The National Payments Corporation of India (NPCI) has issued a clarification in response to a viral video that claimed and demonstrated how kids are stealing money by scanning a FASTag on the pretext of wiping the windshield of a car. As per NPCI, the NETC FASTag ecosystem is not compromised and cannot be easily tampered with.
The video clip, widely shared on different social media platforms has amassed lakhs of views, shares and comments on multiple YouTube channels, Facebook and Twitter.
NETC FASTag operates only for person-to-merchant (P2M) transactions. No person-to-person (P2P) transactions are facilitated through NETC FASTag network.
“This means an individual cannot receive the money in NETC FASTag ecosystem from fraudulent transactions. Only authorised system integrators (SI) on behalf of concessionaires are allowed to participate for specific plazas and initiate payment transactions,” NPCI said.
NPCI further said that the infrastructure deployed between SI system/concessionaire and banks are secured by whitelisting only permitted IP addresses and URLs.
It said the hardware installed at the toll plaza data centre/server room is cryptographically secured through Hardware Security Module (HSM).
NPCI said that every merchant (toll and parking plazas) on-boarded by it is allotted a unique plaza code which is done only by authorised acquirer banks active on the NETC FASTag ecosystem.
“Every acquirer bank is provided with a unique acquire ID (AID). The combination of the plaza code and bank acquirer ID is mapped at the NPCI end. Geo-location of every merchant (plaza) has been stored at respective acquirer banks and NPCI,” it stated.
Thus, no transactions can be executed through open internet connectivity and no financial transactions can be initiated without the enlisted prerequisites, NPCI said.
The payments infrastructure provider said it has already taken action to respond to such videos and delist them from the social media platforms.
