Technical understanding of the Unified Payment Interface (UPI) — Part (1/2)

This post is the first in a two part series aimed at explaining the Unified Payment Interface or UPI, first from a general perspective and then diving deep into the protocol level and framework level understanding of the technology.

The aim of this post is to become wiser and more informed about one of the biggest and most ground breaking revolution in the field of payments. Everything written in this posts and the images used have been custom curated to help the reader better understand the concepts while not feeling daunted by the theory.

UNIFIED PAYMENTS INTERFACE (UPI):

The Unified Payments Interface is an architecture built with the motivation to become a less cash society and improve the participation of people into a financial society which has a majority in electronic payments. As of November 2017, the number of mobile phones in the country has almost equalled the population of the country, a staggering statistic. As of 2016, the total number of smartphones in the country is 251.79 million, which is expected to reach 340 million by the end of 2018. Thus it can be said that on an average, every person has a mobile phone and every household has one smartphone. It is a brain child of the National Payments Corporation of India (NPCI).

FIG. 1. UPI Architecture

The UPI is a system developed primarily for mobile phone users, migrating the bank onto the screens of your mobile. The main reason for the development of UPI was the financial inclusion of the people of this country. If transactions can be made quick and effortless, with the 1-click 2-Factor authentication, then more and more people will use such a simple interface. The key features of UPI are the following:

• All payments can be made using a mobile phone which include person to person, person to merchant and merchant to person transactions.
• Payments can be made using a 1-click 2-factor authentication with the two factors being the mobile number and a PIN/Biometrics.
• The Push-Pull feature enables a person/merchant to pay as well as request and collect payment.
• The unification of Aadhar Card, Bank Account Number, Mobile Number and E-mail ID into one virtual alias for one or multiple bank accounts. This alias helps protect the Bank account details and other details during third party transactions.
• The Collect feature helps set a date for payment, without blocking the amount of money to be paid till that date. It acts like the snooze button for your alarm, which wakes you up after a snooze time without blocking your sleep.
• The UPI interface helps banks and other applications use a standard set of APIs to build a payments app.

The UPI uses existing payment systems like the Immediate Payment Services(IMPS), Aadhar Enabled Payments Service(AEPS) etc, to ensure the integrity of the transactions. These payment systems are integrated by using a common Interface, which is the UPI. This interface offers instant payment using the mobile phone, which is a Value Added Service.

Source and Recepient:

For a transaction to take place, the account details of the payer and payee are required to authenticate, initiate and complete the transaction. A Payment System Player (PSP) converts these details into a virtual address which can be used to route the money from one account to the other. APIs are provided with a translator by the PSPs to understand these Virtual Addresses and convert them into Bank Account details.

Authentication of the transaction:

The 2-factor authentication scheme is heavily used by major banking institutions and applications to regulate transactions. Of the two authentications, one is done by the PSPs, who check for the usage of correct mobile phone as the most common method of authentication. The second authentication is done by financial institutions like banks who are the payment account providers. The use of Aadhar Number for authentication, with the help of the UIDAI, is the most dormant mechanism.

With the PSP authentication not requiring the intervention of the mobile phone user, this authentication came to be known as the 1-click 2-factor authentication, with the banking institutes asking for a M-PIN or OTP to be entered as a means for verification.

National Payments Corporation of India (NPCI):

NPCI is the central governmental organization which regulates all retail payments and settlement systems in the country. Set up by the Reserve Bank of India RBI) and Indian Banks Association(IBA), the NPCI was cr ated to handle the process and issues related to payments in India. It is a Not-for-Profit company which provides guidelines for all the banking and financial institutions of the country.NPCI is owned by ten major banking institutions of the country and is backed by the RBI.

The NPCI is responsible for the development of the Unified Payments System (UPI) which has thrust its drive to move towards a cashless economy closer to reality. It is also responsible for developing a network of domestic card payment called RuPay. Along with RuPay, NPCI has also developed the Kisan Card, which is now being offered by 43 banks.

Payment System Player:

Payment System Player, or PSP, is a middle man who offers a merchant the ability to accept payments via multiple payment methods. A PSP partners with banks and other financial institutions like e-wallets, adds the capability to accept payments from these organization and offers this service to merchants.

A PSP supports multiple payment methods, relieving the merchant from the hassle of setting up multiple payment methods for the numerous payment methods available. Not only multiple payment methods, a PSP supports multiple currencies as welt establish a global payment network.

From the perspective of UPI, the PSP is a company or entity which provides payment solutions to the banks and the customers. PSPs are the mobile application developers who build their application on the Unified Payments Interface and acquire customer for this application. They link their bank accounts and accept a variety of payment methods for the transactions. Sometimes, banks themselves have a PSP department which handles the payments for them.

Protocol for a successful transaction

1. Transaction initiation using the PSP device by the payer
2. Device authentication using the mobile number
3. A Pay request is initiated to the PSP system of the Payer
4. First factor authentication done by the Payer PSP system
5. NPCI receives a Payment request from the Payer PSP system
6. The Payee address is received by the NPCI
7. A request is sent to the account of the payer to debit the money
8. The financial institute authenticates the bank account details of the payer by matching it with the virtual address provided
9. The money is deducted from the Payers account
10. The financial institution sends a confirmation of Debit to the NPCI
11. NPCI sends a request to credit the debited amount from the Payers address to the Payees address
12. The financial institution in which Payees account exist credits the account with the money
13. The financial institution sends a confirmation of credit to the NPCI
14. NPCI sends Pay response to both the Payee and Payers PSP
15. Payers PSP notifies the Payer.

FIG. 2. Process Map for a successful Transaction.

Protocol to send a Collect request:

1. Collect request initiated using the PSP device by the payee
2. Collect request is sent to the PSP system of the Payee
3. First factor Authentication done by the Payee PSP system
4. NPCI receives Collect request from Payees PSP system
5. The Payers address is received by the NPCI
6. A request is sent to the Payers account to debit the money
7. The financial institute authenticates the bank account details of the payer by matching it with the virtual address provided
8. The money is deducted from the Payers account
9. The financial institution sends a confirmation of Debit to the NPCI
10. NPCI sends a request to credit the debited amount from the Payers address to the Payees address
11. The financial institution in which Payees account exist credits the account with the money
12. The financial institution sends a confirmation of credit to the NPCI
13. NPCI sends Pay response to both the Payee and Payers PSP
14. Payees PSP notifies the Payee.

FIG. 3. Process Map for a successful Transaction.

Conclusion:

The first part of this two part series looked at the Unified Payments Interface, introduced the stakeholders in this technology and explained the payment and collect cycle for a singe request.

The second part of this post will highlight some of the important APIs that are available to be used, look at the value propositions and explore a few use cases of this technology. It will then attempt to compare UPI with bitcoin.

If you don’t know a lot about the bitcoin and blockchain technology and are interested to know more, I would recommend a three part series explaining the concepts and giving in-depth explanation of how the technology works. The links for Part 1, Part 2 and Part 3 are attached.