Bhim app explainer: how to use it, the security features, the advantages and the problems

A step by step guide on using the Bhim application, along with a look at the security features and the advantages offered by the app and its shortcomings.


The Bharat Interface for Money (Bhim) app was launched on 30 December by Prime Minister Modi. The app is developed by the National Payment Corporation of India (NPCI) and uses Unified Payment Interface (UPI) for the transactions. The app is very simple to use, has a clean interface and incorporates multiple security features. Industry stakeholders have called the app a gamechanger when it comes to the ease of making cashless payments in India. The application faced extremely high server loads on launch day, leading to some problems because of the spike in traffic. The app is the top free app on the Google Play store, because of three million plus downloads since launch.


How to use Bhim

Step 1: Open the play store app and search for "Bhim", or click on the link. The developer of the application is the National Payments Corporation of India (NPCI), and the developer has no other listed applications. Install the application, it is a download that is less than 2 MB.

 Bhim app explainer: how to use it, the security features, the advantages and the problems

Step 2: The application automatically pairs with the device, and sends an sms for verification. Grant permissions to the app for accessing the sms on the phone. Set up the passcode for unlocking the application. There is a toggle to hide or view the passcode.

bhim-start-02

Step 3: Select a bank from the list. 31 banks are supported as of now, and there are plans to add more banks to the list. The phone number you are using has to be linked to the bank account, and mobile banking has to be enabled on the bank account. The application automatically retrieves the account information in a secure way, and it is a feature of UPI.

bhim-1

Step 4: Set up a payment address. The default address generated for you is your phone number @UPI. Tap on the add payment address in the Profile section to configure an additional payment address. There is a list of generated suggestions provided by the application, but users can feed in their own text strings. Multiple UPI addresses can be generated for a single user. Users can choose one of the UPI addresses as their primary UPI address.

bhim-qr-shrae-01

Step 5: The profile page also has the QR code automatically generated. This QR code can be saved to the file, shared directly through applications, or printed out. The feature is particularly useful for merchants. The scan and pay option to transfer money can be used by customers to scan the QR code and make payments. Every UPI address has its own unique QR code.

https://twitter.com/NPCI_BHIM/status/815928273834151937

Step 6: Transactions can also be conducted using a secure QR code, which is different from the QR code linked to the account. This QR code is meant for one time transactions. The amount has to be entered, along with details on what the money is for. This QR code can be sent over electronic means, or even printed. Anyone who scans the QR code, gets the money credited to his or her account.

bhim-ifsc

Step 7: For making transactions using IFSC, there is an interface available in the top right corner of the payment menu. Users have to fill in details such as beneficiary name, their account number and the IFSC code.

The security features

A team known as Lucideus Tech conducted a thorough security audit of the application. There are multiple levels of security features on the device. The application binds to the mobile number and the device id. At set up, the app binds to the device using a device id. After binding with the device, an sms is sent and verified by the application. Then, the application asks for a pin number, that has to be used every time the app is started, or when the screen gets locked.

The account details are retrieved directly from the bank, and the user does not need to feed these into the system. The retrieval of account information is a feature built into UPI. The information is transmitted in a masked manner over secure banking networks, and Bhim does not save or use the information. Users can set the UPI pin using any other banking app that supports UPI as well.

In case the phone is lost, the UPI pin prevents third parties from using Bhim to transfer funds, even if the device is not secured by a device pin or a fingerprint scanner. The binding and verification process is repeated if users get a new phone. The application can continued to be operated as usual if the user ports their number to another service provider.

Just a word of warning, there is a timeout period before the application expires when minimised. The application does not ask for a registration code if the screen is unlocked a few seconds after it has been locked.

