ICICI Bank has introduced biometric authentication for UPI transactions on its iMobile app, enabling fingerprint and facial recognition for payments up to approximately USD 52.
The feature is available on Android version 30 and iOS version 28.2 of the iMobile app. Android users authenticate via fingerprint, while iOS users do so through facial recognition. For transactions exceeding the approximately USD 52 (INR 5.000) threshold, the existing UPI PIN remains required.
Security and usability at lower transaction values
Beyond convenience, the bank has positioned the feature as a security measure, citing the elimination of shoulder-surfing risk, the practice of observing a user's PIN entry in public spaces. Customers retain the option to use either PIN-based or biometric authentication, depending on their preference.
The supported transaction types include peer-to-peer transfers, QR code-based in-store payments, and online payments. Activation is handled directly within the iMobile app through the UPI settings menu, where users select the relevant account and enable biometric verification after confirming their existing UPI PIN.
In addition, the bank noted that the implementation is aligned with current regulatory guidelines, though no specific regulatory framework or authority was cited in the announcement.
Context and industry positioning
UPI, operated by the National Payments Corporation of India (NPCI), has become one of the world's highest-volume real-time payment systems, processing billions of transactions monthly. Device-level biometric verification, where authentication is handled by the phone's hardware rather than a centralised biometric database, has gained traction as a security model that avoids storing sensitive biometric data on external servers, reducing exposure in the event of a data breach.
With this in mind, ICICI Bank's move reflects a broader shift across India's retail banking sector towards layered authentication, where transaction value determines the level of verification required. Several large Indian banks have progressively introduced device-native security features within their UPI-enabled applications to reduce friction at lower transaction amounts while maintaining stronger controls at higher values.
The USD 52 (INR 5.000) threshold aligns with common UPI transaction segmentation practices, where simplified authentication is permitted for lower-value payments under applicable guidelines.
iMobile, ICICI Bank's primary mobile banking application, supports a range of retail banking, investment, and payment functions and serves as the bank's principal digital channel for UPI-based transactions.
