ONLINE PAYMENTS AND UPI

Submitted in partial fulfillment of the requirements of the degree of

BACHELOR OF COMPUTER ENGINEERING

By

Saurabh Bhoir
Suyash Bagwe

Nisarg Barot
Pratik Chaudhari

Shreyas Bhalerao

Siddhant Borade

Under the Guidance Of

Prof. Jisha K.R

Department of Computer Engineering

A. P. SHAH INSTITUTE OF TECHNOLOGY, THANE
(2022-2023)

1
 A. P. SHAH INSTITUTE OF TECHNOLOGY

CERTIFICATE
This is to certify that the Book Report entitled “Online Payments and UPI” is a
bona fide work of Saurabh Bhoir, Suyash Bagwe, Nisarg Barot, Pratik Chaudhari,
Shreyas Bhalerao, Siddhant Borade submitted to the University of Mumbai in
partial fulfillment of the requirement for the award of the degree of Bachelor of
Engineering in Computer Engineering.

_________
Prof. Jisha K.R
Subject Incharge

________

Head of Department

2
 Declaration
We declare that this written submission represents my ideas in my own words and where others'
ideas or words have been included, I have adequately cited and referenced the sources. I also
declare that I have adhered to all academic honesty and integrity principles and have not
misrepresented, fabricated, or falsified any idea/data/fact/source in my submission. I understand
that any violation of the above will be cause for disciplinary action by the Institute and can also
evoke penal action from the sources which have thus not been properly cited or from whom
proper permission has not been taken when needed.

-----------------------------------------
Saurabh Bhoir

-----------------------------------------
Suyash Bagwe

-----------------------------------------
Nisarg Barot

-----------------------------------------
Pratik Chaudhari

3
 --------------------------------------------

Shreyas Bhalerao

--------------------------------------------
Siddhant Borade

Date:

4
 Acknowledgment
We have great pleasure in presenting the book report on Human Machine Interaction. We take
this opportunity to express our sincere thanks to our Department of Computer Engineering,
APSIT thane for providing the technical guidelines and suggestions regarding the line of work.
We would like to express our gratitude for his constant encouragement, support, and guidance
throughout the development of the project. We thank Prof. Sachin Malave Head of Department,
Computer Engineering, APSIT for his encouragement during the progress meeting and for
providing guidelines to write this report. We also thank the entire staff of APSIT for their
invaluable help during this work. We wish to express our deep gratitude to all our colleagues at
APSIT for their encouragement.

Student Name 1: Saurabh Bhoir

Moodle ID: 20102076

Student Name 2: Suyash Bagwe

Moodle ID: 20102143

Student Name 3: Nisarg Barot

Moodle ID: 20102032

Student Name 4: Pratik Chaudhari

Moodle ID: 20102

Student Name 5: Shreyas Bhalerao

Moodle ID: 20102048

Student Name 6: Siddhant Borade

Moodle ID: 20102061

5
Table Of Contents:

Sr. Pg.
no. Chapter no.

1 Abstract 8

2 Introduction 9-12

3 Origin of UPI 13-15

4 Working of UPI 16-19

5 Securities in UPI 20-22

6 UPI in Day-to-day life 23-25

7 Advantages and disadvantages 26-27

8 Conclusion 28

9 References 29

List of Figures:

