FASTag money theft scam debunked by NPCI: Here’s why your FASTag money is safe


FASTag has changed the way India travels. However, a new video doing the rounds on the internet is creating doubts in the minds of FASTag users. In the video, a boy is seen cleaning the windshield of a car while swiping his smartwatch on the tag to steal money from the tag. A FASTag user asked the concerned authorities about this alleged scam on social media channels. National Payment Corporation of India (NPCI) has come forward with a fact-check terming the video as “baseless and false”.

To prevent further spread of this fake video, NPCI has taken a step to remove it from social media platforms. The Payment Authority has also issued a statement clarifying why such a scam cannot happen with FASTag.

The primary reason why such an incident does not happen is that a total of four different parties are involved in a FASTag payment. This includes NPCI, Acquirer Bank, Issuing Bank and Toll Plaza. It will not be possible for any one entity to deduct FASTag payment by any one of them. NPCI ensures that multiple layers of security are placed in between to protect the transactions.

Some of the assurances given by NPCI in a recent statement are as follows:

  1. NETC FASTag operates only for Person to Merchant (P2M) transactions. Person to person (P2P) transactions are not facilitated through NETC FASTag network. This means that one cannot receive funds in the NETC FASTag ecosystem through fraudulent transactions. Only authorized System Integrators (SIs) on behalf of the concessionaires are allowed to participate in the specified plazas and initiate payment transactions.

  2. The infrastructure deployed between the SI system / concessionaire and banks is secured by whitelisting only the allowed IP addresses and URLs. The hardware installed in the toll plaza data center/server room are cryptographically secure through Hardware Security Module (HSM).

  3. Further, the acquiring banks are linked to NPCI for interoperable NETC FASTag linked payments, for which the NPCI switch is linked with the acquirer and issuing banks through secure NPCHNet connectivity. IPs of banks are whitelisted at NPCI end and similarly, NPCI IPs are whitelisted at banks end to facilitate API connectivity between NPCI and banks.

  4. Every API call must pass through a secure firewall. Every time the bank connects to NPCI through API connectivity, the data is encrypted with a secure 256 SHA ECC algorithm and locked with a hexadecimal private key. Only the NPCI holding the relevant public key will be able to access the information by decryption.

FASTag was first used in the year 2015 and since then the ecosystem has been expanding manifold. In 2019, FASTag was made mandatory for national highway tolls. The electronic toll collection method uses RFID to process the payment.

NPCI debunks FASTag money theft scam: Here’s why your FASTag money is safe appeared first on BGR India.

Read full article here

Leave a Reply