Security with iMobile Pay

Transacting with iMobile Pay is completely safe and secure, ensured through a number of security measures. Every transaction on iMobile Pay follows the same stringent measures as internet banking. No sensitive information is stored on your mobile handset.


Some of the security measures are:

Different Channel Registration

The mobile number registration is carried out at the branch and ATM. In addition to this, the payee and biller registration on a customer's account is done via Internet Banking. This way the security of mobile channel is upheld by allowing registration activities through different channels that have their own authentication mechanisms.

Technical Security

Level 1: Registration process

The mobile banking services are provided only to the customers who have specifically opted for the same and registered as described above.

Level 2: Activation process

Customer has to activate the iMobile Pay client application using a second-factor authentication (2FA) mechanism. (Enter digits of Debit / Grid card number - these 3 digits are randomly generated at the time of activation). This ensures that only the rightful owner of the account who has the Debit card of ICICI Bank can activate iMobile Pay on his phone.


Please note: For Windows platform, users can activate by logging into iMobile Pay using their Internet Banking User ID/ password. In case you need your User ID/password, click here.

Level 3: User-generated PIN or User ID/ Password

Customer is also required to create a 4-digit numeric PIN of his choice to log in. This acts as a verification mechanism to enter the application. The application gets locked in case of three incorrect PIN entries.

Level 4: Storage encryption

All data that is stored on the phone/client is encrypted using strong encryption standards thereby making it secure.

Level 5: Communication encryption

The data exchanged between client (i.e. iMobile Pay) and server is encrypted using PKI. End-to-end 256 bit encryption fulfills the confidentiality, integrity and security requirements.

Additionally, all financial activity involving Fund Transfer are verified using the 2FA (Grid card/ Debit card number). Also, for every session between application and the server, a key is exchanged which expires when the session terminates.