Unified Payments Interface (UPI) - Part 2

 


UPI Payments is a very vast domain and covering it through a blog becomes more challenging. This blog aims to give a high-level understanding of UPI Payments in the most structured and organized way. Today world is digitizing at a great pace and hence stress would be laid in bestowing benefits to almost all groups influenced by digital Payments under professional and domestic growth. The topic will focus gradually on exploring the functionality and the mechanism behind this one of the simplest yet secured payment system. 

Unified Payments Interface (UPI) is an instant payment system developed by the National Payments Corporation of India (NPCI), an RBI regulated entity. UPI is built over the IMPS infrastructure and allows you to instantly transfer money between any two parties bank accounts.

Source: https://www.npci.org.in/

Abbreviations

  • PSP - Payment Service Provider
  • VPA - Virtual Payment Address
  • P2P - Person to Person
  • P2M - Person to Merchant

UPI as Four Party Model - Collect

Collect Request: Stephen wants Rs. 500 from Sam. Hence, Stephen will initiate a Collect Request from his PSP to the Sam’s VPA. Sam will receive a request that Stephen has requested for Rs 500 and if Sam approves the Collect Request using MPIN then money will be transferred from Sam’s account to Stephen’s account. 



Step 1: Customer (Payee) has Google Pay PSP and Bank Account with AXIS Bank. The customer initiates the payment collect request using Google Pay. Payee/Acquirer i.e., Beneficiary Bank is AXIS Bank.

Step 2: Customer enters the Payer’s VPA and Enter the desired amount. The request goes to the NPCI.

Step 3: Based on the entered VPA, NPCI routes the transaction to PhonePe. PhonePe is the Payer’s PSP. Payer/Issuer i.e., Remitter Bank is HDFC Bank.

Step 4: PhonePe resolves the VPA and gives a response to the NPCI.

Step 5: NPCI gives instruction to the HDFC Bank for the Debit. Debit Request.

Step 6: HDFC Bank gives the Debit response to the NPCI.

Step 7: NPCI after receiving Debit Response from HDFC Bank, sends the Credit Request to the Beneficiary Bank i.e., AXIS Bank.

Step 8: Beneficiary Bank gives a response to the NPCI with the Credit Response.

Step 9: After receiving the Credit Response, NPCI gives Payment Response to the Payer’s PSP i.e., Google Pay.

Step 10: Customer gets a notification on the PSP App. 


The transaction with Virtual Address - P2M



Step 1: Customer visits the Merchant Website. Let's say Amazon and they purchase something and selects the payment mode as UPI. 

Step 2: Collect Request initiated through the Merchant Server. 

Step 3: Merchant Server request to the Merchant's Bank UPI Server. (Acquirer/Beneficiary Bank)

Step 4: Acquiring Bank's UPI Server requests to the NPCI. 

Step 5: NPCI sends the Debit Request to the Payer PSP through Issuing/Remitter Bank.

Step 6: Customer receives a notification in the PSP. Now customer approves the request using the correct UPI PIN. The UPI PIN is a set of 4/6 digit secret numerical code which was set at the time of onboarding.

Step 7: This Approval is sent to the Acquirer Bank's UPI Server via Issuer PSP/Bank and NPCI. 

Step 8: Acquirer Bank's UPI Server responds to the Merchant's server about approval.

Step 9: The Payment confirmation displays on the Merchant's Website.

Fact: Let it be any PSP Application, we see that the page where we enter the UPI PIN looks exactly similar. Not a bit of difference. It is because, due to a security point of view, NPCI has mandated all the PSP Apps to use NPCI's page for creating/changing/entering the UPI PIN.   

Q1. Sponsor Bank and their role in the flow.

Let us understand the difference between Sponsor Bank, Remitter Bank and Beneficiary Bank. Sponsor Bank: As we know any fintech company can create an app like PhonePe/GPay/Amazon Pay but they are not a Bank registered under RBI guidelines and hence they cannot do the financial transaction on their own. They need an RBI Registered sponsor bank to deal with money. Example PhonePe — YesBank is the sponsor bank for PhonePe and has a partnership agreement. For merchant transactions, YesBank is considered as VPA issuer (@ybl) and any share of MDR earned goes to YesBank, which might have a commercial deal with PhonePe. Now PhonePe has multiple sponsor banks like ICICI (@ibl) and Axis Bank (@axl). The same way Amazon Pay's sponsor bank is Axis Bank (@apl), GPay's sponsor bank is Axis (@okaxis), ICICI (@okicici), HDFC (@okhdfcbank), SBI (@oksbi) Remitter Bank (Payer/Issuer Bank):  The payer's bank. Now the case may be, you have a bank account in HDFC, Using PhonePe and for PhonePe Sponsor Bank is ICICI. You can onboard yourself on PhonePe using your HDFC Bank details and can pull/push money. Beneficiary Bank (Payee/Acquiring Bank): The payee's bank. Now the case may be, you have a bank account in HDFC (Payer/Issuer), Using PhonePe and for PhonePe Sponsor Bank is ICICI. You can onboard yourself on PhonePe using your HDFC Bank details and send money to your friend having an account in the AXIS Bank (Acquirer/Beneficiary) on GPay PSP with Sponsor Bank SBI.

Q2. Whether the VPA resolution and linkage lies with them or the NPCI?

