Reserve Bank of India has been relentlessly working in the direction of enabling a digital payments ecosystem in the country. In this direction, RBI under its guidance and with support from Indian Banks Association (IBA) enabled the formation of National Payments Corporation of India (NPCI) as an umbrella organization for all retail payments system in India with all leading bank as stakeholders/shareholders.
NPCI was formed with the mandate to consolidate and integrate the disparate systems with varying service levels into nation-wide uniform and standard business process for all digital payment systems. The clear objective was to create a uniform and affordable payment system by leveraging technology and enable financial inclusiveness in the country. UPI was a culmination of a series of developments by NPCI over a period of 8 years since its inception in 2009.
The first step taken by NPCI in this direction was the standardization, simplification, and implementation of National Finance Switch (NFS) for all the banks of the country. NFS set the common standard and enabled digital interoperability between all banks in the country. NFS is now the backbone which powers the largest domestic ATM network in the country. The next revolutionary step for NPCI was to enable Immediate Payment System (IMPS) riding the interoperable layer of NFS.
Prior to IMPS the modes for digital transactions in banks were Real time Gross Settlement System (RTGS) and National Electronics Funds Transfer System (NEFT). RTGS and NEFT are unsuitable for small ticket digital retail payments due inherent limitations of these systems like high transaction limits, delayed settlement in batches and fixed operating time hours. Thus, NPCI introduced IMPS, a real time retail payment service with round the clock availability.
IMPS is channel independent and can be accessed through mobile phone, internet, ATM and Unstructured Supplementary Service Data (USSD) on feature phones. IMPS provided a mobile based interoperable fund transfer service involving various stakeholders such as banks, merchants, and telecom service providers. IMPS works on immediate settlement where settlement takes place on at a granular transaction level with instant transaction confirmation to both the remitter and the beneficiary. IMPS transactions were enabled through mobile phones and can be considered the precursor to Unified Payment Interface (UPI), since UPI transactions are settled through IMPS.
In India, mobile phone numbers are connected with bank accounts. Leveraging this connectivity Mobile Money Identifier (MMID) was provided to mobile users holding a bank account.
MMID enabled the abstraction of the need to know the bank account details of the recipient to make a payment. With IMPS users could make Push payments using Phone Number and MMID or Account Number and IFSC code of the recipient or request a payment using Phone number and MMID of the recipient.
IMPS transactions grew in value from Rs. 4.3 billion in 2014 to Rs. 1622 billion in 2016. IMPS transactions were being mainly used to transfer money using internet banking but were not successful for retail small ticket transactions primarily for two reasons:
- The need to know the bank details or the MMID and Phone number of the recipient.
- There was no common interoperable platform to connect both the payers and the payees.
Fundamentals of Unified Payment Interface (UPI):
NPCI developed Unified Payment Interface (UPI) as a common interface or a platform for all digital payment systems in India. NPCI is the owner, network operator, service provider, and coordinator of the UPI Network.
Unified payment Interface (UPI) is a single interface across all payment systems developed by National Payment Corporation of India (NPCI). A platform that allows transfer of money between two bank account using a mobile number that has access to the Internet. Any customer who has a mobile number linked to a bank account and access to an ATM or debit card can use UPI.
The Unified Payment Interface enables architecture and a set of standard Application Programming Interface (API) specifications to facilitate digital payments using a mobile phone. UPI leverages high penetration of mobile phones and growing adoption of smartphones, data, and internet to enable mobile based instant payment system in India. UPI allows users to send or request money instantly from their bank accounts using a mobile phone, making mobile phone a primary payment device for the masses. UPI uses IMPS as the switching mechanism to enable instant payments and settlement between different financial institutions.
UPI was first introduced in 2016 with just 21 banks and had almost 0 transactions for straight 3 months and is now leading the chart globally. The mastermind behind this approach was Dr. Raghuram G Rajan (Governor of Reserve Bank of India).
From April 2016 onwards, the graph has significantly changed, now people have become adaptive on making more and more cashless UPI payments.
