UPI apps must get user consent for seeding or porting UPI numbers: NPCI
New Delhi, Mar 21, 2025
Latest guidelines emphasise the use mobile number revocation list (MNRL) and digital intelligence platform (DIP) by banks and PSPs
The National Payments Corporation of India (NPCI) recently released an addendum to its earlier circular NPCI/UPI/OC-115/2021-22, reinforcing guidelines for the implementation of Numeric UPI IDs. The directive - aimed at improving interoperability and user convenience in UPI-based transactions - mandates compliance by all UPI member banks, payment service providers (PSPs), and third-party application providers (TPAPs) before March 31, 2025.
The latest guidelines emphasise the use of the mobile number revocation list (MNRL) and digital intelligence platform (DIP) by banks and PSPs. These entities must update their databases weekly to ensure an accurate reflection of recycled or churned mobile numbers, reducing transaction errors associated with outdated user information.
Key highlights of the addendum:
Mandatory database updates: Banks and PSPs must use MNRL/DIP to update their records at least once a week, ensuring that recycled mobile numbers are correctly reflected in their systems.
User consent requirements: UPI applications must obtain explicit user consent for seeding or porting UPI Numbers. The default option should be "checked out," requiring users to manually opt-in. Consent collection must be transparent and free from misleading or forceful messaging.
Restrictions on consent timing: Users cannot be prompted to provide consent before or during a transaction. Additionally, communication regarding seeding or porting must not include misleading statements that could cause users to believe they will stop receiving payments unless they take action.
Fallback for NPCI mapper response delays: If NPCI’s mapper response time does not meet requirements, PSPs can resolve UPI numbers locally but must report such occurrences to NPCI monthly.
From April 1, 2025, PSPs and UPI apps must submit monthly reports to NPCI, covering key metrics such as the total number of UPI number seedings, active users on the mapper, total UPI-based transactions, locally resolved transactions, and deregistered UPI numbers. Additionally, raw transaction data must be shared with NPCI.
The updated directive underscores NPCI’s commitment to enhancing digital payment security and efficiency, ensuring seamless transaction experiences for UPI users. Stakeholders are urged to implement the necessary changes before the stipulated deadline to avoid compliance issues.
For further information, the official NPCI website can be accessed at www.npci.org.in.
[The Business Standard]
