BHIM UPI: NPCI says it won’t be responsible for loss or fraud, user fully takes the riskPosted: April 15, 2017
National Payments Corp of India (NPCI), which is set up as a Section 25 company under the Companies Act 1956 (now Section 8 of Companies Act 2013), and is seen promoting its Unified Payments Interface (UPI)- based Bharat Interface for Money application (BHIM) app, says it should not held responsible for any loss, claim or damage suffered by the user. What is more shocking are the terms and conditions (T&C) for the UPI BHIM app from NPCI, which are one sided and affords no protection whatsoever to the end user or consumer.
In its terms and conditions for use of the BHIM UPI app, the company, promoted by 10 banks, says, “NPCI does not hold out any warranty and makes no representation about the quality of the UPI services or BHIM application. The user agrees and acknowledges that NPCI shall not be liable and shall in no way be held responsible for any damages whatsoever whether such damages are direct, indirect, incidental or consequential and irrespective of whether any claim is based on loss of revenue, interruption of business, transaction carried out by the user, information provided or disclosed by issuer bank regarding user’s account(s) or any loss of any character or nature whatsoever and whether sustained by the User or by any other person. While NPCI shall endeavour to promptly execute and process the transactions as instructed to be made by the user, NPCI shall not be responsible for any interruptions, non-response or delay in responding due to any reason whatsoever, including due to failure of operational systems or any requirement of law.”
The T&C of NPCI are not easily available and one needs to search for it. But whatever is stated in the T&C documents, appears completely one-sided. Take for example point 6.2 in the T&C documents, which emphasises that only the user is responsible for any failed transaction or any loss and neither NPCI nor the bank can be held responsible. It says, “NPCI shall not be liable for any loss, claim or damage suffered by the User and/or any other third party arising out of or resulting from failure of any transaction initiated via BHIM App on account of time out transaction i.e. where no response is received from NPCI or the beneficiary bank to the transaction request. NPCI or the beneficiary Bank shall also not be liable for any loss, damage and/or claim arising out of or resulting from wrong beneficiary details, mobile number and/or account details being provided by the User.”
This means, even if NPCI or the bank fails to send the necessary response, it is the user who is liable for the loss. Therefore, NPCI, the developer and promoter of this UPI BHIM app, and banks on its platform, are under no obligation to send responses to these transactions within time. “NPCI shall not be responsible for any electronic or mechanical defect, data failure or corruption, viruses and bugs or related problems that may be attributable to User telecommunication equipment and/ or the Services provided by any Service Provider,” NPCI says.
Remember the Bank of Maharashtra case, where fraudsters siphoned off Rs25 crore from the lender, using a bug in its UPI app? For such kind of misuse, too, NPCI says the payer is responsible. It states, “The Payer is solely responsible for the accuracy and authenticity of the payment instructions issued via BHIM App. Once a payment instruction is issued, the same cannot be subsequently revoked by the Payer. NPCI accepts no liability for any consequences arising from erroneous information provided by Payer in payment instructions.”
Now, let us see what happened in the Bank of Maharashtra case (Read: UPI bug costs Bank of Maharashtra about Rs25 crore). P Hota, Managing Director and Chief Executive of NPCI, told the Economic Times that the Pune-based bank had procured an UPI solution from a vendor (reported to be city-based InfrasoftTech), which had a bug that resulted in the fund moving out of the accounts without the sender’s account having the necessary funds.
As per the procedure, when the UPI app receives such a request, it sends a query to the other party (customer) and, after obtaining acceptance, it checks fund availability in the UPI-linked bank account. However, the UPI app used by Bank of Maharashtra sent two messages to NPCI, one as ‘success’ and other as ‘error:insufficient funds’. In these fraudulent transactions, NPCI only read the first message and cleared the payment.
This is an interesting situation because the money was taken from accounts which did not have necessary funds. So, who will bear the loss? As per NPCI’s T&C, it cannot be the company or the bank, but the user. However, in this case, the user was not even aware about this fund transfer. In addition, NPCI is not under any obligation to keep a record of instructions, making the job of the investigation agencies difficult.
In its T&C documents, NPCI states that it has no liability or obligation to keep a record of the instructions to provide information to the user or for verifying the instructions. “All instructions, requests, directives, orders, directions, carried out by the User via BHIM App, are based upon the User’s decisions and are the sole responsibility of the User,” it says.
After making claims that over one crore users have downloaded the BHIM app from Google Play Store, the government is now trying to boost its actual use. The government has come out with a customer referral scheme, which promises to pay Rs10 per reference to the referrer and Rs25 for the new user for downloading and transacting from BHIM app. But this will happen only on completion of three unique transactions of Rs50 in total to any three unique customers or merchants.