Role of PSP – PSP works with the bank to acquire new customers and facilitate payment. Their primary work is to offer front-end mobile applications to the customer and works closely with NPCI and banks. They also ensure the whole ecosystem of the transaction flow goes flawless. They cannot work by themselves as an individual body, so they are bound to work with NPCI. PSP entities can be:
- Third-Party Applications
VPA (Virtual Payment Address) – it is provided by PSP during registration. Looks like <name>@<psp>
- <name> =customer’s choice or a unique name per PSP
- <psp> = PSP handle provided by NPCI
- Eg: learnpayment@hsbc
With UPI everyone with a bank account in India can create their Virtual Payment Address (VPA or UPI ID) and start transacting using a mobile phone. This Virtual Payment Address for e.g., abc@xyzbank becomes a person’s unique payment identity and abstracts the need to share bank details while transacting. One PSP can tie-up with multiple banks for the issuance of the PSP handles.
Example: GooglePay has tied up with 4 banks and their handles are as follows:
- AXIS Bank – @okaxis
- HDFC – @okhdfc
- ICICI – @okicici
- SBI – oksbi
UPI considerably simplifies digital payments, instead of issuing cards to a large population which is costly and time-consuming. UPI enables mobile phone a primary device for authorizing and making payments. Also a mobile phone combined with a unique payment ID makes it a low cost payment acceptance device thus making digital payments universal, easy and low cost.
Key Features of UPI:
(1) UPI enables personal mobile to be used as a primary device for all payments including person to person, person to entity, and entity to person. Using UPI, users can seamlessly make or request payments with ease and security to/from friends, merchants or pay their bills etc. without the need to share banking credentials. User can consolidate multiple banking relationships using a single UPI App which makes for good user experience for users.
(2) The payments can be initiated both by sender (payer) and receiver (payee). This enables a personal mobile to be used to “pay” someone (push) as well as “collect” from someone (pull).
(3) UPI allows users to create their unique Virtual Payment Address thus enabling users to make payments only by providing a payment address without the need to provide sensitive details like bank account numbers or credentials on third party applications or websites. The payments can be done using multiple identifiers like Virtual Payment Address, Aadhaar Number or Account Number & Indian Financial System code (IFSC).
(4) UPI provides a standard set of APIs to enable transactions on UPI platform, thus enabling a fully interoperable system across all banks, financial institutions, and payment systems without having silos and closed systems. These minimalistic and fully functional APIs allows innovations by payment service providers to build customized payment solutions for businesses and functionality rich mobile apps for consumers without having to change the core API structure.
(5) UPI uses One-click 2-factor authentication for safe and secure payments using a personal mobile phone without the need for any separate acquiring devices or physical tokens.
Improvements in UPI over Existing Payment Systems:
(1) Pull Based Mobile transactions: Current digital payment systems including cards and online payments are push based transactions i.e., transactions are initiated by the customer. There is no mechanism for the merchant to initiate a payment request (pull) which the customer can approve and pay. UPI enables both real time push and pull transactions using a mobile phone.
(2) Interoperable User Interfaces: UPI allows payments across interfaces i.e. payment can be requested on one interface and transaction can authorised on a different interface. For e.g. Merchant can request a payment from a website which user can authenticate and pay using a mobile phone.
(3) Abstraction of Bank Details: There is no need to share any sensitive bank details like account number etc. to make a transaction. Users can create their unique virtual payment address which serves as their unique identity to make or receive payments. This makes for secure payments since user is not required to share any sensitive data on third party interfaces.
(4) Safety with One Click-2 Factor Authentication: UPI enables transactions with single click—in which the customer just needs to enter MPIN on the mobile phone to make a transaction. This is unlike the existing payment systems where you have to enter card details, usernames, passwords, OTPs etc. on third party devices or websites to make a transaction. In UPI the user’s personal mobile phone acts as a single device to authorize and authenticate the payment.
(5) Mobile first approach: UPI is designed to embrace the smartphone using population in India to enable low cost and universal digital payments. With UPI there is no need to create the consumer side hardware infrastructure (cards etc.) to enable digital payments. In India, almost every adult has a bank account and a mobile phone. UPI uses this ubiquitous relationship to enable universal digital payments in India.
(6) Other mobile payment systems like e-wallets work in their own silos i.e., the payer and payee need to be on the same platform the transact. In UPI, only the payment address of the beneficiary is required, and amount is credited into the bank account. Also, to transact in e-wallets, users need to pre-load the money into the wallet accounts which means their money remains stuck in the wallet account till it is again redeemed back into the back accounts. While in UPI there is no need to preload any wallet, money is directly debited from the bank account of the payer and credited into the bank account of the payee.
