Professional Documents
Culture Documents
UPI-NPCI Presentation
UPI-NPCI Presentation
What is UPI
The Unified Payments Interface (UPI) offers an architecture and a set of standard
Application Programming Interface (API) specifications to facilitate online payments. It aims
to simplify and provide a single interface across all NPCI systems besides creating
interoperability and superior customer experience.
Instant “Pay” (push) and “Collect” (pull) using single click two factor authentication where
mobile is first factor (what you have) and MPIN/Biometrics (what you know/are) as second
factor.
Ability to use Virtual Payment Addresses(VPA), thus eliminating the need to provide
sensitive account information to merchants or other individuals.
UPI Architecture
Mobile Mobile Internet Mobile
*99# application
3rd Party Apps
application application
3rd Party Apps
(Collect only) Banking (Collect only)
NPCI
Scalable Architecture
*99# Unified Payments Interface
APBS NFS
IMPS AEPS RuPay Ecom
Central Repository NACH
UID-BIN
What is Virtual Payment Address
ReqPay(PAY/COLLECT) ReqPay(Debit)
Account
PSP 1 Provider 1
RespPay RespPay
A/C
UPI providers
live in UPI
ReqAuthDetail RespPay
Pay Transaction
Remitter Bank
ReqAuthDetails
ReqPay 2
1
RespAuthDetails
3
Payer PSP Unified Payee PSP
RespPay ReqTxnConfirmation
Payments 9
8
Interface RespTxnConfirmation
10
B
A
Acquiring Channel Financial
(Mobile App/E-Com) ReqPay credit 6 7 RespPay credit
Non-Financial
Beneficiary
Bank
Collect Transaction
Remitter Bank
4 5 C D
ReqPay debit RespPay debit
ReqAuthDetails
ReqPay 2
1
RespAuthDetails
3
Payer PSP Unified Payee PSP
RespPay ReqTxnConfirmation
Payments 9
8
Interface RespTxnConfirmation
10
B
A
Acquiring Channel Financial
(Mobile App/E-Com) ReqPay credit 6 7 RespPay credit
Non-Financial
Beneficiary
Bank
List of Core APIs
List of Meta APIs
List of Meta APIs
Security features
UPI Solution provides strong end-to-end security and data protection. The key Security
features of the Unified Payments Interface are:
Embedding Device and Transaction related data as salt into the Credential block for each
Transaction to
Prevent the Acquiring PSP to replay the Credential block
Ensure actual device finger print is sent to NPCI for every transaction
Ensure NPCI Common Library is used to Secure Credential capture
To encrypt the sensitive data (credentials like OTP, MPIN, and biometric data) using RSA 2048
public key encryption.
Digital Signature verification of xml payload of public keys before performing the credential
capture.
Types of Applications
Applications that integrate with PSP Apps to collect Payment
UPI
Over
Inter
net
Thank You