Technical understanding of the Unified Payment Interface (UPI) and comparing it with bitcoin — Part (2/2)
In the second part of this two part series, I will look at some of the meta APIs that can be used by developers to work on the UPI platform. I will next loo at the value propositions of UPI and look at some interesting use cases of UPI. The second half of this post will be dedicated to compare UPI and bitcoin and look at where which technology is winning.
I have also touched upon the recent row between PayTM and whatsapp when the latter announced that they are going to enter into the Indian mobile payments space. The concept of interoperability is touched upon and an objective view of the comments made by Vijay Shekhar Sharma is presented here.
META APIS USED FOR THE FLOW:
- listPSPs — This API helps the NPCI maintain a record of all the registered PSPs and their details. The records stored in this API are used to validate payment addresses of the Payees PSP. This process takes place immediately before the initiation of the transaction.
- listAccountProvider — This API helps keep track of all the financial and banking institutions which are connected with the Unified Payments Interface. The PSPs maintains this record and use this API to verify the existence of a particular banking institution during user registration on their mobile application
- verifyAccount — This API is used to verify the bank account details and to validate the credentials provided by the user.
- validateAddress — This API helps the PSPs validate the beneficiary added by the customer.
- listKeys — This API lets the PSP request the NPCI for the public part of the hashed keys. The PSPs can cache this data to encrypt the credentials of the user.
- setCredentials — This API is used to set and modify the MPIN which is the second factor for authentication. The PSP does not have access to this API, with the banking institution and the NPCI getting access to it.
- createWLentry, updateWLentry, getWLentry — These APIs is used to create a Whitelist of some of the most trusted entities like the Indian Railways, LIC, Airtel, Electricity Bill Payment Boards etc. PSPs and APIs can use these APIs to access and update the Whitelists.
- checkTxnStatus — This API lets the PSP request transaction status after a specified timeout period.
VALUE PROPOSITION:
The Government of India has been pushing to make owning an Aadhar Card a mandatory requirement for every citizen of the country. It has become the Indian equivalent of the Social Security Number of the USA. The coverage of Aadhar has enabled PSPs to use it as an authentication tool to provide secure and convenient transactions. The use of MPIN/OTP has also been centrally adopted, with India becoming the 1st nation to use Biometric authentication in financial services.
The ease with which virtual address can be created for banking accounts using the UPI Guidelines has been the biggest driving factor for the acceptance of UPI. Also, considering the fact that India already has 300 million smartphones in the country helps save crores of rupees on customer acquisition, re-routing the saved money into the development of a fast, slick and secure payment service.
The banks get to decide if they want to charge the customers for transactions made using the UPI. All the 29 banks, which have signed up so far, have decided against levying a Convenience fee in the foreseeable future, thus increasing the attractiveness of using UPI.
The usage of Mobile Phone and Mobile Number to send upto Rs.1 Lakh in a day to family, friends, relatives and merchants makes UPI an attractive prospect, which is easy, flexible and convenient. The ability to integrate multiple bank accounts using a single mobile number has also helped customers to manage and conduct transactions effectively from a single place. In addition to its simplicity, Value added Services like setting up payment reminders, requesting money and keeping the banking details safe by using mobile number for transactions have allowed for a superior experience.
For a Biometric enabled mobile phone, the 2-factor authentication does not require the user to put in even a single detail or remember a single PIN. This is, again, extremely convenient and very safe as well.
Interoperability is also a key feature of UPI. For a customer to be able to check the bank balance in multiple bank accounts in different banks is the backbone of the UPI guidelines. This is not offered by mobile wallets, with PhonePe not allowing you to check the balance in PayTM and Mobikwik and vice versa.
Crowdfunding via UPI:
The idea of hosting a gala with fine champagne and light music is in the past. Nobody has the time to dress up for a night of boring speeches and interact with other people, most of whom are unknown to them, to support a good cause. With the advent of UPI, fundraisers have become an idea of the past, with the idea getting increasingly by that of crowdfunding.
Crowdfunding is a method of raising money by getting donations in smaller enumerations from a larger group of people. It is achieved by spreading the word about the project/company which requires the funds via advertisements, social media bursts or informational events. With the help of UPI and PSPs, individuals and organizations need to just publicize their virtual address, an alias for their back account details, and people can transfer funds with just 1 click, thanks to the 1-click 2-factor authentication.
