Unified Payment Systems new revolution in online Payment

Unified Payment Systems new revolution in online Payment

On April 8 2016 Reserve bank governor Mr. Raghuram rajan launched Unified Payment System (UPI). This will be the next generation payment system which will have the potential to revolutionize retail payments in the country. Currently NPCI (National Payment Corporation of India) provided a platform for developer’s community. A key feature of UPI (Unified Payment Inerface) is that it would provide interoperable and instant payments driven over the mobile platform. Besides that a customer will be able to make payments by providing just a single identifier like Aadhaar number or a virtual address.

UPI will offer architecture and set of APIs (application program interface) to facilitate the next generation online immediate payments. It will leverage trends such as increasing Smartphone adoption, Indian language interfaces etc. Besides that it will empower users to perform both push and pull transactions seamlessly which will transform the way customers will make payments in the coming months.

Right now net banking requires a lot of preliminary steps like registration of the payee, one time password (OTP) at the time of payment etc. And mobile wallets though convenient need to be filled in either with debit/credit card or NEFT. And non-bank mobile wallet transactions are getting increased day by day. Now, UPI claims to return the lost business of banking sector.

Banks will provide you a unique ID which will be like email id. This unique id is virtual system address that can be uniquely mapped to individual bank account.

We will see one by one features of UPI briefly

  1. Push And Pull Payments: – The payment can be initiated by Payee (sender) or Payer (receiver). This payment will be secure and convenient.
  2. Easy Instant Payments: – This payment will be done easily via mobile or web or any other applications. Just user will need to user options like “Pay to” a “payment address” or “collect from ” a “payment address” (Here payment address can be Aadhaar Number, Mobile Number, Rupay Card, virtual payment address)And no need of providing actual account number
  3. Scalable Architecture: – This payment system is designed by taking into consideration of mass mobile usage in public, so it will be scaled to large number easily. It also means that there should be interoperability in different kind of payment address and it should work with or without any application
  4. 1 Click 2FA and Virtual address:- It will use virtual address , Single click two factor authentication for payment system to work
  5. There can be onetime pre-authorization for multiple recurring payments and rule based access

Every payment will have following core elements

  1. Payer and payee account and institution details for routing and authorization
  2. Authentication credentials (password, PIN, biometrics, etc. as required for debit, can be bank provided or 3rd party provided such as UIDAI)
  3. Transaction amount
  4. Transaction reference
  5. Timestamp
  6. Other metadata attributes such as location, product code, mobile number, device details, etc. as required.

Below are some of the real world scenarios which we will see one by one in detail

Scenario 1:- Sameer wants to send money to his wife Smita who is living in other city

Sending Money to Relatives Behind the scene, whenever money is sent it will go through following steps
 Sameer is having bank account with SBI.

His wife Smita is having bank account with central bank of India

Sameer is using SBI mobile application which is integrated with UPI which is having facilities like send money, collect money, integrated address book

Sameer adds Smita’s  Aadhar number to his address book  (No other information like IFSC code or anything else reqd to store)

On the mobile application, using single click on his address book entry of his wife, he enters an amount and click send. SBI application allows him to remember the amount for future

 

— Validate user and debit amount

— Uses UPI and initiates “Pay” transaction with “Payee” address with simply “Aadhar number” of Smita

— NPCI UPI layer looks up[ the Aadhar mapper  and translates the destination address to bank identification number and routes the transaction to destination bank via AEPS (Aadhar Enabled Payment System)

— Destination bank uses their system to credit  the amount to the Aadhar linked account and sends confirmation back to NPCI

— NPCI confirms the credit back to SBI application

— SBI application pushes the notification to the mobile device

 

UPI

Scenario 2:- Sunil and Sanket are two colleagues who take Tiffin from Tiffin provider. Sunil has paid the amount in cash to Tiffin provider for both of them. Now Sunil told Sanket to give half part within week’s time. Here Sunil is making a Collect request via UPI

 

Collecting money from friend Behind the scene, when money Collect request initiated it will go through following steps
Sunil logs in to Bank of India Mobile Banking application.

He initiates a collect request by providing Sanket’s address

Sunil also enters the amount to be paid by Sanket

Sanket who is SBI accountholder gets a message on phone stating a collect request by Sunil. Sanket’s PSP (Payment System Player) shows Sunil’s complete name which is there in Aadhar System which was verified while his on boarding

Sanket is busy. So he snoozes the request and decides to attend later. Since the request had specified that it can be paid within a week’s time.