6
 Chapter Pg.
no. Figure no.

1 1.1-E-Payment Method (QR Code) 9

3 3.1- Payment Service Players 17-18

3.2- Process of Transaction using UPI

4 4.1- Safety Shield in UPI 20-21

4.2- Transaction using UPI application

ABSTRACT

In this new era where the internet has become prevalent and affordable, almost
everyone has access to online banking services. This has led to tremendous
growth in the usage of internet banking and online transactions. With the internet
7
banking platforms of NEFT (National Electronic Fund Transfer) and
IMPS(Immediate Payments System) more and more users have started the use the
internet to perform their online transactions. With the use of Debit/Credit cards,
many users were able to make online payments securely to e-commerce websites.
But these transactions were easier if done through a computer and most
smartphone users could not perform these transactions. With the increasing
affordability of smartphones and the continuously reducing prices of mobile
internet, the government felt that internet banking has to come from a few
computer users to the palms of everyone’s hands. So to increase the use of online
cashless payments and increase the security of the payments, the Government of
India introduced UPI (Unified Payments Interface). UPI is an advanced and
affordable form of IMPS. This is a payments interface that allows money to be
transferred to two bank accounts instantly. UPI applications allow users to link
multiple bank accounts of different banks in one application. This allows users to
manage their funds in different bank accounts seamlessly. The ability of users to
use P2P (Peer to Peer), P2B (Peer to Business), and B2P (Business to Peer)
business models allow them to implement hassle-free payments for everyone. The
use of QR codes and VPA (Virtual Payment Address) gives a unique ID to
everyone and requires only a working bank account to use them. Security is an
important aspect of the UPI system. Various techniques are implemented to ensure
a safe and secure environment for all of its users.
Keywords: Digital Payment, Retail Payment, UPI, Digital Transactions, NPCI

CHAPTER 1
Introduction

Payment is the transfer of money, goods, or services in exchange for goods

and services in acceptable proportions that have been previously agreed upon by
8
all parties involved. Payment can be made in the form of services exchanged,
cash, check, wire transfer, credit card, debit card, or cryptocurrency. Today's
monetary system allows for payments to be made with currency. Currency, which
has simplified the means of economic transactions, provides a convenient
medium through which payments can be made, and it can also be easily stored.
Before the widespread use of currency and other payment methods, barter
payments were used in which one product or service was exchanged for another.
For example, if an egg farmer with a large surplus of eggs wanted milk, the
farmer would need to find a dairy farmer who would be willing to take eggs as
payment for milk. In this case, if a suitable dairy farmer weren't found in time,
not only would the egg farmer not get the milk, but the eggs would spoil,
becoming worthless. Currency, on the other hand, maintains its value over time.
However, bartering is still practiced today when companies want to exchange
services with one another. Payments can be the transfer of anything of value or
benefit to the parties. An invoice or bill typically precedes a payment. Payees
usually get to choose how they will accept payment. However, some laws require
the payer to accept the country's legal tender up to a prescribed limit. Payment in
another currency often involves additional foreign exchange transaction fees,
usually around 2–3% of the total payment being made, but could be quite a bit
higher depending on the bank or card issuer and country of purchase.

Fig 1.1: E-payment Method (QR code)

Payment Methods
Payments are made using various methods. Throughout history, these types of
payments have changed and evolved, and new payment methods are likely to
appear in the future. Here are the most common types of payments used today.
1. Cash Payments:
Cash is the most widely used payments methods in India and is still
used for many businesses, such as the retail industry. Coffee shops and
convenience stores, for example, still accept cash payments. Considering
9
 the fees associated with debit and credit cards, many retail small businesses
prefer cash payments from their customers. Cash has its disadvantages, as it
can be lost, stolen, or destroyed. Businesses dealing in large transactions
must often incur additional expenses to pay for related security measures
such as secured transit or fraud detection.

2. Credit and Debit Cards:

Credit cards are widely used for purchases and payments. Credit
cards work by offering its user a line where an individual can draw credit
up to a certain limit. When you attempt to use your credit card, your
account information is sent to the merchant bank. The merchant bank then
receives authorization from the credit card network to process the
transaction. Debit cards may look similar to credit cards, but their
underlying mechanism is entirely different. When a debit card is used,
funds are immediately withdrawn from an individual's account. Instead of
having a line of credit that you can pull from more than what you have
saved, debit card transactions can be declined if you do not have enough
money in your account.

3. Electronic Fund Transfers and Mobile Phones:

A Digital payment, also known as electronic payment, is a transfer of
money from one account to another using an electronic medium. So, there
is no exchange of physical money or instruments like cash, cheque, etc.
However, you should know that digital payment is not limited to online
payments as it also covers payments made on brick-mortar premises, at a
physical location. For example, payment is done through UPI to the grocery
store or salon also qualifies for digital payment. The contactless payment
technology that has emerged in recent years has made payments easier than
ever. The credit or debit card machine—called a point of sale terminal
(POS)—can read the customer's banking information through the software
application that's installed on the mobile device. Once the phone reads the
information from the POS terminal, a signal is generated to inform the
customer that the payment has been made.