The advantages

When it works, the setup is very simple and straightforward. The application is up and running in a matter of seconds. Payments are instantaneous. The account fetching feature in UPI is particularly convenient, as users do not have to feed in information when setting up a new account, or switching accounts. There are stories from many users who are conducting transactions without facing any problems.

https://twitter.com/ShareefTashreef/status/815944059617300481

There is no need for installing multiple applications from various banks, the single application conducts transactions through all the banks. Bhim offers an advantage over mobile wallets, as the money is not first loaded into the app before transactions. The transactions are conducted directly through the banks that support UPI. The Bhim app by the NPCI is better than any potential mobile wallet by the government.

https://twitter.com/siddarthpaim/status/815944350886752256

The transactions are instantaneous, when conducted over UPI. The interface is clean, uncluttered and without distractions. It is easy for new users to find their way around the application pretty easily.

https://twitter.com/haritashtamvada/status/815919894445182976

However, not everyone is having a great experience. Things can, and have gone wrong. The faults can lie with the app itself, the bank through which it fetches the account information, or local factors such as connectivity.

The Problems

When the application was launched, it was easy and smooth to set up. Verifying the number and pairing the device with the service happened instantaneously and rapidly. Now, new users signing up to the service are getting a screen that says device binding failed. After the device binding stage, there is the sms verification stage, which also fails at times. There are SMS charges associated with the verification, and the problem persists even after repeated attempts. It is a good idea to try device binding and phone number verification at odd hours, or to wait for a few days till the loads on the server reduces. We were able to set up the application by just repeatedly trying till it worked.

upi-verification-binding-failed

Device binding and mobile verification failing.

The device binding occurs only once when the app is started, and it is not needed to go through the procedure repeatedly. However, you have to bind the device if the application is uninstalled and re-installed. Some users are facing a binding issue, even after registering the number with the application. An update is coming soon to resolve this issue.

https://twitter.com/NPCI_BHIM/status/816069143866707968

A few features are tucked away in unlikely locations, and it is not immediately apparent how to navigate to these functionalities. For example, paying by IFSC is on the top right corner within the payment menu. It is the only option in a hamburger icon. The FAQs redirect you to a web page and is not included within the application itself. Saving the QR code to the device is referred to as
"Download," which can be a little misleading.

Some problems are specific to certain banks. IDBI bank requires a new MPIN to be generated every time the bank account is changed. Bank of Baroda users are facing errors when the application tries to fetch the details of the accounts. If there is an error generating the one time password, that is a problem with the infrastructure of the bank. Not all banks are supported at the moment, but more banks are being added. There are also intermittant issues with certain banks.

https://twitter.com/NPCI_BHIM/status/815926250904567808

There are problems where the transaction is not going through. The beneficiary has to have a bank account linked to a mobile number. Some users are facing problems making transactions even at odd hours. It is unknown at this point of time if the problem is because of server issues, or some other reason.

https://twitter.com/sri_adiga/status/816067975409041409

Bhim restricts single transactions to Rs 10,000, and has a 24 hour limit of Rs 20,000. This means that the app cannot be used to make high value transactions, or multiple transactions that exceed the daily limit of Rs 20,000. Users of the application have called for relaxation of the limits.

https://twitter.com/hirenamin/status/815847463395479552

The application is available only in Hindi and English now. Multi-lingual support is coming soon, according to the Bhim team. The app is not available on Windows Mobile, BlackBerry OS devices, iOS or feature phones. There is support for other operating systems coming soon, which means that a version of the application for Windows Mobile is expected. The CEO of Niti Aayog, Amitabh Kant has indicated that an iOS version of the application will be landing before January 10.

https://twitter.com/amitabhk87/status/815850322396520448

As of now, the application allows users to link to only one bank account at a time. The account can be changed at any time, but it would be convinient to have a list of commonly used accounts, that allows for quick swapping. Designating one of the bank accounts as the default account, can be implemented in a manner similar to the UPI interface, where one of several addresses can be designated as the default address.

There is a partial solution for users facing these problems. NUUP banking services can be availed on any phone, irrespective of operating system, by dialing *99# on the device. Note that the service is geared towards feature phones, but can be used on Windows Mobile or iOS devices in a pinch. The bank has to be selected through a multimodal code on smartphones. The NUUP is available in eleven Indian languages, although the functionality offered is a reduced version of the interface for Hindi and English. The NUUP service can also be buggy at times.

Every new application is bound to have some teething troubles. The Bhim team is quickly responding to all queries and problems through their twitter handle @NPCI_BHIM.


Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.