No more PINs? UPI to get face and fingerprint authentication for faster, safer online payments
The new feature, called on-device biometric authentication, leverages a smartphone’s built-in security features — such as fingerprint sensors and facial recognition — to validate transactions. Users can choose to activate this feature or continue using the traditional PIN-based system.
- Oct 11, 2025,
- Updated Oct 11, 2025 11:23 AM IST
India’s most popular payment system, UPI, is getting a major upgrade. Soon, users will be able to approve transactions using their fingerprint or facial recognition instead of manually entering a UPI PIN — making payments faster, easier, and more secure. The National Payments Corporation of India (NPCI) officially announced this new authentication option in a circular dated October 7, 2025.
The new feature, called on-device biometric authentication, leverages a smartphone’s built-in security features — such as fingerprint sensors and facial recognition — to validate transactions. Users can choose to activate this feature or continue using the traditional PIN-based system.
NPCI clarified that this move aims to “enhance customer experience” by introducing optional additional authentication methods, without replacing existing ones.
How it works
Under the new system, users will be able to authenticate UPI payments using their phone’s fingerprint or face unlock. The biometric data is verified directly on the device, not stored or transmitted externally.
Additionally, NPCI has also enabled Aadhaar-based face authentication for setting or resetting UPI PINs linked to Aadhaar accounts — adding another secure option for users managing their UPI credentials.
Initially, biometric transactions will be capped at ₹5,000, a limit that regulators plan to review as adoption grows.
Why it matters
Experts say this is one of the biggest steps toward frictionless digital payments in India. For millions of users — particularly the elderly and those with low digital literacy — eliminating the need to remember or enter PINs could be a game-changer.
Moreover, biometric traits are far more secure than traditional PINs. “PINs can be compromised, but biometric data like fingerprints or facial scans are nearly impossible to replicate,” explains cybersecurity expert Dheeraj Gupta, Managing Partner at Peritia Law Chambers. However, he also cautioned that the move raises privacy and data protection concerns, calling for “strong safeguards, accountability, and transparency” in implementation.
Security measures
NPCI has issued strict compliance instructions for UPI apps and banks:
Explicit consent must be taken before enabling biometrics, and users can opt out anytime.
Apps must restrict access on rooted or jailbroken devices and verify biometric enrollment status.
Banks must verify customer eligibility before enabling biometric authentication.
Biometric access is automatically disabled if a user resets their UPI PIN or remains inactive for 90 days.
To maintain data security, UPI apps are also required to perform key rotation every year.
This initiative follows the RBI’s decision to allow alternate authentication methods beyond traditional PINs. By merging convenience with advanced biometric security, India’s UPI ecosystem is stepping closer to its vision of a PIN-less, seamless, and secure digital payment future.
India’s most popular payment system, UPI, is getting a major upgrade. Soon, users will be able to approve transactions using their fingerprint or facial recognition instead of manually entering a UPI PIN — making payments faster, easier, and more secure. The National Payments Corporation of India (NPCI) officially announced this new authentication option in a circular dated October 7, 2025.
The new feature, called on-device biometric authentication, leverages a smartphone’s built-in security features — such as fingerprint sensors and facial recognition — to validate transactions. Users can choose to activate this feature or continue using the traditional PIN-based system.
NPCI clarified that this move aims to “enhance customer experience” by introducing optional additional authentication methods, without replacing existing ones.
How it works
Under the new system, users will be able to authenticate UPI payments using their phone’s fingerprint or face unlock. The biometric data is verified directly on the device, not stored or transmitted externally.
Additionally, NPCI has also enabled Aadhaar-based face authentication for setting or resetting UPI PINs linked to Aadhaar accounts — adding another secure option for users managing their UPI credentials.
Initially, biometric transactions will be capped at ₹5,000, a limit that regulators plan to review as adoption grows.
Why it matters
Experts say this is one of the biggest steps toward frictionless digital payments in India. For millions of users — particularly the elderly and those with low digital literacy — eliminating the need to remember or enter PINs could be a game-changer.
Moreover, biometric traits are far more secure than traditional PINs. “PINs can be compromised, but biometric data like fingerprints or facial scans are nearly impossible to replicate,” explains cybersecurity expert Dheeraj Gupta, Managing Partner at Peritia Law Chambers. However, he also cautioned that the move raises privacy and data protection concerns, calling for “strong safeguards, accountability, and transparency” in implementation.
Security measures
NPCI has issued strict compliance instructions for UPI apps and banks:
Explicit consent must be taken before enabling biometrics, and users can opt out anytime.
Apps must restrict access on rooted or jailbroken devices and verify biometric enrollment status.
Banks must verify customer eligibility before enabling biometric authentication.
Biometric access is automatically disabled if a user resets their UPI PIN or remains inactive for 90 days.
To maintain data security, UPI apps are also required to perform key rotation every year.
This initiative follows the RBI’s decision to allow alternate authentication methods beyond traditional PINs. By merging convenience with advanced biometric security, India’s UPI ecosystem is stepping closer to its vision of a PIN-less, seamless, and secure digital payment future.