His mobile application shows reminder after snooze period

He accepts the request, provides biometrics and authorizes payment.

Sunil receives confirmation of payment

 

— BOI Sends the collect request to NPCI with Sunil’s details and Sanket’s address

— NPCI find out the PSP (Payment system player) from the Payer address Sanket’s PSP is SBI

— NPCI routes the request to SBI

— SBI takes the request and searches the Sanket’s address

— SBI sends request to Sanket’s mobile

— Sanket accepts the message provides the credential and authentication details, SBI debits amount to his account

— SBI confirms payment back to NPCI

— NPCI processes the debit information and gives credit details to BOI

— BOI credit the Sunil’s account and respond to NPCI

— BOI pushes the notification to Sunil’s mobile about the credit f payment

Scenario 3:- Rajesh wants to buy LED TV online on shopping site with different pay mode (Part payment) Part one at the time of order booking and part two on the order delivery.

Buying on an e-commerce site
Rajesh enters his unique virtual address while checkout on the shopping site.

Shopping site initiates first collect request by providing Rajesh’s address

Rajesh gets a message on phone stating a collect request by shopping site. Rajesh’s PSP (Payment System Player) shows shopping site details along with order details.

He accepts the request, provides biometrics and authorizes payment.

Now order gets confirmed

Shopping site initiates second collect request by providing Rajesh’s address for remaining payment.

Rajesh’s mobile application shows reminder after snooze period

At the time of delivery of the LED TV, He accepts the request, provides biometrics and authorizes payment.

Behind the scene it will work same as that of in scenario 2 for both part payments

Scenario 4:- Amit wants to book railway ticket on IRCTC

Buying railway ticket on IRCTC application
Amit logs into IRCTC and reach up to payment option for booking ticket

Amit has provided his unique virtual address to IRCTC

He has used his PSP application to create new address which is specifically created for IRCTC

This PSP allows a feature to limit this specific address to be used with specific merchant with a maximum amount of limit

This address cannot be used anywhere else.

This address is bound to default bank account of PSP

With buy click it initiates the collect request

Amit gets a message on phone stating a collect request by IRCTC.

Amit enters his authentication credentials and approves payment.

IRCTC gets payment and Amit’s PSP account gets debited

Behind the scene it will work same as that of in scenario 2

There are lots more scenarios can be covered using UPI like using taxi service paying utility bills etc which work on same fundamentals.
 Security considerations

As of now we have seen all the benefits and features of the system but we need to see how secure this system is

  1. This PSP will be validated against the devices and identity of the customers
  2. Data will be always stored in encrypted format
  3. Account details will be protected at the time of capture
  4. To avoid phishing PSP will always share Aadhar number and name as part of customer information
  5. Direct payment payer should add payee into the address list which will be white list for him
  6. Apart from that message transfer will be secured trusted

Failure considerations

There will be fail check on every step and every step will have different action on failure of the transaction for e.g.

  1. If it fails at the very first stage mobile application will warn to reinitiate the collect or pay process
  2. If it fails at the NPCI stage it will either reverse the transaction at the initiator level or will tell initiator to reinitiate it.
  3. There are fail checks at every step which will take care of transaction should not go in the half completed state.

 Conclusion

UPI when fully operational across the banking sector it will be a win-win situation for the banking sector. It will be good for the banking sector, good for the bank customers in terms of use of doing payments and transfers. And above all it will be good for the economy as it will substantially end cash payments. Use of currency notes will come down and the economy will become more transparent, amenable to compilation of authentic data.

Disclaimer:

All product names and symbols used are properties of their respective trademark owners. The names of organizations used in this article such SBI, IRCTC are for illustration purpose only. No claim is made about the actual products and policies of any of these organizations.

Vijay Joglekar on sablinkedin
Vijay Joglekar
at
Vijay Joglekar has been working in various business software areas such as healthcare and fintech for the past 10 years. He is currently the Manager (Product Development) in Nelito Systems, a leading IT solutions company that works in fintech. Vijay’s area of interest is core banking and finance. He has excellent knowledge of SEI CMM5 processes. He enjoys researching on advanced technology, reading and is a music aficionado.

Vijay Joglekar has been working in various business software areas such as healthcare and fintech for the past 10 years. He is currently the Manager (Product Development) in Nelito Systems, a leading IT solutions company that works in fintech. Vijay’s area of interest is core banking and finance. He has excellent knowledge of SEI CMM5 processes. He enjoys researching on advanced technology, reading and is a music aficionado.