How large merchants are making ‘UPI payment’ for credit card refunds, exposing credit card numbers — compromising customer security and privacy.

A few days back I tried loading money into my Airtel Payments Bank wallet using my credit card. The transaction failed though the card was debited. I was reasonably sure the transaction would reverse itself in the coming days. And it did, but with a surprise. I get a message from ICICI saying

Thanks for your payment of Rs.X into your card XXXX via UPI.

I was initially surprised because I never use UPI to pay my credit card…


Database of Digital lending apps and their playstore metadata

In the previous post on abusive digital lending apps, CashlessConsumer listed 10 apps which seem to have been indulging in abusive lending practices, possibly fraudlent / illegal activities including but not limited to money laundering, extortion.

Thanks to Anam Ajmal of Times of India, Google took down all except one app, which too was later pulled down after trademark complaint by Ravi Sethia of Udhaar

Over the last couple of months, there have been reports of many lives (at least 5 till I could count from media reports).

There have…


A quick look at operations of white label digital crooks who operate fake instant digital lending apps and harass people.

Ever since #COVID19 struck, the Reserve Bank of India announced moratorium and confusion over its applicability for NBFC / Digital lenders, there was significant stress to people who got loans from these digital lenders to repay and strong arm collection tactics were used to call up people / contacts seeking repayment.

The consumers who were affected by this — took up to trend #OperationHaftaVasooli and there was significant mainstream media coverage of the same as well.

On 24 June 2020…


With the Coming of ‘One Nation One Ration Card’, It’s Important to Get the Technology Right. A nation-wide portability scheme is the need of the hour. But one cannot forget that technological safeguards are needed to preserve a citizen’s right to food as well as her right to privacy.

When the National Food Security Act (NFSA) was enacted in 2013, food grains were made a legal entitlement, but ration card holders were by and large locked into a particular geographical area.

Enter the ‘One Nation One Ration Card (ONORC)’ programme, a Public Distribution System (PDS) portability scheme that will enable…


Putting a longish commentary / first thoughts on the panel Webinar: Using Technology to Improve India’s Social Protection System

“Best of intentions” was heard multiple times in the conversation. I think its good to set the expectations right in message — Some intentions are not the best and if you ask me its okay. If technology is transparent, the rest of the intentions(which are win-win) and deliver 100%, we would still get 50% impact and there needs to be a democratic dialogue for ironing out rest of intentions (Not passing stuff as money bills / worse covid notifications like…


Full deepdive in to History, Policy, Regulatory, Business, Technology, Privacy, Data governance aspect of Bharat Bill Payment System

On June 13th, CashlessConsumer conducted its first study circle studying all things Bharat Bill Payment System (BBPS). Reading materials for the session were circulated to registered participants. You can access them

BBPS Reading List

Presentation Used :- https://docs.google.com/presentation/d/e/2PACX-1vRA7uZ14tJ8dj3GxXWdLm-6xkGoFxVSSnJjRv8hWzSbNfvh--3LHXoYs9M9c_P6d3fhQSn1Me5zATKe/pub?start=false&loop=false&delayms=3000

Federal Bank Sandbox API Test Repo :- https://gitlab.com/CashlessConsumer/federal-bank-bbps-apis

Entire Event Video :-


Summary of Discussion on Aarogya Setu Application, Reading list on Contact Tracing

A virtual discussion on the Aarogya Setu Application was conducted by HasGeek’s Kaarana community on 8th April, 2020. The video recording of the event is available on YouTube

Kaarana discussion on Aarogya Setu and Contact Tracing

In this discussion, Riddhi Shree, a security researcher working with Appsecco analysed the android application source using standard de-compilation tools, using which she explained the inner workings of, and the data being collected by the AarogyaSetu application.

Following this, Srikanth @logic— a member of the Kaarana community — provided an overview of other COVID mobile applications that have been launched since the crisis began…


In October 2018, CashlessConsumer had brought to your attention about privacy breach in BBPS[1] related to non-consensual retrieval of bill data of consumers by various apps / bill payment services operated by several authorized agents.

We wrote a letter to BPSS, RBI and copied to CEOs of NPCI and entities violating consent.

Cashless Consumer letter to members of BPSS, RBI copied to NPCI, PayTM, PayUMoney, Google Pay, HDFC Bank

NPCI, on its part, issued a circular which is to be complied by BBPS ecosystem of BBPSOUs and their agent partners from 1.1.2019.

NPCI Circular to BBPS Operating Units on need for customer consent

However, even after a year, we still find…


On Jan 22, PhonePe announced a feature which allows its users withdraw cash from nearby merchants by making paying the PhonePe merchant. Press release below.

This feature is extra-regulatory and does not have regulatory approval. Consumers are requested to use this at their own risk. RBI allows Cash at PoS online through debit cards through PoS machines with a limit of cash withdrawal upto ₹ 1000/- per day in Tier I and II centres and ₹ 2,000/- per day in Tier III to VI centres. PhonePe ATM press release doesn’t have any cap and lets users use UPI limits set by their respective banks.


Why Data First systems will eventually lead to loss of control.

I was watching the talk ‘Observability and control theory’ by Piyush Verma made at Rootconf Hyderabad. The talk is primarily targeted to developers / DevOps professionals working with reliability of large scale systems.

Software, by default, is opaque. To debug & control a running system, you need observation pre-built.

Video
Slides

Monitoring can only tell / alert about known failures. There will still be failures. Monitoring has evolved over a period through monitoring monolith servers, SOA, micro services, server less.

Software by default is opaque, debugging a running system…

Srikanth @logic

Pseudogeek #CashlessConsumer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store