Really, SBI YONO is safe to use?

Excited Let's share !

In the shortest possible answer is Yes, it is safe to use. I would also like to add some of the claims that SBI states “This includes complying to SSL/TLS1.2 standards and strict internal data encryption mechanisms.

Still confused it’s just the starting, we will dig down deep into this. Interested read ahead then. First and foremost is that not a single technology or software exists that is not vulnerable.

Overall many factors contribute to security. Like using patterns, biometric scans, pins and also tightly industry-standard secured passwords.

yono security

Still Reading, would you like to read some more about SBI convinced right? alright if not follow the whole article.

Why YONO is safe even if it isn’t ?

SBI is one of the largest banks in the world that comes under 50 list by total asset size (2020 report).

This takes us to the next chapter where we discuss why it is a safe option to chose. As you know that every popular thing is the favourite spot for hackers to target.

SBI has around 44.89 crore customers. So SBI has a lot more concern than any user to protect its customer details.

Also as noticed when writing this blog, and almost consistency of 2 updates are served but still, user’s reactions are average and maintaining a 4 star overall.

That rating may vary and can be due to unsupported devices or due to a lot of crashes and bugs but still considering security first.

What are the differentiating security features ?

It’s not possible to ignore that SBI is the best bank among the government banks in India. And that too because of the features that make it best.

Like one of the features from that is cardless cash withdrawal from ATM’s. Here is a short demo video by SBI.

SBI channel showing “how to use yono cash”.

This is an incredibly clear implementation by SBI to remove any card usage in ATM’s to avoid skimming. So isn’t it a major security feature added by SBI?

Now, coming back to the app’s security levels:-

  • MPIN Login
  • Profile Password
  • Transaction Password

No need of 3rd party UPI Apps


SBI has this very good feature of BHIM UPI, moreover, SBI’s UPI has a much better presence than any other banking app. So if that’s a concern for you to link any 3rd party app with your bank then for SBI’s own @sbi UPI id.

Use of MPIN to Login


Yes, this may not be a clearcut secured level but it’s mainly used in checking account balance and logging into the App fast.

Also, this level restricts customers only to view non-essential information such as account number, balance, statements, credit cards(without details), name, DOB, phone no, Aadhaar(encrypted form) etc.

Use of Profile Password

sbi yono transaction password

The profile section is a bit restricted and can be unlocked only using a profile password. This password can include at least one alphabet, digit, Uppercase, lowercase, a special character with at least 8 characters.

But as an example, this level unlocks sections like ATM/Debit Card, changing/removing MPIN etc. So some of the features or a non-transactional function would require this password.

Lastly, what’s the use of Transaction Password

sbi transaction password

In the case of a Transactional password, it is only used in the case of confirming payment. For example, if a person enters into transferring funds he/she needs to enter a profile password, enter the amount and then a request will process at that time the transactional password will be asked along with an OTP.

Biometric authentication

sbi yono biometric lock

SBI Yono also provides the facility to enable a biometric authentication system to higher a customer’s own security that option can be enabled from the settings.

Transaction Rights

sbi yono transaction rights

There is a very good option also inside yono which is called manage transaction rights which mainly focuses on users who can select

  • Full Transaction Rights
  • Limited Transaction Rights
  • View Only Rights

So using the 3 options you can further secure your account by restricting its features accordingly.

OTP Magic

Bank OTP

OTP in full form is called a one-time password and as the word defines itself that it is a unique and one time generated password that is sent to the customer’s registered phone number to verify the customer in realtime so even if a customer’s account is stolen it would be next to impossible for the attacker to exploit the account if an OTP is not there with the attacker.

Consistent Updates


However, it is common among all the other banks, that it would not allow a user to log in until the app gets updated to the latest version. And the same thing is applied on yono too to secure its users.

That’s not all but consistently providing updates will further provide better security to the customers.

Upto what level it is secure ?

According to Sevenbank, a bank must pass some of the minimal essential qualities of security measures to be called a secured bank.

Some qualities like prevention of –

  • Unauthorized access
  • Phishing scams
  • 3rd party spoofing
  • Spywares
  • Logon details
  • Unauthorized use etc.

And State bank and its app yono bear such security measures to secure its customer’s data. And also can be said the safest among the public sector banks at least for now.

Such bank with the highest CASA rate has still some loopholes and needs to be fixed as customer increases. But as of now, the question arises up to which level it’s secure.

Now to answer the above question, I would like to remind you of all the security measures the bank takes. But in this case, the customer’s responsibility is also required.

Because we often hear such cases of fraud and money laundering cases and 90% of cases happen due to customer’s inability to manage their own accounts.

How ? when a customer shares their OTP, PIN, Password or any sensitive details to a stranger who can access the accounts without bypassing any security protocols.

The number of bank fraud cases across India from the financial year 2009 to 2021 (Credit: Statista)

I serious note from BanksForYou is that never share your OTP, PIN, CVV or any sensitive data to your friends, family or to any kind of stranger who claims to be from the bank itself.

YONO Permissions

SBI YONO app permissions

Yono asks for some important permissions like location, phone, SMS etc. But you can customize the permissions as you like maybe you can deny some and allow the rest or you can even allow all or in some latest mobile OS there is an option to use these permissions while the app is on.

However, a bank would never sell or spy on your smartphone as this goes against privacy policy and would also ruin the company’s reputation and trust.

Also, many users posts their details in the comment post please avoid revealing details about your account and instead try to ask the question only.

Ok if almost everything is covered let’s start a quick FAQ then-


No, currently Yono is free for all SBI customers and solely available for SBI online customers. Also to note that the minimum balance, charges are the same as SBI charges and the limitations too.

Both applications are approved and tested well but in terms of 3rd party interference, Google Pay works on UPI and UPI is provided by banks only so SBI YONO is safer as the bank itself provides UPI itself.

No that's not true, as every bank faces data breaches some faces large and some fewer data breaches and the bank is liable itself for any damages, but due to the recent Indian govt. policies only up to a certain amount will be paid.

Moreover, there are no security breaches that are made from mobile applications but hackers target databases of the banks.

Excited Let's share !

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.