NPCI mandates customer consent for capturing customer location/ geographical details on Unified Payment Interface (UPI) Apps; UPI members required to comply by 1st December, 2022

The National Payments Corporation of India (“NPCI”) has notified Guidelines on capturing customer location on Unified Payment Interface (“UPI”) Apps by all UPI members.

Compliance Obligations:

1. UPI Apps may capture location / geographical details only with consent of customers / individuals. Capturing of such geographical details may not be mandated and the option for enabling/ revoking the consent has to be mandatorily provided for the App to the customer;

2. In the event a customer intends to revoke the consent given earlier, the same should be permitted without denying UPI services to the customer. Apps should continue to provide UPI services even after the customer has revoked the consent for sharing location / geographical details for the App;

3. For all cases where the customer has given consent to capture location / geographical details to the App, the same should be correctly passed on to UPI. Sharing of incorrect co-ordinates will attract strict penalties from the NPCI;

4. If the customer does not give consent / does not intend to share the location/ geographical details to UPI Apps, then the app should not deny / disable the UPI services;

Please note, the above-mentioned guidelines are applicable where the customer (payer) is a person/ individual who is initializing transactions and will be applicable to domestic UPI transactions only.

All UPI members are required to comply with the above-mentioned Guidelines by 1st December, 2022.

Background:

Unified Payments Interface (UPI) provides a set of standard APIs to facilitate real-time online payments predominately for both person to person (P2P) and person to merchant (P2M). The relevant field which the members are required to pass/ populate based on the nature of the transactions is prescribed as part of the standard API message specifications.

From time to time, NPCI has issued guidelines defining the message specifications and intended purpose of these tags in the APIs. All the members participating in UPI are required to strictly follow the usage of these guidelines as defined in the technical specification document and other relevant product documents released by NPCI.

In the API framework, geo-tagging (location/ geocode) information of the payment is captured while initiating a transaction. As mentioned in the NPCI guidelines, location details along with other relevant customer data needs to be captured within the app provider’s system in an encrypted format. In extension to the stated guidelines, since geo-tagging involves customer centric information and such data points are used as per the defined norms and regulations, the present guidelines are issued.

Source: National Payments Corporation of India