UPI ecosystem

-

 

There are three types of participants in the UPI ecosystem.

The Banks


Banks hold your money. UPI works directly with the bank accounts, unlike Paytm, Venmo, or CashApp. The bank account will be debited from or credited to whenever you send money or receive money.

The banks that hold your money are also called Issuing Banks.

Every bank uses a system called Core Banking System (CBS) to manage its user’s accounts. At the core, CBS is a simple CRUD system built around user accounts.

Debit and Credit are the two fundamental operations of core banking software. The debit is when you’re taking money out of your account. The amount involved is subtracted from your balance. On the other hand, when you’re getting paid, its a credit. The money is added to your account.

Banks also maintain another UPI specific database. We will discuss more on that later.


The Payment Apps


Payment Apps are consumer-centric products that can be used to link a bank account and transact in the real world. Some major apps are Google Pay, PhonePe, BHIM, etc. Almost all the banks have their own versions of UPI Apps. There is a wide variety of options to chose from.

Payment Apps allow users to create handles to make everyday transactions easier. However, not everyone can start creating UPI handles. Reserve Bank of India (RBI) regulates who can create UPI handles. Currently, only the member banks of the UPI ecosystem are allowed to do so.

That’s why all the payment apps will have to tie up with banks. These banks not only allow payment apps to create and manage UPI handles for their users, but they are also the interface to the UPI ecosystem.

These banks are called Acquiring Banks.

Google Pay has tied up with HDFC Bank, Axis Bank, and SBI. PhonePe has a tie-up with Yes Bank and ICICI Bank.

Banks provide separate APIs to allow payment apps to create and manage the UPI handles.


NPCI


National Payments Corporation of India (NPCI) is a non-profit set up by the Government of India to facilitate digital payments. They facilitate many payment schemes (like IMPS, BBPS, FASTag, etc.)

If we reflect back on the original objective of UPI, it was to build an interoperable system. An interoperable means anyone could download a payment app, link any bank (that they own), and transact with anyone else from any other bank.

One primitive way of building such an interoperable network would be to connect every payment app with every bank. As you’re probably guessing, that’s a very inefficient way of doing it, even if we assume something like that is possible. It is practically not possible.

And, the only thing that’s constant in the software realm, is the fact that systems keep changing and breaking. Imagine the pain that everyone has to go through in reaching a consensus when configurations or infrastructures change. It would be chaos.

This approach is the same as building an Internet where your browser has to remember the IP address of every possible website on the planet, otherwise, you wouldn’t be able to access it.

Of course, the Internet is not built in this fashion. The job of resolving every web address into an IP address is taken out as a separate protocol called DNS. Our browsers trust the IP address resolved by the DNS servers used by our Internet Service Providers.

Introducing standardization and a trusted third party will result in a completely different architecture.


That’s the route UPI creators took, they made NPCI as the trusted switch and they standardized the protocol. NPCI makes sure that data flow between banks and payment apps are routed to the correct and verified destinations.

The end result, the payment apps, and banks talk just to NPCI and can be assured by NPCI that they are really interacting with who they intend to.

To make this easy to understand, we made a GIF.


Apart from being the trusted router, NPCI also hosts non-financial meta APIs to serve everyone in the ecosystem.

Some examples of meta API are listAccountProviders (returns all details of all banks), validateAddress (helps in validating VPAs), requestOtp (for 2FA), etc.

NPCI has one more important role to play. It’s something to do with settlement. We will cover in the last part of the series.

Before we wrap the first series, let's quickly visit authentication.

Authentication


UPI uses 2-factor authentication. Commonly used factors are the possession factor and the knowledge factor.

UPI being mobile-first, the possession factor (“what a user has”) is the user’s phone. It’s validated using the device fingerprint.

The knowledge factor (“what a user knows”) is the 4 digits or 6 digits UPI PIN.

The authentication scheme is designed to be flexible and can use different authentication factors in the future.

We will learn how these authentication factors are verified in the upcoming articles.

That’s a wrap of the first part of the series.

We hope you enjoyed it. Share it with the intellectually curious folks in your circle. If you have any questions regarding UPI or anything related to Fintech in general, feel free to post them on our forum.

In the next part of the series, we will take a detailed look into how UPI transactions work.

Comments

Post a Comment

Popular posts from this blog

SWIFT MT – SERIAL AND COVER METHOD

-
Image
  SWIFT MT – Serial and Cover Method This is one of the most important articles from SWIFT payments’ perspective and it is critical that you fully understand the concepts laid out here. Payments are cleared and settled via 2 primary methods: Through a payment market infrastructure (PMI) Through correspondent banking Through payment market infrastructure: This is the case where bank A and bank B are direct participants of this PMI aka CSM. IN General usage the concept of serial and cover does not apply here but if you put a gun to my head, I would say is very close to the serial method. Through correspondent banking: This is the case where banks open accounts with each other (Nostro/Vostro) and settle funds directly. The prerequisite here is that banks need to open accounts with each other or in other words they need to have an  accounting relationship  with the other bank. Now, let us try to understand the connection between sending/receiving SWIFT messages and the moveme...
Read more

PAYMENT ENGINES

-
Image
  Payment Engines: I am really excited about this topic as it’s my favorite and the one in which I have the most experience. In this article, we will be discussing about a piece of software called “payment engine” . They are part of the bank’s IT ecosystem and they help banks process hundreds of thousands of payments a day seamlessly. In the previous articles, we discussed the different message types and how banks send these messages to each other. Payment engines help banks to send, receive and process payments. We will discuss only credit transfers here. Direct debits can be parked for the Future. We will approach this subject  without any particular payment engine or message scheme in our minds . Once we get the bigger picture knowing specifics will be much easier. A0501 From a payment engines’ perspective there are 4 types of payments: Incoming Outgoing Book Redirect We will briefly see what these types are and then dive right into the flows. Banks processes each of these ...
Read more

SWIFT MTS – BLOCKS 1 THROUGH 5

-
Image
  SWIFT MTs – Blocks 1 Through 5 We have discussed in our previous article that there are 5 blocks in a SWIFT MT message. Now we will dive deep into each of these blocks and try to understand them in detail. Please save this page for your future reference (At least till 2025) There are some common details and we will try to understand what they are All the blocks start with “{” The Block number or block identifier will be displayed at the very beginning followed by a “:” (Separator) This will be followed by the contents of the block The block will end with a “}” Basic Header Block (Block 1 ) This block is the only mandatory block and contains general information identifying a message.  Let us now dissect the block {1:F01CITIFRPPAXXX0070970817} This can be split into different components ( Split using spaces) {  1  :  F  01  CITIFRPPAXXX  0070 970817} F  – This is application Identifier or AppID . F Indicated that it is a FIN message 01  ...
Read more