Online Payment Methods in India

10
 Online payments have developed a lot since their introduction by the
Government of India. The Government of India's flagship program 'Digital India'
that aims to transform India into a digitally empowered society and knowledge
economy, the government has been taking several measures to promote digital
payments in the country. India's digital leap is further augmented by the
announcement Finance Minister Nirmala Sitharaman made during her Budget
2022 speech to set up 75 digital banking units in 75 districts. It also stated the
inclusion of all 1.5 lakh post offices under the core banking system, digital
currency, and financial support to promote the use of digital payments. The
government measures indicate its commitment towards a "Faceless, Paperless,
Cashless" economy. With the Digital India program, many payment methods have
been introduced by the government. Some of the are:
1. Electronic Clearing Service (ECS)
ECS payment was introduced in India by the RBI during the 1990s. Since,
its introduction, the platform has grown more robust and scaled to handle large
volumes. ECS payments are used to handle bulk and repetitive payment like
salary, interest, and dividend payments of companies, corporates, and institutions.
Using the ECS payment system, customer accounts can be credited on a specified
date for a specific amount.
2. National Electronic Funds Transfer (NEFT)
The NEFT payment system was introduced in 2005 to facilitate one-to-one
fund transfers. NEFT payment system can be used by both individuals and
corporates. NEFT system processes payments in batches at hourly intervals, thus
providing near real-time settlement of funds from one party to another. There is
no minimum or maximum limit on the number of funds that can be transferred
through NEFT.
3. National Electronic Clearing Service (NECS)
In September 2008, the Bank launched a new service known as National
Electronic Clearing Service (NECS), at National Clearing Cell (NCC), in
Mumbai. NECS (Credit) facilitates multiple credits to beneficiary accounts with
destination branches across the country against a single debit of the account of the
sponsor bank. The system has a pan-India characteristic and leverages on Core
Banking Solutions (CBS) of member banks, facilitating all CBS bank branches to
participate in the system, irrespective of their location across the country.
4. Real Time Gross Settlement (RTGS)

11
 In the RTGS system, funds are transferred from one bank account holder to
another on a “real-time” and a “gross” basis. Settlement in the RTGS system
happens in “Real Time” on a one-on-one basis and there is no bunching or
batching like the NEFT system, wherein payments are processed in batches. Once
payment is processed through the RTGS system, it cannot be undone and is final
and irrevocable. RTGS system has been operational since 2004 and is used for
settling inter-bank payments.
5. Regional ECS (RECS)
Similar to NECS, RECS operates as a miniature of NECS confined to the
bank branches within the jurisdiction of a regional office of RBI. The RECS
system is available in Ahmedabad, Bengaluru, Chennai, and Kolkata regions.
Under the system, the sponsor bank will upload the validated data through the
Secured Web Server of RBI containing credit/debit instructions to the customers.
The RECS center will process the data, arrive at the settlement, to provide
credit/debit to the accounts of beneficiaries by using the Core Banking System put
in place by the bank.
6. Electronic Clearing Service (ECS) Debit
ECS (Debit) system helps with effecting periodic and repetitive collections
of bills from consumers. ECS (Debit) facilitates consumers to subscribe to the
services of companies and make routine and repetitive payments by ‘mandating’
bank branches to debit their accounts and pass on the money to the companies.
There is no limit on the minimum or maximum amount of payment through the
ECS debt system.

CHAPTER 2
Origin Of UPI
Introduction to UPI: -
Unified Payments Interface (UPI) is an instant real-time payment system
developed by the National Payments Corporation of India (NPCI). The interface
facilitates inter-bank peer-to-peer (P2P) and person-to-merchant (P2M)
transactions. It is used on mobile devices to instantly transfer funds between two

