Unified Payment Systems new revolution in online Payment
On April 8 2016 Reserve bank governor Mr. Raghuram rajan launched Unified Payment System (UPI). This will be the next generation payment system which will have the potential to revolutionize retail payments in the country. Currently NPCI (National Payment Corporation of India) provided a platform for developer’s community. A key feature of UPI (Unified Payment Inerface) is that it would provide interoperable and instant payments driven over the mobile platform. Besides that a customer will be able to make payments by providing just a single identifier like Aadhaar number or a virtual address.
UPI will offer architecture and set of APIs (application program interface) to facilitate the next generation online immediate payments. It will leverage trends such as increasing Smartphone adoption, Indian language interfaces etc. Besides that it will empower users to perform both push and pull transactions seamlessly which will transform the way customers will make payments in the coming months.
Right now net banking requires a lot of preliminary steps like registration of the payee, one time password (OTP) at the time of payment etc. And mobile wallets though convenient need to be filled in either with debit/credit card or NEFT. And non-bank mobile wallet transactions are getting increased day by day. Now, UPI claims to return the lost business of banking sector.
Banks will provide you a unique ID which will be like email id. This unique id is virtual system address that can be uniquely mapped to individual bank account.
We will see one by one features of UPI briefly
- Push And Pull Payments: – The payment can be initiated by Payee (sender) or Payer (receiver). This payment will be secure and convenient.
- Easy Instant Payments: – This payment will be done easily via mobile or web or any other applications. Just user will need to user options like “Pay to” a “payment address” or “collect from ” a “payment address” (Here payment address can be Aadhaar Number, Mobile Number, Rupay Card, virtual payment address)And no need of providing actual account number
- Scalable Architecture: – This payment system is designed by taking into consideration of mass mobile usage in public, so it will be scaled to large number easily. It also means that there should be interoperability in different kind of payment address and it should work with or without any application
- 1 Click 2FA and Virtual address:- It will use virtual address , Single click two factor authentication for payment system to work
- There can be onetime pre-authorization for multiple recurring payments and rule based access
Every payment will have following core elements
- Payer and payee account and institution details for routing and authorization
- Authentication credentials (password, PIN, biometrics, etc. as required for debit, can be bank provided or 3rd party provided such as UIDAI)
- Transaction amount
- Transaction reference
- Other metadata attributes such as location, product code, mobile number, device details, etc. as required.
Below are some of the real world scenarios which we will see one by one in detail
Scenario 1:- Sameer wants to send money to his wife Smita who is living in other city
|Sending Money to Relatives||Behind the scene, whenever money is sent it will go through following steps|
| Sameer is having bank account with SBI.
His wife Smita is having bank account with central bank of India
Sameer is using SBI mobile application which is integrated with UPI which is having facilities like send money, collect money, integrated address book
Sameer adds Smita’s Aadhar number to his address book (No other information like IFSC code or anything else reqd to store)
On the mobile application, using single click on his address book entry of his wife, he enters an amount and click send. SBI application allows him to remember the amount for future
| Validate user and debit amount
Uses UPI and initiates “Pay” transaction with “Payee” address with simply “Aadhar number” of Smita
NPCI UPI layer looks up[ the Aadhar mapper and translates the destination address to bank identification number and routes the transaction to destination bank via AEPS (Aadhar Enabled Payment System)
Destination bank uses their system to credit the amount to the Aadhar linked account and sends confirmation back to NPCI
NPCI confirms the credit back to SBI application
SBI application pushes the notification to the mobile device
Scenario 2:- Sunil and Sanket are two colleagues who take Tiffin from Tiffin provider. Sunil has paid the amount in cash to Tiffin provider for both of them. Now Sunil told Sanket to give half part within week’s time. Here Sunil is making a Collect request via UPI
|Collecting money from friend||Behind the scene, when money Collect request initiated it will go through following steps|
|Sunil logs in to Bank of India Mobile Banking application.
He initiates a collect request by providing Sanket’s address
Sunil also enters the amount to be paid by Sanket
Sanket who is SBI accountholder gets a message on phone stating a collect request by Sunil. Sanket’s PSP (Payment System Player) shows Sunil’s complete name which is there in Aadhar System which was verified while his on boarding
Sanket is busy. So he snoozes the request and decides to attend later. Since the request had specified that it can be paid within a week’s time.
His mobile application shows reminder after snooze period
He accepts the request, provides biometrics and authorizes payment.
Sunil receives confirmation of payment
| BOI Sends the collect request to NPCI with Sunil’s details and Sanket’s address
NPCI find out the PSP (Payment system player) from the Payer address Sanket’s PSP is SBI
NPCI routes the request to SBI
SBI takes the request and searches the Sanket’s address
SBI sends request to Sanket’s mobile
Sanket accepts the message provides the credential and authentication details, SBI debits amount to his account
SBI confirms payment back to NPCI
NPCI processes the debit information and gives credit details to BOI
BOI credit the Sunil’s account and respond to NPCI
BOI pushes the notification to Sunil’s mobile about the credit f payment
Scenario 3:- Rajesh wants to buy LED TV online on shopping site with different pay mode (Part payment) Part one at the time of order booking and part two on the order delivery.
|Buying on an e-commerce site|
|Rajesh enters his unique virtual address while checkout on the shopping site.
Shopping site initiates first collect request by providing Rajesh’s address
Rajesh gets a message on phone stating a collect request by shopping site. Rajesh’s PSP (Payment System Player) shows shopping site details along with order details.
He accepts the request, provides biometrics and authorizes payment.
Now order gets confirmed
Shopping site initiates second collect request by providing Rajesh’s address for remaining payment.
Rajesh’s mobile application shows reminder after snooze period
At the time of delivery of the LED TV, He accepts the request, provides biometrics and authorizes payment.
Behind the scene it will work same as that of in scenario 2 for both part payments
Scenario 4:- Amit wants to book railway ticket on IRCTC
|Buying railway ticket on IRCTC application|
|Amit logs into IRCTC and reach up to payment option for booking ticket
Amit has provided his unique virtual address to IRCTC
He has used his PSP application to create new address which is specifically created for IRCTC
This PSP allows a feature to limit this specific address to be used with specific merchant with a maximum amount of limit
This address cannot be used anywhere else.
This address is bound to default bank account of PSP
With buy click it initiates the collect request
Amit gets a message on phone stating a collect request by IRCTC.
Amit enters his authentication credentials and approves payment.
IRCTC gets payment and Amit’s PSP account gets debited
Behind the scene it will work same as that of in scenario 2
There are lots more scenarios can be covered using UPI like using taxi service paying utility bills etc which work on same fundamentals.
As of now we have seen all the benefits and features of the system but we need to see how secure this system is
- This PSP will be validated against the devices and identity of the customers
- Data will be always stored in encrypted format
- Account details will be protected at the time of capture
- To avoid phishing PSP will always share Aadhar number and name as part of customer information
- Direct payment payer should add payee into the address list which will be white list for him
- Apart from that message transfer will be secured trusted
There will be fail check on every step and every step will have different action on failure of the transaction for e.g.
- If it fails at the very first stage mobile application will warn to reinitiate the collect or pay process
- If it fails at the NPCI stage it will either reverse the transaction at the initiator level or will tell initiator to reinitiate it.
- There are fail checks at every step which will take care of transaction should not go in the half completed state.
All product names and symbols used are properties of their respective trademark owners. The names of organizations used in this article such SBI, IRCTC are for illustration purpose only. No claim is made about the actual products and policies of any of these organizations.