List of Problems with BHIM TnC

List of Problems with BHIM TnC

@CashlessConsumr

Before writing this list of anti-consumer clauses in TnC of BHIM, Let me add few disclaimers.

  1. CashlessConsumer is NOT a Luddite anti-technology, anti-digital payments group. We are consumers who want a fair cashless system and offer consumer perspectives to ecosystem participants including developers, regulators, government to improve robustness of cashless payment ecosystem.
  2. CashlessConsumer believes in potential of digital payments, seeks a more open, transparent, fair, accountable UPI, digital payments, making it easy for banks, developers, consumers through a real public good platform for advancement of economy and country. We have engaged with NPCI (through IndiaStack) on various issues related to UPI and will continue to do so.
  3. CashlessConsumer does not have political affiliations. Our primary and only concern is rights of consumers (not citizens) are not infringed upon and violated by banks, corporations to advance unjust, unethical practices the banking / payment industry. I have regards for my Prime Minister and critique on BHIM, UPI, Indian digital payments is not a political one and feel PM, PMO is not adequately informed but is used for promotional purpose.

Surveillance / Privacy Issues with BHIM and Terms and Conditions

  1. Availability of Terms and Conditions (TnC)
  • Bug 001: The TnC on android is available only during installation. Post installation, the user doesn't have any means to read the TnC, even though app and TnC auto updates itself. iOS users on the other hand have this link.
No link to TnC inside BHIM app. Same is present in iOS app, see tweet preceding above tweet.
  • Bug 002: USSD / Aadhaar users who would be using BHIM / BHIM Aadhaar merchant solution would have never had any access to this TnC, but would be bound by it.
AePS users should ideally understand and agree to TnC through a toll free number for an informed consent to use of digital / aadhaar linked payment systems.
  • Bug 003: There are multiple versions of TnC. The one shown in Android app during registration and one hosted in NPCI site has many differences.
The one on NPCI website has several additional clauses.


Privacy / Surveillance concerns in BHIM / UPI

UPI Technical Specs reveal that any and all transactions / communication between the user embed the geo-location of UPI user along with it.
  • Bug 004 : Every UPI request (through any UPI app, not just BHIM) attaches geo-location with it.
  • Bug 005 : Terms regarding telephone calls monitoring / recording (6.3 on app screenshots, 6.4 on the PDF). Remember UPI is a mobile first and NPCI already has access to all phone numbers. Through the TnC acceptance, it also legally gains your consent to monitor / record your calls with any other BHIM user.

https://photos.google.com/u/1/photo/AF1QipPSWQZMEkor9nnalqkXmGmm2CMAn9fMH9iO0t8X

Even though the "manage phone calls" android permission might be to get IMEI for onboarding registration, NPCI through the consent provided by TnC, can, at its discretion legally ask any telco to provide monitoring / recording of your calls. People suggest that this is badly worded. If so, it must be quickly corrected.

  • Bug 006 : Versions of TnC can keep changing automatically, and user automatically accepts latest version. This is a broken consent model and is anti-consumer. Any update to TnC must be informed to user and consent must be obtained freshly. All versions of TnC must be publicly archieved for ever along with dates of their applicability.
  • Bug 007 : Liability of NPCI. Read the below article.

http://www.moneylife.in/article/bhim-upi-npci-says-it-wonrsquot-be-responsible-for-loss-or-fraud-user-fully-takes-the-risk/50270.html


For a sustainable digital payments infrastructure, it is essential that rights of consumers, consent, privacy are respected.



Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org