Not the best write-up, but I’ve written a round sketch of what I wanted to explain about:
Data collection: UPI collects a lot of data about the user, for example, transaction history, phone number, payment address, IFSC, virtual ID and even location data.
Data sharing: Agreements with other countries by NCPI to facilitate cross-border sharing means that there is more attack surface for data leaks. Ignoring that, even by current standards, there is data sharing between third-parties like service providers, banks and government (NCPI), allowing for misuse of data, as well as breaches. UPI breaches have happened before already, this isn’t something new, for example, BharatPay and PhonePe’s transaction breaches
Lack of transparency: There is no transparency on UPI - how it works, how the data is handled, and what security measures have been taken. There is a centralized governmental organization, all the transactions go through their unified system, and there’s nothing else - not even an open-source repository to add to the confidence of ensuring privacy. There are no policies or laws dictating how our data will be handled.
Surveillance: There’s multiple reports about surveillance tech in India by organizations like Amnesty and AccessNow, then there was the Pegasus scandal. There are multiple mass-surveillance programs in India, including the Aadhar biometrics and the DRDO Netra. CCTV cameras are all across in major cities. If that is not already enough, there’s a unified system with no transparency - there is stopping the government from surveillance, when it can already collect so much from the user.
Not the best write-up, but I’ve written a round sketch of what I wanted to explain about:
Data collection: UPI collects a lot of data about the user, for example, transaction history, phone number, payment address, IFSC, virtual ID and even location data.
Data sharing: Agreements with other countries by NCPI to facilitate cross-border sharing means that there is more attack surface for data leaks. Ignoring that, even by current standards, there is data sharing between third-parties like service providers, banks and government (NCPI), allowing for misuse of data, as well as breaches. UPI breaches have happened before already, this isn’t something new, for example, BharatPay and PhonePe’s transaction breaches
Lack of transparency: There is no transparency on UPI - how it works, how the data is handled, and what security measures have been taken. There is a centralized governmental organization, all the transactions go through their unified system, and there’s nothing else - not even an open-source repository to add to the confidence of ensuring privacy. There are no policies or laws dictating how our data will be handled.
Surveillance: There’s multiple reports about surveillance tech in India by organizations like Amnesty and AccessNow, then there was the Pegasus scandal. There are multiple mass-surveillance programs in India, including the Aadhar biometrics and the DRDO Netra. CCTV cameras are all across in major cities. If that is not already enough, there’s a unified system with no transparency - there is stopping the government from surveillance, when it can already collect so much from the user.