12
bank accounts. It runs as an open-source application programming interface (API)
on top of Immediate Payment Service (IMPS) and is regulated by the Reserve
Bank of India (RBI). As of February 2022, there were 304 banks available on the
platform with a monthly volume of 4.52 billion transactions amounting to ₹8.26
lakh crore (US$100 billion). UPI witnessed 68 billion transactions until November
2021. The mobile-only payment system helped transact a total of ₹34.95 lakh
crore (US$440 billion) during the 67 months of operation starting from 2016. As
of May 2021, the platform has over 10 crores (100 million) monthly active users
in India. The proportion of UPI transactions in the total volume of digital
transactions grew from 23% in 2018–19 to 55% in 2020–21 with an average value
of ₹1,849 per transaction. Digital transactions worth ₹8.31 lakh crore were made
via the platform in January 2022. In FY 2021–22, the value of transactions
crossed $1 trillion.
Origin: -
In April 2009, the National Payment Corporation of India was formed to
integrate all the payment mechanisms in the country and make them uniform for
retail payments. By March 2011, RBI found out that in India only six non-cash
transactions happen every year per individual citizen while 10 million (1 crore)
retailers accept card-based payment. Around 145 million (14.5 crores) families
have no access to any form of banking. There is also the problem of tackling black
money and corruption that happens mostly in cash. RBI 2012 released a vision
statement for a period of four years that indicated commitment towards building a
safe, efficient, accessible, inclusive, interoperable, and authorized payment and
settlement system in India. It is part of the Green Initiative to decrease the usage
of paper in the domestic payments market. UPI was officially launched in 2016
for public use. Under RBI guidance, NPCI became the primary body tasked with
developing a new payment system that is simple, secure, and interoperable. UPI
works on four pillar push-pull interoperable model where there will be a
remitter/beneficiary front-end PSP (payment service provider) and a
remitter/beneficiary back-end bank that settles the monetary transaction for the
users. According to the CEO of Netmagic Solutions, UPI became one of the most
successful deep-tech innovations coming out of India. UPI’s value grew by 700%
in 2018.
In December 2019, noting the success of UPI, Google suggested Federal
Reserve Board follow UPI as an example in developing FedNow, a real-time
payment system for the United States. With the exponential growth of UPI, India
became the world's largest real-time payment market with 25.50 billion (25.5

13
billion) annual transactions in 2020 per data from ACI Worldwide and
GlobalData, ahead of China and United States. As per the Economist Intelligence
Unit Report 2021, UPI made India a leader in the global real-time payment market
followed by China and South Korea. After the decision of the Ministry of Finance
to nullify the merchant discount rate (MDR) in 2019 from UPI, the number of
low-value transactions skyrocketed making huge gains on real-time transaction
volume data. Nations such as Brazil, Bahrain, Saudi Arabia, Singapore, the United
States, and European Union are now trying to emulate the success of UPI in their
market. From January 1, 2019, UPI became a popular payment option for initial
public offerings (IPOs). The transaction limit was enhanced from ₹100,000 to
₹200,000 in March 2020. From December 2021, RBI again increased the limit to
₹500,000 for Retail Direct Scheme and IPO applications. To make UPI
economically feasible for payment companies, RBI is considering a merchant
discount rate (MDR) on future UPI transactions. In its first monetary policy for
the financial year 2022–23, RBI proposed a cardless cash withdrawal facility from
ATMs using UPI-based QR codes. In partnership with NSDL Payments Bank and
NPCI, Ton eTag launched VoiceSE which will enable 40 crore feature phone
users to make UPI payments using voice in Hindi, Tamil, Telugu, Malayalam,
Kannada, and Bengali languages. New methods were included in 2019 for better
improvement and easy access to internet transactions. These new methods
introduced by NPCI are: -
UPI 2.0
On 16 August 2018, UPI 2.0 was launched which enabled users to link their
overdraft accounts to a UPI handle. Users were also able to pre-authorize
transactions by issuing a mandate for a specific merchant. This version also
included a feature to view and store the invoice for the transactions. An AutoPay
facility for recurring payments was also added. As of August 2021, State Bank of
India, Bank of Baroda, and Paytm Payment Bank are live on UPI AutoPay each
registering 660,000, 204,000, and 186,000 mandates, respectively. NPCI is
planning to expand AutoPay to international markets and operationalize a real-
time payment dispute resolution mechanism covering 90% of the complaints by
September 2022. From 8 June 2022, RBI allowed linking RuPay credit cards with
UPI. Customers can now make credit card payments using UPI, in the absence of
a physical card. NPCI is working on a real-time feature that will reduce the 24
hours taken by banks to unblock funds over time-out or transaction decline to 30
seconds. The service was officially launched on 20 September 2022.
UPI 123PAY

