The National Payments Corporation of India (NPCI) has issued new guidelines regarding the Numeric UPI ID system, requiring banks, Payment Service Providers (PSPs), and third-party app providers to comply with these rules by March 31, 2025. The primary goal of these changes is to enhance the security and reliability of UPI transactions while improving user experience.
One of the key updates is the implementation of the Mobile Number Revocation List/Digital Intelligence Platform (MNRL/DIP) by banks and PSP apps. This system ensures that databases are updated regularly—at least on a weekly basis—to reflect recycled or churned mobile numbers accurately. This step aims to prevent errors that occur when a user’s old mobile number is reassigned to someone else, leading to potential transaction failures or misdirected payments.
Another significant guideline is the requirement for explicit user consent when seeding or porting UPI Numbers. Unlike before, where users might have been automatically opted in, the new rule ensures that the opt-in box is unchecked by default. This means that users must manually approve any action related to their UPI Number. Additionally, UPI apps are prohibited from obtaining user consent before or during a transaction, preventing forced or misleading approvals.
To avoid confusion, NPCI has also emphasized that communication regarding the seeding or porting of UPI Numbers must be clear and unambiguous. For instance, if a user’s UPI Number is not properly seeded, they might unknowingly stop receiving payments. These new rules aim to prevent such scenarios.
In cases where NPCI’s system does not respond within the required timeframe, PSP apps will have the authority to resolve the issue locally. However, they must report such cases to NPCI on a monthly basis.
NPCI has advised all stakeholders to implement these changes before March 31, 2025, to ensure seamless UPI transactions and better security for users.