Before UPI, crowdfunding required the donor to add the bank account details, IFSC code and wait for the beneficiary to be approved before donating to the campaign. But now, the virtual address is the only requirement to crowdfund a project. There have been a lot of independent filmmakers who have made documentaries solely by the money they had raised by crowdfunding. The best example is Pinjara, which portrays the struggles of females to access their rights.
Community of Homemakers:
One of the more interesting applications of UPI, one which has the potential to become the greatest revolution in the Indian cashless economy, is what I call Community of Homemakers. There has been a similar community of homemakers which has sprung up in Tel Aviv, the heart of the cryptocurrency revolution. The idea is very simple.
Every housewife in our country is a women who has certain skills, certain ideas, which she had abandoned to take care of her family an children. But imagine if they could pursue their ideas, spread them and empower other housewives and women?
The hassle of getting change and money of the right denominations and embarrassment of demanding money for providing a neighbour or a friend of a friend with cooking recipes, teaching a particular language or simply, making chapatis because they did not know how to, has stopped majority of homemakers to enter the freelancing business. Every housewife has a skill which she could monetize, which she could teach with conviction, but chooses not to, because it is still a taboo to ask for cash. Not anymore.
With UPI, these homemakers have to just drop a Collect request on BHIM or, in the near future, WhatsApp. There is no one to one interaction, and we all find comfort in hiding behind our mobile screens to speak our hearts out. This revenue model could push the homemakers of today into some of the top earning freelancers of tomorrow. The experience of seeing my mother and sisters make really creative and decorative home decors and plastic ornaments fills me with belief that, if they wanted to, they could make more by sitting at home than they would ever make by sitting at a desk. With UPI, they just might.
A Community of Housewives is just one simple example. The idea of scheduling payments can be used into local businesses as well, with milk and vegetable vendors going cashless and scheduling payments at the end of every week or month. This way, there is no hassle for change of lower denominations, it helps you buy whatever you want to, whenever you want to, even if you are out of money or not carrying any and it makes handling of money a lot of institutionalized and easy to keep track of the cash flow.
UPI vs bitcoin:
The argument that UPI is opening up newer avenues, newer possibilities, is not the exact reality. While for the Indian market, Crowdfunding and a Community of Homemakers is a new idea, in the global market, these ideas have been executed and perfected. Tel Aviv and Silicon Valley are the hotspots of Blockchain innovation, with a lot of cryptocurrencies popping up in Israel, USA and even Russia, to cater to the demands of smaller communities. But while a technology like UPI is easier to understand for the common people, the same cannot be argued for the use of Cryptocurrencies like Bitcoin. A few reasons which are holding Bitcoin back in its quest of taking over the Indian market are:
- Ease of Use — UPI is a technology which is very simple for a common person to understand, and is very quick in performing its primary function. But cryptocurrency wallets require the use of proper bank account details, currency conversion and high convenience and surcharge fees. The hassle is just too much for the users to keep up with, with much easier and much quicker alternatives.
- Fluctuations — Bitcoins do not carry a constant value, which keeps fluctuating every second. You might send a person A number of Bitcoins whose value might be X at the time of sending, but by the time the person receives it, the value might change to Y, which may or may not be a good thing for the sender. On the other hand, there is no talk of fluctuation of INR, which is central government regulated currency.
- Convenience fee — UPI does not charge a single penny to execute a transaction, while Bitcoins wallet might charge from 0.3% to 1% of the transaction value as a transaction fee, which is nothing short of an extortion.
- Scalability — Bitcoin has a serious scalability problem. Due to the limit in the number of transaction records that a block can hold, the number of transactions per second is limited. Also the average time taken to mine a new block (10 minutes) also reduces the frequency and size of transactions that can take place every second. The number is in the range of 3.3–7 transactions per second, with the UPI made to handle 15,000 transactions per second or 10 million transactions a day.
- Reach — Merchants have started adopting the UPI payment method to accept digital cash, while only a couple of thousands of merchants have started accepting Bitcoins for payment. Over 200 million transactions have been made using the UPI, while Zebpay, a popular bitcoin exchange wallet, has 1–5 Lakhs downloads on the Google Play Store. Clearing, the reach of UPI is much much more than that of Bitcoins.
