India Insights with Geetha Nandikotkur

3rd Party Risk Management , Analytics , COVID-19

Securing APIs to Enable QR Code Interoperability

Assessing Third-Party Risk to Prevent Transactional Fraud
Securing APIs to Enable QR Code Interoperability

India has about 100 payment systems operators that are using proprietary QR codes, and the Reserve Bank of India says that creates risks because customers must maintain different applications and passwords.

RBI's drive for QR code interoperability will pressure the payments companies to secure their APIs and enhance their authentication standards.

See Also: Live Virtual Summit | Measuring Your Data's Risk & The Cost of Unpreparedness

P Vasudevan, chief general manager, RBI, explains that going forward, those using proprietary QR codes will have to build interoperability with either Unified Payments Interface or Bharat QR codes by March 31, 2022.

Previously payments companies used proprietary QR codes, which only allowed digital payments from specific mobile applications.

The change will require building APIs and deploying appropriate security controls, encryption tools, and third-party risk evaluation mechanisms to prevent data leakage during the transaction.

Delhi-based consultant Amit Dev says payments firms will face increased risks if they fail to build effective interfaces to align with NPCI's UPI and Bharat QR code.

Streamlining QR Code: What does RBI Want?

Using just two standards, rather than the current 100, and making QR codes interoperable will remove the need to maintain different apps for payments across merchants. RBI says better user convenience will be achieved with enhanced system efficiency, as only the approved APIs will be used for transactions.

When India withdrew larger banknotes from circulation in a bid to hit untaxed wealth (demonetization in 2018), QR codes grew in popularity. Digital fintech player PayTM rolled out code-based payments, followed by many others including PhonePe, Mobikwik, Razorpay, and Freecharge. QR code-based payments were used by small and informal merchants using proprietary apps.

A standard QR code with Bharat QR and UPI QR used by all types of merchants across all payment instruments will reduce the threat landscape and so help prevent fraud.

But risk will be concentrated on the two platforms, so companies need to develop secure APIs for interoperability with Bharat QR code and UPI.

Currently, APIs are poorly protected despite rapid and widespread deployment, and automated threats are mounting. Personally identifiable information (PII), payment card details, and business-critical services are at risk due to bot attacks.

Payment firms need to:

  • Make API security a higher priority;
  • Conduct security testing and audit of the Application being used for QR Code-based payment;
  • Evaluate the use of encrypted tools and API documentation between the app provider, payment gateways, and banks.
  • Ensure that there is no authentication lapse while building interoperability, which could result in funds being intercepted or sent to the wrong person.

The security level will improve digital cashless transactions once the QR code platform is standardized with this interoperability and secured API.

About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Vice President - Conferences, Asia, Middle East and Africa, ISMG

Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a group editor for CIO & Leader, IT Next and CSO Forum.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.