14
 As part of the financial inclusion initiative, NPCI with fintech start-up
Naffa Innovations with their product ToneTag in 2021 started working on
developing a voice-based payment service for feature phone users in low
connectivity zones over the UPI payment ecosystem under the Interactive Voice
Response (IVR) project. The system will use Dual Tone Multi-Frequency
(DTMF) signaling technology with two-factor authentication (2FA) flow for peer-
to-peer (P2P) transactions. From September 2020 to June 2021, it was under beta
testing while awaiting RBI approval for large-scale deployment. The beta testing
and pilot experiment were completed by October 2021 and RBI started
formulating guidelines for nationwide use. RBI governor, Shaktikanta Das
launched the service called UPI 123PAY on 8 March 2022, to help almost 40
crores (400 million) feature phone users in the country. Till now, UPI payments
were only possible through payment applications on smartphones and USSD-
based services for feature phones. But as per deputy governor T Rabi Shankar the
latter is cumbersome due to the unavailability of the services on several mobile
networks.
UPI 123PAY has four options for payment.
1. App-based functionality where a mobile phone manufacturer can install UPI
app through over-the-air programming, that can be used for payment.
2. Missed calls based on which customers can use dedicated merchant payment
numbers by giving a missed call. The incoming authentication call will ask for
PIN verification to complete the transaction.
3. Interactive Voice Response (IVR) based where the payment transaction will
complete using pre-defined phone numbers.
4. Payment in offline mode through sound-based proximity data communication.
As per NPCI, some of the early use cases involve FASTag recharges,
insurance payments, and EMI collections. As of 20 September 2022.

CHAPTER 3
Working of UPI
Working and Architecture of UPI:

15
 UPI runs on a unified interface developed and operated by NPCI. Using
IMPS and the Aadhaar Enabled Payment System, this common layer facilitates
transactions and ensures settlement across bank accounts (AEPS). Businesses,
financial firms, and other organizations that offer UPI services communicate to
the NPCI's unified interface via standard APIs to enable transactions from Virtual
Payment Addresses without sharing account information or credentials. In UPI
solution, payment authentication and authorization are always done using a
personal phone. Since this layer offers a unified interface, any-to-any
interoperable payments can be accomplished using the standard set of APIs.
Some of the key APIs to operate UPI transactions are:
1. Payment API: This serves as the primary API for transaction routing, and it is
used to initiate Pay Requests (Push Payment) and Collect Requests (Pull
Payment). The API contains information about the remitter and the beneficiary.
2. Authorisation and address translation APIs are used to obtain appropriate
authorization details and translate the specific Virtual Payment Address to
common global addresses (Bank Account Number and IFSC Code, Aadhaar
number). This enables users to simply provide such virtual (tokenized) addresses
to others (individuals, entities, etc.) without disclosing actual account information.
3. Keys List APIs: These APIs allow various entities in the UPI ecosystem to
securely capture and communicate credentials to authenticate transactions. These
APIs are used to request and cache the list of public keys for account providers
and other entities. At capture time, trusted and certified NPCI libraries and
utilities are used for credential capture and PKI public key encryption.
Payment Service Payers:
Customers can use UPI Apps provided by Payment Service Players to access UPI
payment services (PSP). Banks, Payments Banks, and other third-party software
providers of banks are among the PSPs that acquire customers and provide UPI
payment services via their UPI PSP mobile apps. These PSP UPI apps make use
of UPI libraries and utilities to help customers register, create Virtual Payment
Addresses (UPI IDs), and provide payment services. Customers are not required
to use their own bank's PSP UPI App and may use the PSP UPI App of any bank.
Furthermore, the Payer and Payee PSP UPI apps may differ. The PSP UPI App
allows users to conduct the following types of transactions
1) Non-Financial Transactions include customer registration on the UPI platform,
Virtual Payment Address creation, Set and Change MPIN, OTP requests, and

16
bank balance check. Customers can also raise disputes or check the status of a
transaction from the PSP UPI App in case of any issues.
2) Financial Transactions include Push and Collect payments based on Virtual
Payment Addresses, Push transactions based on Account Numbers and IFSC Code
and Push transactions based on Aadhaar Numbers

Fig 3.1: Payment Service Players

Steps For making UPI Transactions:

1) Registration of Customers
a) Users can download any PSP UPI application from AppStore platforms such as
Google Play or Apple App Store on a mobile phone with a registered bank mobile
number.