Security:
While the analysis of Blockchain painted a picture of an impregnable technology, which is extremely safe with added anonymity advantages, the same cannot be said about the innovation that is UPI. While there have been a few concerns about how secure UPI could be, the use of virtual aliases has drastically reduced the risk of exploitation and losing bank account details. UPI is only an extra layer added on top of existing payment systems like IMPS, NEFT, AEPs etc, which not only speeds up the time taken for a transaction, it also removes the need to fill out a lot of personal banking details(Account Number) as well as irrelevant details(IFS Code) every time you need to start a transaction, using a 1-click, 2-factor authentication framework to provide payments solution.
With NPCI and PSPs holding all the information, an attack on the Banks or PSPs who have used this interface to develop their apps is a real possibility. The Bank of Maharashtra(BoM) had reported illegal money pulling using a UPI app, causing an estimated loss of Rs. 6.14 crores. SIM Cloning is also dormant, which has perfected the art of fooling the 1-click 2-factor authentication.
Thus, the chances of an attack on the personal data of users as well as their bank accounts is very real. A French Security researcher, Elliot Anderson, claimed that he had used Brute force to crack the password of a local database which contained the biometric data of the users. This database was protected by a password which could be cracked using a randomise generator. The website of Rajasthans government was also the victim of an attack in which the search facets of the Aadhar database was used to extract demographics data of the people. With the Aadhar details in hand, the bank account details should not be a tough nut to crack, given the fact that they are all interconnected. Even though UPI technology does not match the security protocols that Blockchain offers, it is undeniable that, secure or not, UPI is winning the digital payments battle over bitcoins and other Cryptocurrencies in India. But we need to step back, analyze how secure UPI technology is, with daily news reports of Aadhar data leak becoming the norm.
PayTM’s accusation of WhatsAPP:
PayTM had accused messaging giants WhatsApp of not complying by the rules and guidelines set by the RBI and NPCI for UPI. The main issues according to PayTM were:
- WhatsApp does not require a login ID and Password to use the Payments service. The CEO of PayTM, Vijay Shekhar Sharma, has compared WhatsApp to an Open ATM and a security risk.
- PayTM has also accused WhatsApp of not adhering with the spirit of Interoperability. They claim that the beta version of WhatsApp did not allow transfer of funds from WhatsApp to other UPI enabled IDs, with WhatsApp using the mobile numbers of the registered users to make a Virtual alias, which differs from that of major UPI players in the country. The lack of Scan and Pay option and Collect option to request money are also not available in the beta version.
PayTMs accusations, while somewhat justified, do not stand from a technical perspective. The use of Login ID and passwords was not a part of the RBI guidelines, with the first factor of authentication being the mobile phone of the user. Thus the first point holds no technical grounds. The interoperability issue not as straight forward as the first issue.
Interoperability:
One of the driving factors for the development of UPI was interoperability. It was a key value and was also included in the Mission Statement of UPI. Interoperability is the ability to use Mobile Numbers, Aadhar Number and new virtual addresses interchangeably to execute a transaction. Interoperability also means that UPI must be interoperable across all the Payment Players and mobile phones.
Interoperability widens the scope for Innovation and Development, promotes market growth, reduce cash payments and provide customers with the ability to transfer and receive funds from different UPI IDs, since different UPI applications have been adopting different protocols for the establishment of a virtual address.
Thus, while the claims made by PayTM is justified, NPCI have been assured by WhatsApp that it will adhere by the interoperability guidelines when it rolls out the permanent update. Thus, the issues have been addressed, with WhatsApp set to become the latest player to enter the Payments market.
Conclusion:
While Blockchain has been rightly dubbed as one of the greatest technological invention of the Internet era, it is safe to say that the Indian fintech sector will be dominated by UPI and its simplicity for years to come. The Simplicity, quickness and ease of use makes it a delightful innovation to push the country towards a cash-less economy.
If there were some lingering doubts relating to the blockchain techology and bitcoin, I would recommend looking at the three part series explaining the bitcoin technology in depth.
