also offer the option to either ‘enable’ or ‘disable’ AePS as a debit mode through multiple modes like mobile banking, branch banking, call centre etc, NPCI said.

“NPCI wants customers to have easy access to enabling or disabling this service and that needs to be done through the multiple communication channels that banks have,” said the founder of a payment company, which offers these services in rural India.

ET reported about the rising incidents of fraud on the AePS network on June 2 and how banks were setting up additional guardrails to check such cases.

ET also reported on October 4 how fintechs are banking on introduction of liveness detection of biometric prints at the time of AePS debit transactions, to reduce cases of chargebacks.

“The volume of fraud attacks followed by chargeback claims from customers is going up on AePS, for payment companies which operate on narrow margins, it is becoming a huge problem for business,” said the payment industry executive cited earlier.

Another chief executive at a fintech, which offers AePS services in rural India, pointed out that agents are hand in gloves with fraudsters in many cases, necessitating the need for proper audit checks.

UIDAI has already developed an AI-based software update, which can help stop transactions verified by silicon implanted fingerprints, but a senior banker in the know said it is taking time to roll it out across the industry.

“There is a patch that needs to be deployed from the backend, but many companies have not updated the biometric dongles yet, which is why the system continues to remain vulnerable,” the banker said.

The issue with AePS as a service is that while only a certain section of the population uses the debit service, a large base of bank customers receive government subsidies through the network as a credit transaction.

NPCI, wrote in the communication sent on October 26 that all such credit transactions and seeding of Aadhaar number with the bank account should not get disrupted through this communication.

[The Economic Times]

Read more on:
Don't miss an update!
Subscribe to our newsletter