The Unified Payments Interface, UPI, has revolutionized India's digital payment landscape, processing over 10 billion transactions monthly and accounting for 81% of all digital transactions. Despite its massive scale and critical role in banking infrastructure, there has been minimal security research on UPI's complex architecture and potential vulnerabilities.

The interconnected nature of UPI, allowing any banking app to access accounts across different banks, creates unique security challenges that could potentially expose millions of bank accounts to sophisticated attacks. Recent discoveries show that seemingly simple vulnerabilities in lesser-known UPI apps can be leveraged to compromise accounts across the entire banking system.

Given the irreversible nature of UPI transactions and growing dependence on the platform, it is crucial for security professionals to understand these emerging attack vectors and strengthen the ecosystem's defenses.

This session, led by Nemo, security researcher, will cover:

• UPI's architecture and security boundaries
• Analysis of critical vulnerabilities in mobile number verification
• Recommendations for improving security standards and vulnerability disclosure in banking apps