Digital payments platform PhonePe has rolled out a new biometric authentication feature for UPI transactions, allowing users to approve payments using fingerprint scans or facial recognition instead of entering a UPI PIN. The feature, currently available for Android users, supports transactions of up to ₹5,000 and is expected to be introduced on iOS devices soon.
According to the company, the new system is designed to enhance convenience and reduce transaction friction by enabling a faster “one-touch” payment experience. Users can apply biometric verification while sending money, scanning QR codes, making online purchases, or checking account balances. Payments above ₹5,000 will continue to require traditional PIN-based authentication, in line with existing regulatory requirements.
The introduction of biometric payments marks a significant step in the evolution of India’s digital payments ecosystem, which has increasingly prioritized speed, ease of use, and accessibility. PhonePe stated that the feature is expected to reduce transaction failures caused by incorrect PIN entries and improve payment security in public settings where PIN exposure remains a concern. In cases where biometric verification fails due to technical reasons such as sensor issues or lighting conditions, users retain the option to complete transactions using their UPI PIN.
While the rollout represents a technological advancement in payment authentication, it has also raised questions regarding data privacy and the handling of sensitive biometric information. Industry experts clarify that such biometric payment systems operate primarily through device-level authentication rather than centralized data storage. In practical terms, this means that users’ fingerprints or facial data are not stored by PhonePe or transmitted to its servers. Instead, biometric information remains securely stored within the smartphone’s encrypted hardware environment, commonly referred to as a secure enclave.
When a user initiates a biometric payment, the application only receives a confirmation response from the device’s operating system indicating whether authentication was successful. This architecture ensures that payment providers never access or retain raw biometric data, significantly reducing the risk of privacy breaches even in the event of a cyberattack on the platform.
Regulatory safeguards also play a role in addressing privacy concerns. India’s digital payments framework, governed by the Reserve Bank of India and the National Payments Corporation of India, mandates strong encryption, multi-factor authentication, and strict limits on biometric usage for low-value transactions. These measures aim to balance convenience with financial security while preventing misuse of personal data.
Despite these safeguards, experts note that risks may still arise from compromised devices, malware attacks, or unauthorized physical access to smartphones. Consequently, the overall security of biometric payment systems depends not only on platform safeguards but also on user practices such as maintaining device locks, updating software, and ensuring secure phone usage.
The rollout of biometric UPI payments reflects a broader shift toward seamless digital financial services, but its long-term adoption will likely depend on sustained trust, transparency, and continued adherence to privacy protections that keep biometric data under the exclusive control of users.
