Comment by saharshpruthi
6 hours ago
In India there is UPI (Unified Payment Interface), which works with all bank accounts, it's facilitated by the Government and it comes with i. QR Code (Used with strangers and at Merchants) ii. UPI ID iii.And links to phone number.
Anyone can pay to anyone instantly free of Charge. Only limit is it's limited to ~ $1000 payment. The QR code can also be dynamically created by POS terminals containing the total bill amount as well, so upon scanning the amount is auto populated in the payment app, you just have to enter the security pin.
And since it's a Govt. Project, its not limited to just one app, there are lots and lots of apps working on the same system. There is even a VISA/Mastercard credit alternative : RuPay that works within the system.
Its limited to about $1000 a day.
The QR is a URI with the ID, amount and maybe other stuff. It's a client-side implementation.
RuPay sure "works within the system" but is pretty much useless for international payments/subscriptions. Not really a VISA/MasterCard replacement.
So people scan a QR code, and then enter a secure banking pin? this sounds like a security problem waiting to happen...
The QR code doesn't open a link. It's just "gibberish" text only usable by app that can understand it (e.g. banking apps).
(I don't know anything about UPI, but in Indonesia we use a similar system)
3 replies →
It depends on the QR code:
1. Static QR codes displayed by the vendor have the problem you describe.
2. Dynamic QR codes are time limited, have the amount embedded in them along with the destination. These are the ones generated by websites or POS terminals for payment. Most people will only use these at a POS terminals, pay and move on.
Fraudulent websites have used static QR codes but I'm told one can dispute the transaction and the amount is usually reversed in a couple of days.
In russia there is СБП (translated as FPS = "fast payment system") using the same mechanism, also free for individuals and relatively cheap for businesses