Serious Bug On Truecaller Pay Created UPI Accounts Without Consent; Company Rolls Back Update

Serious Bug On Truecaller Pay Created UPI Accounts Without Consent; Company Rolls Back Update

SUMMARY

Truecaller had registered users for UPI without consent

Android version 10.41.6 of Truecaller app automatically sends SMS from the SIM

Truecaller has now rolled back the update and is bringing a new update

In a surprising start to the day, a Truecaller user received an SMS from ICICI Bank saying that his application for UPI has been started. That’s without wanting to register for any such linking, and with no ICICI Bank account, all thanks to a Truecaller app update.

Taking it to Twitter, Dheeraj Kumar said that Truecaller had registered him for UPI without his consent. And he was not alone. Several other Truecaller users expressed a similar concern as they were registered for UPI on Truecaller without consent.

A tweet further said that the latest Android version 10.41.6 of Truecaller app automatically sends an SMS from the SIM used to register for a UPI bank account to Truecaller Pay without consent, the moment the latest version of the app was installed.

Kumar filed a complaint with the National Payments Corporation of India (NPCI). The NPCI team got in touch with Kumar and said that their tech team is investigating how this happened.

Later, Truecaller Pay head Sony Joy tweeted to Kumar saying, “It was an unfortunate incident of a technical bug going past our testing process. The build was rolled out within a couple of hours from when the concerns first started surfacing. Affected users are being deregistered from the service as we speak and will be completed by EOD.”

In a media statement, Truecaller said, “We have discovered a bug in the latest update of Truecaller that affected the payments feature, which automatically triggered a registration post updating to the version. This was a bug and we have discontinued this version of the app so no other users will be affected. We’re sorry about this version not passing our quality standards. We’ve taken quick steps to fix the issue, and already rolled out a fix in a new version. For the users already affected, the new version with the fix will be available shortly, however, in the meanwhile they can choose to manually deregister through the overflow menu in the app.”

In 2017, Truecaller Pay was launched in India in partnership with ICICI Bank. Truecaller Pay allows users to instantly create a UPI ID and transfer money to other UPI users or mobile number registered with the BHIM app. This March, the company was also reported to be planning a full spectrum of financial services with a focus on digital lending service.

In a statement, Dilip Asbe, MD and CEO of NPCI, said, “There was an issue in the App observed today. We have been updated that last night’s migration had resulted in a bug in the workflow. We understand that it has being fixed and till then user on-boarding has been stopped in this app. NPCI ensures to take action if found non compliant.”

Asbe further explained, “This is enrolling mistake by the app without customer consent. With this customer can’t do any UPI transaction. For onboarding to UPI, the customer has to still enter 2FA( issuer OTP and debit card), and set UPI pin. The workflow mistake is limited to enrolling which will not have any impact on any customer account whatsoever.”

In May, reports surfaced that the user database of Truecaller is being sold on internet forums on the dark web. The alleged leaked database included names, phone numbers and email addresses of some Truecaller users, which the poster claimed to have acquired through a data breach.

In May, India was reported as the second most cyber attacks affected country between 2016 to 2018. The average cost for a data breach in India has risen 7.9% since 2017, with the average cost per breached record mounting to INR 4,552 ($64). The Reserve Bank of India too recorded a total of 2,059 cases of cyber fraud in 2017-18 as compared to 1,372 cyber fraud cases in 2016-17.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
This Diwali, Get Up To 72% Off On Inc42 Plus

Become A Startup Insider With Inc42 Plus

Offer Fading Away This Week
countdownmail.com
2 YEAR PLAN
₹19999
₹6999
₹291/Month
UNLOCK 65% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹3999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Serious Bug On Truecaller Pay Created UPI Accounts Without Consent; Company Rolls Back Update-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Serious Bug On Truecaller Pay Created UPI Accounts Without Consent; Company Rolls Back Update-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Serious Bug On Truecaller Pay Created UPI Accounts Without Consent; Company Rolls Back Update-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Serious Bug On Truecaller Pay Created UPI Accounts Without Consent; Company Rolls Back Update-Inc42 Media
Serious Bug On Truecaller Pay Created UPI Accounts Without Consent; Company Rolls Back Update-Inc42 Media
You’re in Good company