An alternative UPI system, according to a computer science student from the Mahendragarh region of Haryana, is intended to lessen online payment fraud and stop unintentional money transfers.
Ankit Thakur, a B.Tech (Computer Science) student from the Mahendragarh region of Haryana, has created a substitute UPI system that he says is a "foolproof" way to stop unintentional transactions and cyber fraud.
Ankit started his endeavour in 2020 when a UPI scam cost his father, a driver, Rs 20,000. His investigation into security flaws in existing payment systems was prompted by this personal loss.
"I have created a different UPI mechanism that eliminates the possibility of cybercrime. Additionally, it will stop financial losses from unintentional internet transactions," Ankit said, while speaking The Tribune. "I could patent the system in my name, but I want the Government of India to adopt it so that crores of UPI users across the country can benefit."
In addition to the alternative payment approach, he has created a UPI mobile application.
Ankit claimed that the first problem was a "Chrome Intent Vulnerability," which he defined as a hole that permits rogue webpages to start sensitive applications, like UPI apps, without the user's consent.
The term "Chrome Intent Vulnerability" describes a vulnerability in the Chrome browser that enables a malicious website to open sensitive apps, such as UPI, without the user's consent or even a single click. Scammers have immediate access to the user's payment interface because of this feature, he explained.
According to the second problem, "Authentication Bypass," attackers were able to get over the initial layer of authentication, which included biometric security and app locks.
"Many such loopholes may still exist, even though Google Pay and Paytm fixed this serious vulnerability after my report," Ankit reportedly said.
According to Ankit, the third vulnerability—which he called "Audio Hijacking"—was more risky since it may deceive customers during transactions.
In this scenario, he explained, UPI applications fail to ‘lock audio focus' during a transaction. An audio such as "Enter your PIN to receive money" can be played by a dubious app that is concealed in the background. "The user falls victim to scammers because they think the voice is coming from the payment app itself," he pointed out.
Essential Business Intelligence, Continuous LIVE TV, Sharp Market Insights, Practical Personal Finance Advice and Latest Stories — On NDTV Profit.