- 1 What is BHIM App & what it features to Cashless citizens?
- 2 What we need to see is that BHIM reliable for unified cashless transactions or it is vulnerable?
- 3 Conclusion
What is BHIM App & what it features to Cashless citizens?
About BHIM App
BHIM app is the development of NPCI. As we are concerned with BHIM app security in this post. We would like to share that BHIM app security is in the safe hands of Lucideus Tech. The IT security company worked with SBI, ICICI and other top banking firms. PM Modi launched BHIM app 30 Dec 2016 on the venue of Digi Dhan Mela. The sole purpose of BHIM is to provide a unified cashless transaction. BHIM is working very well till now. BHIM app is convenient to use.
What BHIM apps can do?
You can get started with BHIM app using your mobile phone and debit card number. Once connected with BHIM app, it will generate a virtual code for you. The virtual code is like a username. It will be yournumber@upi for eg 9876543210@upi. Bhim generates a barcode which is usable for local merchants. BHIM offers quick and 24×7 send and request facility. The app allows you to store account information for the quick transaction. Under Banking section, you can check current balance in your account. Unlike Pockets by ICICI. BHIM works with any app using the common library.
What merchant use BHIM APP?
BHIM is for everyone. A local grocery shop owner to big web portal can use this app for a transaction. India’s most trusted payment gateway CCAvenue is using BHIM. Though, few top portals like Flipkart and Snapdeal use PhonePay and FreeCharge.
What we need to see is that BHIM reliable for unified cashless transactions or it is vulnerable?
BHIM app security is hosted by New-Delhi based Internet Security Company Lucideus Tech. The concerned man behind it is CEO Mr Satya Modi.
BHIM App Privacy Control
Though it uses your phone number, the question arise is how much bank detail it fetch. As per FAQ No.5/Other, we came to know that it uses a masking technique to fetch only necessary detail. BHIM can’t see all details like PIN information. It is to assure you that your sensitive credential will be private.
3 Step Authentication
BHIM app uses 3 step authentication.
The first step is when you install app it binds with device ID and mobile number.
In the second step, user sync with UPI and non-UPI bank.
The third step is when the user setup app and creates the PIN.
What would happen if your Phone gets stolen?
As BHIM app get access using your phone number and login PIN. Losing your SIM or Phone won’t give access to hacker or stealer. Check FAQ No.3/Other. But, “there is nothing known as 100% encryption” Satya stated. This application uses application sandboxing technique to store PIN. The 4 digit BHIM login pin stored somewhere in your device itself. The 6 digit transaction PIN get stored in UPI server.
Interruption during Transaction?
You’re paying someone and your client calls you. You hand your phone to a colleague. He closes the call, do he able to cancel the transaction? No. BHIM app security handles every interruption as interruption itself. After hanging the call, your phone will ask for login for 4 digit PIN. After it, you will able to carry on with a transaction.
BHIM App security with Root
Now what hit my brain is that why it ask for confirmation on the rooted phone? Now the question is that what happen when a hijacker app get installed in your rooted device? Does it expose my personal details? I leave this question for you to answer.
There is a fake jargon on the internet about its vulnerability to MYSQL injection. Don’t trust it. BHIM app security is not a joke. It has various authentication and security techniques. Even if your phone gets stolen, the thief will not able to get your account detail. Even on interruptions your BHIM app goes into lock down and ask for PIN. We have a minute of session time in BHIM app.
One thing you need to keep in your mind that download BHIM APK only from google play store. Don’t go with the fake website with the similar domain name. Many of them ranked higher by professionals but FAKE. Even if they host the original file. We disavow these sites.