The Unified Payment Interface (UPI) was first released in 2016 with only 21 banks and had virtually no transactions for a continuous three months. Today, UPI is at the top of the global leaderboard. This strategy was the brainchild of Dr. Raghuram G. Rajan (RBI Governer).
As of August 2022, there are over 345 banks that accept UPI, and the total volume of transactions has exceeded 10,72,792 crores. This movement in the graph between April 2016 and August 2022 shows how consumers have become accustomed to making increasingly more cashless UPI payments.
UPI’s ability to replace ATMs and let users link different bank accounts in a single mobile application makes it stand out from other payment systems. It has two payment options, namely. Peer to Peer (P2P) and P2M (Peer to Merchant).
Cashless transactions were promoted by banks earlier, and they caught on like wildfire (YOY). The majority of you must be asking how, exactly, this entire ecosystem functions with a few of clicks. We’re here to address that, after all. Let’s examine UPI’s insights and operational indicators.
Advantages of UPI
Today, everyone is moving toward using UPI transactions for any minor payments, and there are several reasons for this. Having said that, since its first launch on the market, there have been over 6.2 billion transactions (stats of July 2022). Why is there a daily increase in demand? Let’s look at some of the most important vital advice below:
- Because UPI is the least expensive payment method, the majority of banks have declared it to be free of charge. (In contrast to other payment methods)
- It enables 24-hour, rapid money transfers.
- Since VPA (Virtual Payment Address) is the public face of the UPI, it aids in preserving every individual’s right to privacy.
- It is more dependable when a single UPI application manages several accounts, and you also have the freedom to select the “Default Account” of your choice.
- UPI allows you to “Request for Money” in addition to giving money.
- Over time, a number of Third-Party applications have entered the market with sizable cashback, which encourages users to complete more transactions.
- In contrast to conventional payment methods, all you need to start a transaction is either a VPA, QR scanner, or mobile number (applicable for both receiving and sending money).
How Does UPI Function?
UPI provides two different types of transactions: Peer-to-peer and peer-to-merchant, or P2P and P2M,
Certain parties are involved in every real-time transaction, which is why it is also known as the “4 Party Model.” The models are:
The person initiating the payment is known as the “payer.”
The recipient of the money is known as the payee.
Beneficiary Bank: Participation of the recipient’s bank account
Remitter Bank: Payer’s Bank involvement and connected account
STEP – I
Install the Payment Service Provider (PSP) app (GooglePay, PhonePay, etc.)
Add account information
Create a UPI PIN
The mobile SDK is only made available by NPCI for each PSP application.
For device fingerprinting or hard binding (acts as a First-Factor authentication in UPI).
Make sure you’re using the same mobile phone that is registered with the bank when you download the PSP app and send an SMS for mobile number verification.
Install the PSP app, then choose your favourite bank.
The request will now be routed to the PSP server, which will then transmit it to the NPCI (of the same mobile number)
The request will now be forwarded by the NPCI UPI server to the Issuer Bank.
To determine if the number is associated with that individual or not, the bank will get the account information.
The UPI will now transmit the same information to the PSP server.
*PSP stores the customer’s IFSC and account number in the mobile apps (including device information)
The consumer will now receive a list of all the bank accounts that are associated to the triggered SMS number, and from there, he or she can select the preferred option.
In order to move forward, PSP will now construct the VPA.
Generation of PIN
Choose the Generate a PIN option on your mobile application.
The PSP server will now ask NPCI for an OTP for that bank account.
The Issuer Bank will receive the identical request from NPCI.
The customer will receive the OTP again.
The consumer must now enter the final six digits of their debit card number (along with the expiry date and OTP)
The NPCI SDK will securely record the action that was taken.
PSP will now transmit the request for OTP validation.
When using the Issuer key, UPI will decrypt the information (including the PIN) from the PSP key.
The issuer bank will now decrypt the data, begin confirming the information (such as the debit card number) and OTP, and save the PIN.
The authentication required to save the PIN is not available to either the PSP server or the NPCI.
Transfer of Funds
There are often two different types of transactions: push and pull. In this section, we’ll explain the push approach, which is widely utilised in the market.
The consumer starts the transaction using either VPA or QR code or Payee’s mobile number.
In the future, the Payer PSP will send the NPCI the same request.
The Payee’s PSP will then receive the same request from the NPCI UPI server for address resolution and authorization.
By resolving the address and providing the account information, the payee PSP (works with the Remitter bank)
The NPCI will receive the bank data from UPI after the Payee PSP sends them to UPI.
The NPCI will now consult with the sending bank in order to debit money from the payer’s account.
A credit request is issued to the beneficiary’s bank after funds are deducted.
After crediting the Payee’s account, the beneficiary bank replies to the NPCI UPI.
Now, the customer receives the response from the NPCI UPI server regarding the status of the transaction via the Payer’s PSP.
Virtual Payment Address (VPA) (provided by PSP). For example, example@upi. Customers may select their preferred name or the PSP may supply one.
Payment Service Provider (PSP) (provided by NPCI)
What function does PSP serve?
PSP collaborates with the bank to bring in new clients and streamline payments.
Their main responsibility is to provide customers with front-end mobile applications, and they collaborate closely with banks and NPCI. They also ensure the full ecosystem of the transaction flow goes perfect.
They are need to collaborate with NPCI because they are unable to function as an individual body.
Who may be a PSP?
Applications from Third Parties
National Payments Corporation of India (NPCI)
Multiple VPA handles may exist on a single bank account.
For instance, HDFC Bank has several VPAs. GooglePay – @okhdfc, PhonePay – @ybl, and HDFC App – @hdfc
A single PSP may have several bank handles.
Consider GooglePay. SBI – oksbi, ICICI – @okicici, HDFC – @okhdfc, and AXIS Bank – @okaxis
QR stands for “rapid response.” It is a metric that can conduct both horizontal and vertical action and retains information horizontally.
To transfer money, you can now easily enter your contact information (also to those who are not in your contact book)
Via VPA, money can also be sent. (VPA is similar to an e-mail address for each user’s account.)
You can send and receive money, among other operations (via Contact number, VPA, or QR)
Other functions that a user can use include checking balances, making bank transfers to one’s own and other accounts, etc.
Nowadays, businesses let customers pay their bills online to suit their demands (such as broadband, electricity, etc.)
Is It Safe?
It is simply important to ensure that the transaction you are conducting is secure given the expanding digitization. There is a potential that phishers will attempt to breach and carry out any fraudulent actions while carrying out any UPI transaction.
Here is a brief guide to address this and stop any unavoidable activities:
- You must never divulge your credentials to anyone (such as PIN, Password, or any sensitive information)
- Never save your debit or credit card information while making a purchase.
- Today’s market has a tonne of fraudulent apps; stay away from installing them on your phone as they might gain access to your wallet or other associated apps.
- Use secure methods to receive money, such as QR codes or phone numbers exclusively, and make sure you aren’t sharing any OTPs.
- It is advised to avoid accessing such websites as instances of fraud have been documented (such as cloning, insecure connections, etc.).
According to the government’s cybersecurity division, only in the month of May 2022, there were more than 60,000 fraud activities. More than 30,000 of those complaints involved UPI transactions that cost more over 150 crores in total.