1. Who is audited
The UPI app (TPAP), its sponsor PSP bank’s systems, and technology providers in the UPI stack.
2. Audit scope
- Mobile app and API security testing.
- Infrastructure and network security.
- Compliance with NPCI procedural guidelines and circulars.
- Secure handling of UPI data and credentials.
How CyberSigma helps
CERT-In empanelled, we perform UPI TPAP security audits — mobile, API and infrastructure — and issue the report NPCI and your PSP bank need.
This guide is educational and not legal advice. Requirements evolve — validate specifics against the current standard or regulation for your situation.
