Privacy Breach in Bharat Bill Payment System

Srikanth @logic
Published in
2 min readOct 16, 2018


CashlessConsumer has complained to BPSS, RBI about the practices of BBPSOUs like PayTM, PayUMoney, Google Pay India, HDFC Bank on non-consensual retrieval of utility bill data.

Last month, Srinivas kodali reported PayTM auto fetching utility bill details without his consent.

Several users too replied with their own experiences of entities auto fetching utility bill payment data, some even after users having uninstalled the apps. Utility bill data is used in building credit scores / profiles of individuals / families. The non-consensual retrival of data is a breach of privacy of individuals. As this is common across payment applications, enabled by BBPS, the only licensed bill payment platform operated by NPCI as BBPS Central Unit, we sent a email complaint to all members of Board of Payments & Settlements of Reserve Bank of India which currently regulates payment entities in India. You can read the full letter below.

Complaint Letter to Members of Board of Payments & Settlements, RBI

Bharat Bill Payments System is designed to centralize bill payments data and there are significant privacy risks in centralizing the data. A careful review and redesign for the bill payment platform is needed to prevent more data harms caused to centralization of data, not just to individuals’ privacy, but also financial interest of billers, economic interest of the country. You can read more about BBPS and its objectives in the below link.

We expect RBI to act in a manner to protect the rights of individuals, uphold the right to privacy and prevent data harms caused by commercial entities and also prevent commercial exploitation of data centralization enabled by BBPS as it could compromise state’s economic interest.