UPI works on a common layer, or a unified interface developed and hosted by NPCI. This common layer orchestrates transactions and ensures settlement across bank accounts using IMPS and Aadhaar Enabled Payment System (AEPS). Banks, financial institutions, and other entities that provide UPI services connect to the NPCI’s unified interface through standard APIs to enable transactions from Virtual Payment Address avoiding the need to share account details or credentials.
In UPI solution, payment authentication and authorization are always done using personal phone. Since this layer offers a unified interface, any-to-any interoperable payments can be accomplished using standard set of APIs. All APIs are exposed as stateless service over HTTPS using XML input and output and all entities consuming UPI services must ensure idempotent behaviour for all APIs.
These APIs are asynchronous in nature meaning once the request is sent, response is sent back separately via corresponding response API. This allows the response to API call to return to the caller immediately after queuing the request. All request-response correlation must be done via the transaction ID set by the originating point. Callers are expected to call the API with a unique transaction ID for which response is sent via a response API exposed by the caller. This allows same APIs to be used for instant payment as well as delayed payments. This also allows APIs to scale without having to wait in a blocking mode.
There is a set of standard APIs exposed to various participants of the UPI ecosystem key. A set of Financial and Non-Financial transactions can be done using these APIs. Apart from transactional APIs there are a set of Meta APIs to ensure that the entire system can function in an automated fashion. These Meta APIs allow PSPs to validate accounts during customer on boarding, validate addresses for sending and collecting money, provide phishing protection using white listing APIs, etc. below figure shows the high level architecture of UPI. Some of the key APIs to enable UPI transactions are:
- Payment API: This is the primary APIs used for routing the transaction and is used to initiate Pay Request (Push Payment) and Collect Request (Pull Payment). The API contains remitter and beneficiary details.
- Authorization & Address Translation APIs are used to obtain appropriate authorization details and translate the specific Virtual Payment Address to the common global addresses (Bank Account Number and IFSC Code, Aadhaar number). This allows users to simply provide such virtual (tokenized) address to others (individuals, entities, etc.) without having to reveal actual account details.
- Keys List APIs: These APIs enable secure capture and communication of credentials to authenticate transactions by various entities in the UPI ecosystem. These APIs are used to request for and cache the account providers and other entities list of public keys. Trusted and certified NPCI libraries and utilities are used for credential capture and PKI (public key encryption) at capture time.
Responsibilities of the Involved Parties:
(1) Payer PSP (The person who is initiating the payment)
- Customer onboarding
- To create a UPI ID
- Create device binding (first-factor authentication)
(2) Payee PSP (The person who receives the payment)
- On-board customer/merchant
- facilitate money transfer/payment to the recipient using UPI.
(3) Remitter Bank (Involvement of Payer’s Bank and attached account)
- Hold & Debit Bank account for the transaction.
- Store and verify UPI PIN
(4) Beneficiary Bank (Involvement of receiver’s bank account)
- Process incoming credits and funds into the beneficiary account
UPI Customer Registration Process
UPI offers 2 varieties of transactions i.e., P2P and P2M ~ Peer-to-Peer and Peer-to-Merchant. For every real-time transaction, certain parties are involved and that’s why it’s also referred to as the 4 Party Model.
- STEP- I: Download the PSP (Payment Service Provider) app (GooglePay, PhonePay, etc.)
* Importantly the PSP App has an embedded “SDK provided by NPCI”. SDK is a library which securely captures encrypts the PIN, OTP or any Biometrics and sends it to NPCI.
- STEP – II: Customer Registration: For Hard Binding or Device Finger Printing Process (acts as a First-Factor authentication in UPI) Download the PSP app and send an SMS for mobile number verification and ensure that you’re performing this action with the same mobile number that is registered with the bank.
- STEP – III: Add Bank Account details:
- Download the PSP app and select your preferred bank.
- Now the request will be sent to the PSP server, and it will forward the same request to the NPCI (of the same mobile number)
- Now NPCI UPI server will forward the request to the Issuer Bank
- Bank will retrieve the account details to verify whether the number is linked to that person or not.
- Now, the UPI will pass the same info to the PSP server.
*PSP stores the IFSC and Account Number of the customer to the mobile apps (including device information)
- Now, the customer will get all the linked bank accounts of his/her triggered SMS number and from there he/she can choose the preference.
