In what turned out to be a nightmare for thousands of Truecaller users in India, it has come to light that a so-called bug automatically created their Unified Payments Interface (UPI) accounts with the ICICI Bank without their consent. This shocking event triggered panic and fear of hacking in ICICI Bank account holders. The affected users had received an SMS from ICICI Bank - starting from late Monday evening till morning hours on Tuesday - which said, "your registration for UPI app has started. If it was not you, report now to your bank. Do not share card details/OTP/CVV with anyone to avoid financial loss". The message scared several users who immediately approached the ICICI Bank customer care and blocked their netbanking and debit cards.

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

"It was like someone attempting to break into my Internet banking account. The ICICI Bank customer care staff told me there was some suspicious activity in my online account, hence I requested them to immediately block Internet banking and safeguard the funds," news agency IANS quoted an affected user as saying. The user further said, "It was a nightmare for me to wake up and see this message. Since it came from the bank, it was enough for me to believe it. I do not know if my smartphone data has also been hacked."

Is your money at risk? What actually happened?

According to Dilip Asbe, MD & CEO of National Payments Corporation of India (NPCI), this was an enrolling mistake by the app that went ahead to sign up subscribers without the consent of the customers. However, the customers wouldn't be able to do UPI transactions even after receiving the message. "This is enrolling mistake by the app without customer consent. With this customer, can't do any UPI transaction. For  onboarding, to UPI the customer has to still enter 2FA (issuer OTP and debit card), and set UPI pin. The workflow mistake is limited to enrolling which will not have any impact on any customer account whatsoever," Asbe told Zee Business Online.

NPCI is an umbrella organisation for operating retail payments and settlement systems in India. It is an initiative of RBI and Indian Banks’ Association (IBA) under the provisions of the Payment and Settlement Systems Act, 2007.

What Truecaller said

In an official statement, "We have discovered a bug in a recent update of Truecaller that affected the payments feature (India only), which automatically triggered a registration post updating to the version. This was a bug and we quickly discontinued this version of the app so no other users were affected. We're sorry about this version not passing our quality standards. We've taken quick steps to correct the issue by issuing a fix in the newest version, 10.41.7, and deregistered users that were previously affected."