Comment by porridgeraisin
7 hours ago
Its not gibberish text.
Its just a URI.
upi://pay?pa=payeeID&pn=payeeName
You can add things like &am= to prefill the amount. Merchant txns have reference IDs and all that stuff.
7 hours ago
Its not gibberish text.
Its just a URI.
upi://pay?pa=payeeID&pn=payeeName
You can add things like &am= to prefill the amount. Merchant txns have reference IDs and all that stuff.
And that's the problem -- all i have to do is come up with a website that looks enough like your banking app, and get you to scan the uri to that website, and that'll trick you into giving me your pin.
this is why QR codes, especially ones with complicated encoded uris, are a security problem. they're very hard for leypeople to audit before doing the wrong thing
> all i have to do is come up with a website that looks enough like your banking app, and get you to scan the uri to that website, and that'll trick you into giving me your pin.
It is not how any of this works. But sure, keep up the uninformed fear mongering.