Unified Payments Interface (UPI)

Background: 

Reserve Bank of India has been relentlessly working in the direction of enabling a digital payments ecosystem in the country. In this direction, RBI under its guidance and with support from Indian Banks Association (IBA) enabled the formation of National Payments Corporation of India (NPCI) as an umbrella organization for all retail payments system in India with all leading bank as stakeholders/shareholders.  

NPCI was formed with the mandate to consolidate and integrate the disparate systems with varying service levels into nation-wide uniform and standard business process for all digital payment systems. The clear objective was to create a uniform and affordable payment system by leveraging technology and enable financial inclusiveness in the country. UPI was a culmination of a series of developments by NPCI over a period of 8 years since its inception in 2009. 

The first step taken by NPCI in this direction was the standardization, simplification, and implementation of National Finance Switch (NFS) for all the banks of the country. NFS set the common standard and enabled digital interoperability between all banks in the country. NFS is now the backbone which powers the largest domestic ATM network in the country. The next revolutionary step for NPCI was to enable Immediate Payment System (IMPS) riding the interoperable layer of NFS.  

Prior to IMPS the modes for digital transactions in banks were Real time Gross Settlement System (RTGS) and National Electronics Funds Transfer System (NEFT). RTGS and NEFT are unsuitable for small ticket digital retail payments due inherent limitations of these systems like high transaction limits, delayed settlement in batches and fixed operating time hours. Thus, NPCI introduced IMPS, a real time retail payment service with round the clock availability.  

IMPS is channel independent and can be accessed through mobile phone, internet, ATM and Unstructured Supplementary Service Data (USSD) on feature phones. IMPS provided a mobile based interoperable fund transfer service involving various stakeholders such as banks, merchants, and telecom service providers. IMPS works on immediate settlement where settlement takes place on at a granular transaction level with instant transaction confirmation to both the remitter and the beneficiary. IMPS transactions were enabled through mobile phones and can be considered the precursor to Unified Payment Interface (UPI), since UPI transactions are settled through IMPS. 

In India, mobile phone numbers are connected with bank accounts. Leveraging this connectivity Mobile Money Identifier (MMID) was provided to mobile users holding a bank account.  

MMID enabled the abstraction of the need to know the bank account details of the recipient to make a payment. With IMPS users could make Push payments using Phone Number and MMID or Account Number and IFSC code of the recipient or request a payment using Phone number and MMID of the recipient.  

IMPS transactions grew in value from Rs. 4.3 billion in 2014 to Rs. 1622 billion in 2016. IMPS transactions were being mainly used to transfer money using internet banking but were not successful for retail small ticket transactions primarily for two reasons:  

• The need to know the bank details or the MMID and Phone number of the recipient.  
• There was no common interoperable platform to connect both the payers and the payees. 

Fundamentals of Unified Payment Interface (UPI): 

NPCI developed Unified Payment Interface (UPI) as a common interface or a platform for all digital payment systems in India. NPCI is the owner, network operator, service provider, and coordinator of the UPI Network.  

Unified payment Interface (UPI) is a single interface across all payment systems developed by National Payment Corporation of India (NPCI). A platform that allows transfer of money between two bank account using a mobile number that has access to the Internet. Any customer who has a mobile number linked to a bank account and access to an ATM or debit card can use UPI. 

The Unified Payment Interface enables architecture and a set of standard Application Programming Interface (API) specifications to facilitate digital payments using a mobile phone. UPI leverages high penetration of mobile phones and growing adoption of smartphones, data, and internet to enable mobile based instant payment system in India. UPI allows users to send or request money instantly from their bank accounts using a mobile phone, making mobile phone a primary payment device for the masses. UPI uses IMPS as the switching mechanism to enable instant payments and settlement between different financial institutions. 

UPI was first introduced in 2016 with just 21 banks and had almost 0 transactions for straight 3 months and is now leading the chart globally. The mastermind behind this approach was Dr. Raghuram G Rajan (Governor of Reserve Bank of India). 

From April 2016 onwards, the graph has significantly changed, now people have become adaptive on making more and more cashless UPI payments. 

Role of PSP – PSP works with the bank to acquire new customers and facilitate payment. Their primary work is to offer front-end mobile applications to the customer and works closely with NPCI and banks. They also ensure the whole ecosystem of the transaction flow goes flawless. They cannot work by themselves as an individual body, so they are bound to work with NPCI. PSP entities can be: 

• Banks 
• Third-Party Applications 

VPA (Virtual Payment Address) – it is provided by PSP during registration. Looks like <name>@<psp> 

• <name> =customer’s choice or a unique name per PSP 
• <psp> = PSP handle provided by NPCI 
• Eg: learnpayment@hsbc 

With UPI everyone with a bank account in India can create their Virtual Payment Address (VPA or UPI ID) and start transacting using a mobile phone. This Virtual Payment Address for e.g., abc@xyzbank becomes a person’s unique payment identity and abstracts the need to share bank details while transacting. One PSP can tie-up with multiple banks for the issuance of the PSP handles. 

Example: GooglePay has tied up with 4 banks and their handles are as follows:  

• AXIS Bank – @okaxis  

• HDFC – @okhdfc  
• ICICI – @okicici 
• SBI – oksbi 

UPI considerably simplifies digital payments, instead of issuing cards to a large population which is costly and time-consuming. UPI enables mobile phone a primary device for authorizing and making payments. Also a mobile phone combined with a unique payment ID makes it a low cost payment acceptance device thus making digital payments universal, easy and low cost. 

