How secure is FASTag?

The toll collection procedure on Indian highways is now more transparent, safe, and secure because of the usage of RFID technology in FASTag. A digital wallet with user account secured by password is linked to each FASTag. An owner of a car must also register using their mobile number at the time of tag purchase. Every time a toll sum is deducted from your FASTag wallet, you will receive an instant SMS alert on the registered mobile number.

The FASTag connects with the toll plaza reader using a specific frequency range (902-928 MHz). So it can't be readable by a normal RFID scanner as it use the frequency range (13.56 MHz). The FASTag system uses encryption and authentication methods, so even if the regular RFID reader runs in the same frequency band as the FASTag, it might not be able to read it. So a standard RFID reader cannot access account information or perform financial transactions, even if it manages to read the data on the FASTag.

Only Person to Merchant (P2M) transactions are supported by FASTag. The FASTag Network does not support Person to Person (P2P) transactions. This implies that money obtained through fraudulent transactions cannot be obtained by an individual within the FASTag system.

A unique plaza code is given to each Merchant (Toll & Parking Plazas) that is boarded by NPC in which only approved acquirer banks participating in the NETC FASTag ecosystem are on boarded. Each acquirer bank receives a unique Acquire ID (AID). At the NPCI end, the Bank Acquirer ID and Plaza code combination is mapped. Every merchant (Plaza) has their geolocation data saved at their respective acquirer banks and NPC. And payment transactions for particular toll plazas can only be started by licenced System Integrators (SI) acting on behalf of concessionaires. So all these put toghether makes FASTag completely safe and secure.