Scribd Logo
Upload

Welcome to Scribd!

  • UPI-NPCI Presentation

    Uploaded by

    Amr Khater
    295 views17 pages
    The document provides an overview of the Unified Payments Interface (UPI) in India. UPI allows for instant funds transfer between bank accounts using a virtual payment address instead of bank account details. It supports both "Pay" and "Collect" transactions through a single interface. Key features include a standardized API, interoperability across banks, and strong security measures like device fingerprinting and digital signatures.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides an overview of the Unified Payments Interface (UPI) in India. UPI allows for instant funds transfer between bank accounts using a virtual payment address instead of bank account details. It supports both "Pay" and "Collect" transactions through a single interface. Key features include a standardized API, interoperability across banks, and strong security measures like device fingerprinting and digital signatures.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    295 views17 pages

    UPI-NPCI Presentation

    Uploaded by

    Amr Khater
    The document provides an overview of the Unified Payments Interface (UPI) in India. UPI allows for instant funds transfer between bank accounts using a virtual payment address instead of bank account details. It supports both "Pay" and "Collect" transactions through a single interface. Key features include a standardized API, interoperability across banks, and strong security measures like device fingerprinting and digital signatures.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 17

    Unified Payments Interface (UPI)

    What is UPI

     The Unified Payments Interface (UPI) offers an architecture and a set of standard
    Application Programming Interface (API) specifications to facilitate online payments. It aims
    to simplify and provide a single interface across all NPCI systems besides creating
    interoperability and superior customer experience.
    Instant “Pay” (push) and “Collect” (pull) using single click two factor authentication where
    mobile is first factor (what you have) and MPIN/Biometrics (what you know/are) as second
    factor.
    Ability to use Virtual Payment Addresses(VPA), thus eliminating the need to provide
    sensitive account information to merchants or other individuals.
    UPI Architecture
    Mobile Mobile Internet Mobile
    *99# application
    3rd Party Apps
    application application
    3rd Party Apps
    (Collect only) Banking (Collect only)

    Banks Banks Banks


    Standard Interface Standard Interface Standard Interface

    Payment System Players (PSP)

    NPCI
    Scalable Architecture
    *99# Unified Payments Interface

    APBS NFS
    IMPS AEPS RuPay Ecom
    Central Repository NACH
    UID-BIN
    What is Virtual Payment Address

     “Payment Address" is an abstract form to represent a handle that uniquely identify an


    account details in a “normalized" notation
     Virtual Payment Addresses are denoted as “account@provider“
     PSPs can allow their customers to create any number of virtual payment addresses and
    allow attaching various authorization rules to them.
     PSPs may offer “one time use” addresses or “amount/time limited” addresses or "limit to
    specific payees" addresses to customers
    Examples of Virtual Payment Address

    A user id provided by PSP, resolved directly by that PSP, is represented as user-id@psp-


    code (e.g. joeuser@mypsp)
    IFSC code and account number combination, resolved directly by NPCI, is represented
    as
    account-no@ifsc-code.ifsc.npci (e.g. 1234500000000001@HDFC0000001.ifsc.npci)
    Aadhaar number, resolved directly by NPCI using existing Aadhaar to bank mapper, is
    represented as
    aadhaar-no@aadhaar.npci (e.g. 234567890123@aadhaar.npci)
    UPI – Message Flow

    ReqPay(PAY/COLLECT) ReqPay(Debit)
    Account
    PSP 1 Provider 1
    RespPay RespPay

    A/C
    UPI providers
    live in UPI

    RespAuthDetail ReqPay(Credit) Account


    PSP 2 Provider 2

    ReqAuthDetail RespPay
    Pay Transaction

    Remitter Bank

    ReqPay debit 4 5 RespPay debit

    ReqAuthDetails
    ReqPay 2
    1
    RespAuthDetails
    3
    Payer PSP Unified Payee PSP
    RespPay ReqTxnConfirmation
    Payments 9
    8
    Interface RespTxnConfirmation
    10
    B
    A
    Acquiring Channel Financial
    (Mobile App/E-Com) ReqPay credit 6 7 RespPay credit
    Non-Financial
    Beneficiary
    Bank
    Collect Transaction

    Remitter Bank

    4 5 C D
    ReqPay debit RespPay debit
    ReqAuthDetails
    ReqPay 2
    1
    RespAuthDetails
    3
    Payer PSP Unified Payee PSP
    RespPay ReqTxnConfirmation
    Payments 9
    8
    Interface RespTxnConfirmation
    10
    B
    A
    Acquiring Channel Financial
    (Mobile App/E-Com) ReqPay credit 6 7 RespPay credit
    Non-Financial
    Beneficiary
    Bank
    List of Core APIs
    List of Meta APIs
    List of Meta APIs
    Security features
     UPI Solution provides strong end-to-end security and data protection. The key Security
    features of the Unified Payments Interface are:

     Device Fingerprinting during the registration process

     Credential Capture through NPCI Common Library

     Credentials encrypted by using RSA 2048 Asymmetric Encryption

     The decryption/encryption at NPCI will be performed through HSM

     Message communication between PSPs and UPI over HTTPS

     All messages are digital signed using SHA2 with RSA.


    NPCI Common Library
     NPCI common library will be distributed to PSP’s for all the three major mobile operating
    systems viz. Android, iOS & Windows.

     Common library has the following security features:


    Capture the credentials securely

    Embedding Device and Transaction related data as salt into the Credential block for each
    Transaction to
     Prevent the Acquiring PSP to replay the Credential block
     Ensure actual device finger print is sent to NPCI for every transaction
     Ensure NPCI Common Library is used to Secure Credential capture

    To encrypt the sensitive data (credentials like OTP, MPIN, and biometric data) using RSA 2048
    public key encryption.

    Digital Signature verification of xml payload of public keys before performing the credential
    capture.
    Types of Applications
     Applications that integrate with PSP Apps to collect Payment

     Web App, Desktop App, Mobile App etc


     Re-imagine various use cases that can move to cashless through UPI
     Sample PSP App/PSP Server provided by NPCI may be used
     When developing mobile app, deep link to sample PSP app
     Common Library will be part of Sample PSP and should not be directly used

     PSP application itself which is provided to consumers/Merchants

     PSP server including optional interface/sdk for merchants


     PSP mobile app for consumers by embedding Common Library
    Sample Mobile App Flow – In app Payment

    If UPI enabled APP is not


    available user will be
    routed to
    playstore/website to
    merchant preferred PSP
    APP
    Sample Mobile App Flow – Collect Pay

    UPI
    Over
    Inter
    net
    Thank You

    You might also like