Key Features of UPI: 

(1) UPI enables personal mobile to be used as a primary device for all payments including person to person, person to entity, and entity to person. Using UPI, users can seamlessly make or request payments with ease and security to/from friends, merchants or pay their bills etc. without the need to share banking credentials. User can consolidate multiple banking relationships using a single UPI App which makes for good user experience for users.  

(2) The payments can be initiated both by sender (payer) and receiver (payee). This enables a personal mobile to be used to “pay” someone (push) as well as “collect” from someone (pull).  

(3) UPI allows users to create their unique Virtual Payment Address thus enabling users to make payments only by providing a payment address without the need to provide sensitive details like bank account numbers or credentials on third party applications or websites. The payments can be done using multiple identifiers like Virtual Payment Address, Aadhaar Number or Account Number & Indian Financial System code (IFSC).  

(4) UPI provides a standard set of APIs to enable transactions on UPI platform, thus enabling a fully interoperable system across all banks, financial institutions, and payment systems without having silos and closed systems. These minimalistic and fully functional APIs allows innovations by payment service providers to build customized payment solutions for businesses and functionality rich mobile apps for consumers without having to change the core API structure.  

(5) UPI uses One-click 2-factor authentication for safe and secure payments using a personal mobile phone without the need for any separate acquiring devices or physical tokens. 

Improvements in UPI over Existing Payment Systems: 

(1) Pull Based Mobile transactions: Current digital payment systems including cards and online payments are push based transactions i.e., transactions are initiated by the customer. There is no mechanism for the merchant to initiate a payment request (pull) which the customer can approve and pay. UPI enables both real time push and pull transactions using a mobile phone. 

(2) Interoperable User Interfaces: UPI allows payments across interfaces i.e. payment can be requested on one interface and transaction can authorised on a different interface. For e.g. Merchant can request a payment from a website which user can authenticate and pay using a mobile phone.  

(3) Abstraction of Bank Details: There is no need to share any sensitive bank details like account number etc. to make a transaction. Users can create their unique virtual payment address which serves as their unique identity to make or receive payments. This makes for secure payments since user is not required to share any sensitive data on third party interfaces. 

(4) Safety with One Click-2 Factor Authentication: UPI enables transactions with single click—in which the customer just needs to enter MPIN on the mobile phone to make a transaction. This is unlike the existing payment systems where you have to enter card details, usernames, passwords, OTPs etc. on third party devices or websites to make a transaction. In UPI the user’s personal mobile phone acts as a single device to authorize and authenticate the payment.  

(5) Mobile first approach: UPI is designed to embrace the smartphone using population in India to enable low cost and universal digital payments. With UPI there is no need to create the consumer side hardware infrastructure (cards etc.) to enable digital payments. In India, almost every adult has a bank account and a mobile phone. UPI uses this ubiquitous relationship to enable universal digital payments in India.  

(6) Other mobile payment systems like e-wallets work in their own silos i.e., the payer and payee need to be on the same platform the transact. In UPI, only the payment address of the beneficiary is required, and amount is credited into the bank account. Also, to transact in e-wallets, users need to pre-load the money into the wallet accounts which means their money remains stuck in the wallet account till it is again redeemed back into the back accounts. While in UPI there is no need to preload any wallet, money is directly debited from the bank account of the payer and credited into the bank account of the payee. 

UPI Architecture: 

UPI works on a common layer, or a unified interface developed and hosted by NPCI. This common layer orchestrates transactions and ensures settlement across bank accounts using IMPS and Aadhaar Enabled Payment System (AEPS). Banks, financial institutions, and other entities that provide UPI services connect to the NPCI’s unified interface through standard APIs to enable transactions from Virtual Payment Address avoiding the need to share account details or credentials.  

In UPI solution, payment authentication and authorization are always done using personal phone. Since this layer offers a unified interface, any-to-any interoperable payments can be accomplished using standard set of APIs. All APIs are exposed as stateless service over HTTPS using XML input and output and all entities consuming UPI services must ensure idempotent behaviour for all APIs.  

These APIs are asynchronous in nature meaning once the request is sent, response is sent back separately via corresponding response API. This allows the response to API call to return to the caller immediately after queuing the request. All request-response correlation must be done via the transaction ID set by the originating point. Callers are expected to call the API with a unique transaction ID for which response is sent via a response API exposed by the caller.  This allows same APIs to be used for instant payment as well as delayed payments. This also allows APIs to scale without having to wait in a blocking mode. 

There is a set of standard APIs exposed to various participants of the UPI ecosystem key. A set of Financial and Non-Financial transactions can be done using these APIs. Apart from transactional APIs there are a set of Meta APIs to ensure that the entire system can function in an automated fashion. These Meta APIs allow PSPs to validate accounts during customer on boarding, validate addresses for sending and collecting money, provide phishing protection using white listing APIs, etc. below figure shows the high level architecture of UPI. Some of the key APIs to enable UPI transactions are:  

• Payment API: This is the primary APIs used for routing the transaction and is used to initiate Pay Request (Push Payment) and Collect Request (Pull Payment). The API contains remitter and beneficiary details. 
• Authorization & Address Translation APIs are used to obtain appropriate authorization details and translate the specific Virtual Payment Address to the common global addresses (Bank Account Number and IFSC Code, Aadhaar number). This allows users to simply provide such virtual (tokenized) address to others (individuals, entities, etc.) without having to reveal actual account details.  
• Keys List APIs: These APIs enable secure capture and communication of credentials to authenticate transactions by various entities in the UPI ecosystem. These APIs are used to request for and cache the account providers and other entities list of public keys. Trusted and certified NPCI libraries and utilities are used for credential capture and PKI (public key encryption) at capture time.