The National Payments Corporation of India (NPCI) has issued warnings to fintech companies using virtual IDs for Unified Payments Interface (UPI) transactions in ways that breach regulatory guidelines. NPCI’s move follows reports that some companies are offering UPI-based user authentication services, which go beyond the allowed scope of UPI usage, violating NPCI and Reserve Bank of India (RBI) regulations.
NPCI Targets Unauthorised Use of UPI IDs
In a letter shared with fintech companies, member banks, and third-party payment apps, NPCI instructed companies to immediately stop using UPI APIs for non-payment purposes. “The UPI APIs provided by NPCI are strictly for the purpose of facilitating UPI payments and for the required verification of users for fraud prevention,” the letter stated. The organisation expressed concern over fintech firms providing unauthorised services to businesses that enable user authentication using UPI IDs.
Fintech Firms Risk Penalties and Ban
NPCI has warned fintech companies that continuing these unauthorised practices could lead to strict penalties, including fines and a potential ban from UPI services. The letter explicitly stated, “Any violation of these compliance guidelines will be dealt with the utmost severity, including the imposition of penalties or cessation of UPI services.” NPCI also prohibited participating entities from entering into commercial arrangements to provide UPI APIs as a service to third parties.
Regulatory Pressure Intensifies on Fintech Firms
Fintech companies that offer identity verification services using UPI APIs face increased scrutiny, with several halting these services after NPCI’s notice. Regulators are closely monitoring compliance with UPI guidelines, ensuring that user data is protected and the platform is used solely for its intended payment-related functions.
