Some BHIM app users have reported that they have received spam requests from unknown users, asking them to send money using the new app. Taking note of the issue, the National Payments Corporation of India (NPCI) has advised BHIM app users to decline such spam payment requests and promised a fix.
Users pls beware: Decline all unknown payment requests you may get! We will work on an update, which will allow you to report spam. https://t.co/DsiVtGO2Y7— BHIM (@NPCI_BHIM) January 4, 2017
The BHIM app allows anyone to request money from any user of the app by typing in their Virtual Payment Address (VPA). For example, you can type in any name - say Karan - or phone number, say 9999999999, and request money (along with the amount), and the person with this VPA will get a request for the payment to be made. To send the money, the payee needs to enter their PIN. After this, the amount is deducted from the payee’s account.
(Also see: All You Need to Know About the BHIM App)
This means that any random user can receive a request for money, and some vulnerable users may end up accepting the spam BHIM request and transfer the money. If the request is accepted, the name of the recipient is shown.
Kaushik Bhat, a Bengaluru resident who received one such spam BHIM request, suggested on Twitter that NPCI should add an option stop block unknown VPAs from sending such requests. Quoting his tweet, the NPCI promised an update fixing this problem.
The BHIM app received an update on Thursday evening, but the release notes only said that it brings “bug fixes,” without elaborating on which bugs it fixes. This issue of spam BHIM request, however, still persists.