Truecaller Signs Up Indian Users For UPI Without Their Consent, Company Says It Was A Bug

India’s digital payments space has been growing quite rapidly in the recent past, but it clearly isn’t growing fast enough for Truecaller — it’s gone ahead and spurred some growth that isn’t quite organic.

Several Indian Truecaller users have been surprised to find out they’ve been signed up for UPI without their knowledge. Users discovered that upon updating their Truecaller apps, an encrypted SMS had been sent to verify their phone number, and they’d then received an SMS from ICICI bank saying that the registration for their UPI accounts had started. “I woke up and checked my android phone, which auto-updated a few apps, including Truecaller. It automatically, immediately sent an encrypted SMS from my phone to an unknown number, following which ICICI Bank sent me a SMS,” wrote Dheeraj Kumar on Twitter. “Your registration for UPI app has started,” the SMS said. Kumar added that he didn’t even have an account with ICICI bank, but it was likely the bank that had partnered with Truecaller to launch its UPI service.

 

This wasn’t the only complaint on social media about the sign ups. “Dear Truecaller without my permission how can u register my bank for UPI. This is totally unauthorized step you did,” wrote Neelkamal Gilani.

Several other users also made similar complaints. “This is quite unacceptable and a serious breach of privacy policy,” said Raj Kapur.

Meanwhile, Truecaller has reacted to the social media complaints, and claimed that the behaviour of its app was the result of a bug. “We have discovered a bug in the latest update of Truecaller that affected the payments feature, which automatically triggered a registration post updating to the version. This was a bug and we have discontinued this version of the app so no other users will be affected,” a Truecaller spokesperson told TechCrunch. Truecaller has also been reportedly calling up the affected people, and said that it’s in the process of rolling back their registrations to UPI. We are in the process of deregistering all the affected users,”  said Sony Joy, head of Truecaller Pay. “We commit to it that it will be done by EOD. This is an unfortunate slip in our release process, it’s extremely rare that we miss a bug like this. We’re extremely sorry for the bad experience. We’ll make up for it,” he added.

Other financial companies have previously found themselves in hot water for being overly eager to sign up users, and registering them without their consent. Last year, Airtel Payments Bank had been penalized by the Reserve Bank for signing up users without their express consent, and opening bank accounts in their name without their knowledge. Paytm, too, has been accused of opening people’s accounts in its Payments Bank without their consent.

Truecaller’s misstep, though, will put even more focus on how foreign apps implement India’s UPI interface. WhatsApp had released its own UPI implementation more than a year ago, but it currently lies in limbo over concerns around where it would store its user data. Truecaller is based out of Sweden, and had launched its UPI interface two years ago. It’s still trying to grow its userbase though — only one in 10 of its Indian users were signed up for UPI as of February this year. But signing up users for its service without their knowledge isn’t the best look for the company, given how financial apps need a display a high degree of responsibility to be able to win over the trust of their customers. Truecaller has apologized for its “bug”, but in a market already crowded with UPI apps, the gaffe isn’t going to help its digital payment ambitions one bit.