In yet another case of mishandling users data by a fintech firm in India has come into light with Truecaller creating UPI IDs without their consent.
In the latest update version (10.41.6) of the caller id app Truecaller, hundreds of users from India became victims of the bug in which they were registered to its payment service without any prior knowledge and automatically registered for the process of creating a UPI ID.
Calling it a breach of the privacy policy, one of the twitter users, @Codepodu further elucidated about the bug and told that the app quietly sent an encrypted SMS to the bank to verify their account which is part of the procedure to sign up to the payment service.
After facing flak from the users on Twitter, Truecaller fixed the bug in the new version. Detailing the measures taken to deal with the issue, its Indian head Sony Joy mentioned that a bug had triggered the compromise.
The company claimed to have fixed the bug and deregistered every user who was heedlessly added to Truecaller Pay.
The company has been emphasizing that an API that was supposed to be triggered for existing Truecaller Pay, unfortunately, got triggered for non-Truecaller Pay users.
Twitteratis have been debunking such claim by Truecaller, and asking for an investigation by the regulators. Some users are of the view that if the Reserve Bank of India (RBI) can put penalty, and ban on Airtel and Paytm Payments Bank for onboarding customers without their consent, it should penalise Truecaller too.
National Payments Corporation Of India (NPCI) has assured users to take action against the app if found non- compliant.
This is not the first time Trucaller is facing a backlash over privacy breach in India. The Sequoia Capital-backed firm in May was allegedly selling Indian users data for mere Rs 1.5 lakh (2000 Euros) on the dark web.