- PSP will now create the VPA to proceed ahead.
- STEP – IV: Generate UPI PIN:
- From your Mobile application, select the option to Generate a PIN
- Now, the PSP server will request an OTP of that bank account to NPCI.
- NPCI will forward the same request to the Issuer Bank
- The OTP will be forwarded back to the customer.
- The customer will now be required to enter the last 6-digit debit card number (along with the expiry date and OTP)
* The performed action will be securely captured by NPCI SDK.
- PSP will now forward the OTP validation request.
- UPI will decrypt the details (including PIN) from the PSP key and encrypt with the Issuer key.
- Now, the Issuer bank will decrypt the data and will start validating the details (such as debit card no.) and OTP and will store the PIN.
* Neither the PSP server nor the NPCI will have the authentication to save the PIN.
UPI Transaction Flow
There are generally 2 varieties of transactions PUSH and PULL, below we will understand the PUSH method that is majorly used in the market.
Phase – I:
- The customer initiates the transaction either with Payee’s mobile number, or VPA / QR.
- Now, the Payer PSP will forward the same request to the NPCI.
- Following that, the NPCI UPI server will forward the same request to the Payee’s PSP for address resolution and authorization.
- The payee PSP resolves the address and provides the account details (works with the Remitter bank).
Phase – II:
- The Payee PSP will provide the bank details to UPI and the same will be forwarded to NPCI.
- Now, the NPCI will check with the remitter bank to debit funds from the payer’s account.
- Once money gets debited, a credit request is sent to the beneficiary’s bank.
- The beneficiary bank credits the Payee’s account and later responds to NPCI UPI.
- Now, the NPCI UPI server passes the response to the status of the transaction via Payer’s PSP to the customer.
Where You Can Make Payment Via UPI?
After doing successful action to set up the account, you can do the following task with your UPI application.
- You can now simply enter contact details to transfer funds (also to those who are not in your contact book)
- Money can be transferred via VPA as well. (VPA is like an e-mail id for every individual’s account)
- You can perform both actions i.e., sending and receiving funds (via Contact number, VPA, or QR)
- A user can perform other features like doing bank transfers to self and others’ accounts, checking balances, etc.
- Now merchants are allowing users to make bill payments for their needs (such as broadband, electricity, etc.)
Benefits of UPI?
Today, everyone is shifting towards UPI transactions for making any small payments, and also behind this, there is a list of benefits of doing so. According to data sourced from the National Payments Corporation of India (NPCI), the total number of UPI transactions last year jumped 91.11% YoY, and the value of UPI transactions saw a 74.83% YoY increase in 2022. (Approximately 74 billion transactions worth Rs 125.94 trillion in the year 2022). Why is the demand increasing every day? Let’s have a look at some of the major key pointers below:
- UPI is the cheapest mode of payment and that’s why most banks have declared it Free of Cost. (Unlike other modes of payments).
- It allows instant money transfer and that too 24×7.
- Since VPA (Virtual Payment Address) is the front face of the UPI therefore, it helps in maintaining the privacy of any individual.
- A single UPI application holding multiple accounts makes it more reliable and you also get the freedom to choose your preference for “Default Account”.
- UPI is not just about sending money but also you can “Request for Money” too.
- Over a period, many Third-Party applications have entered the market with hefty cashback and that makes it more appealing for customers to perform more transactions.
- Unlike other modes of payment, all you need is just either VPA, QR scanner, or mobile number to initiate the transactions (applicable for both receiving and sending money).
How Brickendon can help?
UPI usage has grown by ~40% in last 5 years. With more and more people are adapting the use of UPI for making and receiving payments for their daily transactions it has a lot of potential to grow in upcoming years. Brickendon can do an in-depth analysis for your bank on current payment structure and usage (IMPS/RTGS etc). Basis the analysis we can provide future state simplified payment structure. Currently UPI platform is only available in India and with its open-source API interface the adoption to other countries can be done with ease that would help bank’s customers make and collect payments with ease, pay utility bills, credit card bills, check balances in real-time, make cross-border payments in real-time without paying hefty fees to name a few benefits. Non-resident Indians (NRIs), holding bank accounts in India and living abroad, will soon be able to use UPI platforms using their international mobile numbers.