If the Address has global identifiers (Mobile number, Aadhaar number or Account number) then the Payee Address is resolved by NPCI central Mapper. 

If the Address has a virtual address offered by Payee’s PSP, then NPCI will send the request to Payee’s PSP for address translation.


============================================================================

Part - 3 will cover the following topics

1) Reconciliation

2) Deemed Transactions

3) APIs

4) Financial Benefits

5) Use Cases


Note: A request to the payment fraternity specially UPI, If you observe any mistake, kindly let me know through your valuable feedback in the comment section when you visit this page.  

I have received few questions in the Comment section of Part 1 and on the LinkedIn post. I will certainly cover those in the coming parts. I am intentionally keeping the article short.

If you like this post please follow me on LinkedIn and this Blog.

LinkedIn: https//www.linkedin.com/in/ineerajsingh

 





Location: Mumbai, Maharashtra, India

Comments

  1. Anand BushanamurthyJune 13, 2021 at 8:21 AM

    This comment has been removed by the author.

    ReplyDelete
  2. Anand BushanamurthyJune 13, 2021 at 8:40 AM

    Hi Neeraj
    Its a wonderful post congratulations. This will definitely help lot of people to better the understanding on UPI.

    I have 2 observations, thought will enrich your content further

    1. Request you to revisit on step 1 of UPI on 4 Party model - Collect, assume you are referring axis bank as payee bank as per your example

    2. Also the VPA issuer otherwise referred as handle in UPI terms :)

    Hope this would helpful

    Regrds
    Anand B

    ReplyDelete
    Replies
    1. Neeraj SinghJune 13, 2021 at 12:17 PM

      Hi Anand, another reader has also highlighted the 1st observation. Thank you for reading carefully and letting me know the gaps. As I always say, none of my articles are complete without readers feedback. I will certainly rectify it shortly and as you correctly said that Handle is more correct word to be used.

      Thank you again for your feedback.

      Regards,
      Neeraj

      Delete
  3. Niket1105June 14, 2021 at 8:08 AM

    A few suggestions from my end.

    1. Include the device binding flow to make people understand on how user authentication is done before they are allowed to link accounts. This can be further elaborated on security at transaction level also.

    2. I can see you will be explaining deemed transactions in next article. People who have not worked on financial products may not understand difference between pending and deemed this will be interesting to read.

    3. You may want to include multibank vs single sponsor bank model.

    ReplyDelete
  4. AnonymousOctober 1, 2024 at 7:55 AM

    Thanks for the detailed explanation. Could you also share the link of UPI payments part 3

    ReplyDelete

Post a Comment

Popular posts from this blog

3D Secure (Online / Card Not Present / eComm) Transaction Flow

Image
  While making an online payment, have you ever seen any of the following on the OTP page, depending on the card network you use? Visa - Verified by Visa Mastercard - Mastercard SecureCode American Express (Amex) - Safekey Discover and Diners Club International (DCI) - ProtectBuy Have you ever wondered what these mean? All of them are the proprietary names given by their own networks. Basically they are the 3D Secure protocol.😀 Let us decode them today in this article in the simplest form possible (only functional). I will explain the step-by-step transaction flow of eCommerce / Card Not Present (CNP) / Online transactions. When you see any of the above logo on the web page where you are making a payment, it means that your transaction is protected by the 3D Secure protocol. This security protocol adds an additional layer of authentication for online transactions to reduce fraud. If a transaction has happened on 3D Secure protocol, then in case of Chargeback, liability is shifted to
Read more

Card Payments - Part 1 (Auth)

Image
  Image Courtesy:https://paytechlaw.com/ Card Payments is a very vast domain and covering it through a blog becomes more challenging. This blog aims to give a high-level understanding of Card Payments in the most structured and organized way. Today world is moving at a great pace and hence stress would be laid in bestowing benefits to almost all groups influenced by Card Payments under professional and domestic growth. The topic will focus gradually on exploring the functionality and the mechanism behind this one of the most used methods of the payment system.   Participants Acquirer An Acquirer is a financial institution that processes transactions on behalf of a merchant. It holds the merchant's bank account and facilitates the acceptance of payment cards. Merchant A merchant refers to a business, either physical (Card Present) or online (Card Not Present), where a customer makes a purchase using a card issued by a financial institution (Issuer). The Point of Sale (POS) terminal
Read more

Decoding Basic Structure of ISO8583 (MTI, Bitmap and Data Elements)

Image
The way we speak in a certain language to make our life easier by communicating with each other, payments also have various languages. For Card Payment it is ISO8583. This language keeps the Card Payment world connected with each other. Let us try to understand the basic structure of this beautiful language in the simplest form ever.  Imagine an ISO8583 message as a structured sentence where different parts tell a story about a transaction. Each message is made up of 1/  MTI (Message Type Indicator) - Like a title it tells you what type of message it is (e.g. a payment request) 2/  Bitmap - A map that shows which parts of the message are included 3/  Data Elements - The actual details of the transaction like the card number, amount and date etc Detailed Explanation 1/ Reading the MTI (Message Type Indicator) The MTI is a 4 digit code that specifies the type of message. For example, 0200 indicates a financial transaction request (authorization) 1.1/ Breakdown of 0200: 0 - Tells you whi
Read more