How Does UPI Work?
UPI – Unified Payment Interface was first introduced in 2016 with just 21 banks and had almost 0 transactions for straight 3 months and is now leading the chart globally. The mastermind behind this approach was Dr. Raghuram G Rajan (RBI Governer).
From April 2016 to August 2022, the graph has significantly changed, now there are above 345 Banks live on UPI and a total number of transactions has crossed 10,72,792 crores (as of August 2022) and this figure itself is proof that how people have become adaptive on making more and more cashless UPI payments.
The unique part about UPI is that it holds the power of discarding ATM machines and also allows customers to link multiple bank accounts in a single mobile application. It offers 2 modes of payment i.e. P2P (Peer to Peer) and P2M (Peer to Merchant).
Sooner banks started promoting the use of cashless transactions and it spread like a fire (YOY). Most of you must be wondering how actually this whole ecosystem works in just a few clicks. Well, we’re here to answer that. Let’s see the insights of UPI and its working metrics.
Benefits of UPI
Today, everyone is shifting towards UPI transactions for making any small payments, and also behind this, there is a list of benefits of doing so. Having said, since its first introduction in the market, the number of transactions has crossed 6.2 Billion (stats of July 2022). Why the demand is increasing every day? Let’s have a look at some of the major key pointers below:
- UPI is the cheapest mode of payment and that’s why most banks have declared it Free of Cost. (unlike other modes of payments)
- It allows instant money transfer and that too 24×7
- Since VPA (Virtual Payment Address) is the front face of the UPI therefore, it helps in maintaining the privacy of any individual
- A single UPI application holding multiple accounts makes it more reliable and you also get the freedom to choose your preference for “Default Account”
- UPI is not just about sending money but also you can “Request for Money” too
- Over a period of time, many Third-Party applications have entered the market with hefty cashback and that makes it more appealing for customers to perform more transactions.
- Unlike other modes of payment, all you need is just either VPA, QR scanner, or mobile number to initiate the transactions (applicable for both receiving and sending money).
How Does UPI Work?
UPI offers 2 varieties of transactions i.e. P2P and P2M ~ Peer-to-Peer and Peer-to-Merchant
For every real-time transaction, certain parties are involved and that’s why it’s also referred to as the 4 Party Model, the models are:
- Payer – The person who is initiating the payment
- Payee – The person who receives the payment
- Beneficiary Bank – Involvement of receiver’s bank account
- Remitter Bank – Involvement of Payer’s Bank and attached account
STEP – I
- Download the PSP (Payment Service Provider) app (GooglePay, PhonePay, etc.)
- Add Account details
- Generate UPI PIN
* For every PSP app, the mobile SDK is provided by NPCI only.
STEP – II
For Hard Binding or Device Finger Printing Process (acts as a First-Factor authentication in UPI)
- Download the PSP app and send an SMS for mobile number verification and ensure that you’re performing this action with the same mobile number that is registered with the bank.
STEP – III
- Download the PSP app and select your preferred bank
- Now the request will be sent to the PSP server and it will forward the same request to the NPCI (of the same mobile number)
- Now NPCI UPI server will forward the request to the Issuer Bank
- Bank will retrieve the account details to verify whether the number is linked to that person or not
- Now, the UPI will pass the same info to the PSP server
*PSP stores the IFSC and Account Number of the customer to the mobile apps (including device information)
- Now, the customer will get all the linked bank accounts of his/her triggered SMS number and from there he/she can choose the preference
- PSP will now create the VPA to proceed ahead.
STEP – IV
- From your Mobile application, select the option to Generate a PIN
- Now, the PSP server will request an OTP of that bank account to NPCI
- NPCI will forward the same request to the Issuer Bank
- The OTP will be forwarded back to the customer
- The customer will now be required to enter the last 6-digit debit card number (along with the expiry date and OTP)
* The performed action will be securely captured by NPCI SDK
- PSP will now forward the OTP validation request
- UPI will decrypt the details (including PIN) from the PSP key and encrypt with the Issuer key
- Now, the Issuer bank will decrypt the data and will start validating the details (such as debit card no.) and OTP and will store the PIN
* Neither the PSP server nor the NPCI will have the authentication to save the PIN
There are generally 2 varieties of transactions PUSH and PULL, below we will understand the PUSH method that is majorly used in the market.
