Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
saharshpruthi 4 hours ago

In India there is UPI (Unified Payment Interface), which works with all bank accounts, it's facilitated by the Government and it comes with i. QR Code (Used with strangers and at Merchants) ii. UPI ID iii.And links to phone number.

Anyone can pay to anyone instantly free of Charge. Only limit is it's limited to ~ $1000 payment. The QR code can also be dynamically created by POS terminals containing the total bill amount as well, so upon scanning the amount is auto populated in the payment app, you just have to enter the security pin.

And since it's a Govt. Project, its not limited to just one app, there are lots and lots of apps working on the same system. There is even a VISA/Mastercard credit alternative : RuPay that works within the system.

0x5FC3 4 hours ago | parent | next [-]

Its limited to about $1000 a day.

The QR is a URI with the ID, amount and maybe other stuff. It's a client-side implementation.

RuPay sure "works within the system" but is pretty much useless for international payments/subscriptions. Not really a VISA/MasterCard replacement.

bigfishrunning 3 hours ago | parent [-]

So people scan a QR code, and then enter a secure banking pin? this sounds like a security problem waiting to happen...

wiradikusuma 3 hours ago | parent [-]

The QR code doesn't open a link. It's just "gibberish" text only usable by app that can understand it (e.g. banking apps).

(I don't know anything about UPI, but in Indonesia we use a similar system)

porridgeraisin 3 hours ago | parent | next [-]

Its not gibberish text.

Its just a URI.

  upi://pay?pa=payeeID&pn=payeeName
You can add things like &am= to prefill the amount. Merchant txns have reference IDs and all that stuff.
bigfishrunning 2 minutes ago | parent [-]

And that's the problem -- all i have to do is come up with a website that looks enough like your banking app, and get you to scan the uri to that website, and that'll trick you into giving me your pin.

this is why QR codes, especially ones with complicated encoded uris, are a security problem. they're very hard for leypeople to audit before doing the wrong thing

Imustaskforhelp 3 hours ago | parent | prev [-]

I am Indian and I think what you are saying is correct. It opens up the banking app or in our case UPI providers app so like Google pay, Phonepe,paytm, Bhim UPI and other such apps.

Egor3f 3 hours ago | parent | prev [-]

In russia there is СБП (translated as FPS = "fast payment system") using the same mechanism, also free for individuals and relatively cheap for businesses