Phase – I
- The customer initiates the transaction either with Payee’s mobile number, or VPA / QR
- Now, the Payer PSP will forward the same request to the NPCI
- Following that, the NPCI UPI server will forward the same request to the Payee’s PSP for address resolution and authorization
- The payee PSP resolves the address and provides the account details (works with the Remitter bank)
Phase – II
- The Payee PSP will provide the bank details to UPI and the same will be forwarded to NPCI
- Now, the NPCI will check with the remitter bank to debit funds from the payer’s account
- Once money gets debited, a credit request is sent to the beneficiary’s bank
- The beneficiary bank credits the Payee’s account and later responds to NPCI UPI
- Now, the NPCI UPI server passes the response to the status of the transaction via Payer’s PSP to the customer
- VPA – Virtual Payment Address (provided by PSP). For example, <name>@psp. <name> could be provided by either PSP or customers can choose as per their preference
- PSP – Payment Service Provider (provided by NPCI)
What is the role of PSP?
PSP works with the bank to acquire new customers and facilitate payment.
Their primary work is to offer front-end mobile applications to the customer and works closely with NPCI and banks. They also ensure the whole ecosystem of the transaction flow goes flawless.
*They cannot work by themselves as an individual body so they are bound to work with NPCI.
Who can be PSP?
- Third-Party Applications
NPCI – National Payments Corporation of India
A bank account can have multiple VPA handles-
- Example: HDFC Bank has multiple VPA’s. HDFC App – @hdfc, GooglePay – @okhdfc, PhonePay – @ybl
1 PSP can have multiple Bank handles-
- Example: GooglePay. AXIS Bank – @okaxis, HDFC – @okhdfc, ICICI – @okicici, SBI – oksbi
QR – Abbreviated as “quick response”. It’s a metric that holds information horizontally and can perform both horizontal and vertical action.
Responsibilities of the Involved Parties
- Payer PSP
- Customer onboarding
- To create a UPI ID
- Create device binding (first-factor authentication)
- Payee PSP
- On-board customer/merchant
- facilitate money transfer/payment to the recipient using UPI
- Remitter Bank
- Hold & Debit Bank account for the transaction
- Store and verify UPI PIN
- Beneficiary Bank
- Process incoming credits and funds into the beneficiary account
Where You Can Make Payment Via UPI?
After doing successful action to set up the account, you can do the following task with your UPI application.
- You can now simply enter contact details to transfer funds (also to those who are not in your contact book)
- Money can be transferred via VPA as well. (VPA is like an e-mail id for every individual’s account)
- You can perform both actions i.e. sending and receiving funds (via Contact number, VPA, or QR)
- A user can perform other features like doing bank transfers to self and others’ accounts, checking balances, etc.
- Now merchants are allowing users to make bill payments for their needs (such as broadband, electricity, etc.)
How Safe Is It?
With the growing digitalization, it’s just to make sure that the transaction you’re doing is safe. While performing any UPI transaction, there are chances that phishers may try to breach and do any fraudulent activities. To answer this here’s a quick guide to prevent any unavoided actions.
- You must always avoid sharing your credentials (such as PIN, Password, or any sensitive information)
- Never save your card details (debit/credit) while performing any transaction
- There are a bunch of fraud apps available in the market today, avoid downloading them on your phone as they might get access to your wallet or other related apps.
- If you’re about to receive any funds, perform safe methods for doing so (such as QR, Phone numbers only) and ensure that you’re not sharing any OTP
- Certain cases have been reported of fraudulent activities (such as cloning, unsecured links, etc.) so it’s best to avoid visiting such websites.
As per the Government’s Cybersecurity department, more than 60,000 fraud activities were involved alone in the month of May 2022. Among those 30,000+ complaints were directly involved with UPI transactions dented more than 150 crores.