17
b) The PSP UPI application will automatically send an encrypted outward SMS
from the user's mobile phone to validate the mobile number registered with the
user's bank and enable hard binding of the mobile device to the mobile number.
The device's hard binding functions as a device fingerprint.
c) Users can now create unique Virtual Payment Addresses (for example,
abc@xyzbank), which will serve as their payment ID.

Fig 3.2: Process of transaction using UPI

2) Opening a Bank Account

a) Users can use the PSP UPI App to link their bank accounts. The issuing bank
authenticates the registered mobile number and provides a list of all bank accounts
associated with the mobile number, which is displayed to the user on the PSP UPI
App.
b) The PSP records the account information received from the Issuer Bank in its
database. At this point, the PSP Database contains information such as the
Registered Mobile Number, Virtual Payment Address, User Name on the PSP UPI
App, and Bank Name, Account Number, and IFSC Code.
c) The user must now generate a Mobile Personal Identification Number (MPIN)
to authenticate the transactions. The PSP UPI App sends an OTP Request to NPCI
for the newly added account. The NPCI requests an OTP from the Issuer Bank,
and the Issuer Bank sends the OTP via SMS to the user's registered mobile
number.

18
d) To verify the user's identity, the user is required to enter the last six digits of the
debit card number, the expiry date, and the OTP received on the registered mobile
number. To create an MPIM, the user enters the desired MPIN into the NPCI
library embedded in the PSP UPI app.
e) The Issuer Bank authenticates the Card details and OTP, and the UPI PSP
application sends this MPIN to NPCI, which then sends it to the Issuer Bank by
encrypting it with the public key using PKI. The Issuer bank uses its Private Key
to decrypt the encrypted MPIN and confirms the MPIN setting.
3) Transaction Flow
a) To make a Push Payment (Pay Request), the user must enter the beneficiary's
Virtual Payment Address, Account Number, IFSC Code, or Aadhaar Number.
b) The user enters the MPIN on the embedded NPCI Libraries in the PSP UPI
App. MPIN is encrypted with the NPCI public key before being sent to UPI,
which is decrypted with the NPCI private key. NPCI encrypts the MPIN once
more with the Issuer Bank's Public Key and sends it to the Issuer Bank, which
decrypts the MPIN with its own Private Key. The MPIN is then authenticated by
the Issuer Bank, which debits the Remitter's bank account and credits the
Beneficiary's bank account.
c) Similarly, in the case of a Pull Payment (Collect Request), the user submits a
Collect Request by entering the Payer's Virtual Address. The Beneficiary's PSP
UPI App sends the request to NPCI, who forwards it to Remitter's PSP for
resolution and authorization.
d) To authenticate the payment, the payer must enter his or her MPIN into the
Payer PSP UPI App. The amount is debited from the Payer's bank account and
instantly credited into the Beneficiary's bank account upon successful MPIN
authentication by the Issuer Bank.
The Issuer Bank decrypts the MPIN using its Private Key after receiving
the Public Key. The MPIN is then authenticated by the Issuer Bank, which debits
the Remitter's bank account and credits the Beneficiary's bank account.

CHAPTER 4
Securities In UPI
Security In UPI

19
 For any digital transaction to be completed in India, two-factor
authentication must be enabled. Two-factor authentication requires a user-specific
password or set of credentials in addition to a component that verifies a Person's
true identity. The one-click, two-factor authentication technique used by UPI is
unusual in that it allows users to verify both authentication factors with a single
click. As the initial authentication element, the fingerprint of the mobile device is
utilized to confirm the user's real identity. Binding the mobile number to the
device at the time the user's profile is created on the PSP UPI App is the most
important security measure. This is accomplished by having the user's bank-
registered cellphone number send an encrypted outbound message. By connecting
the mobile number with the Device ID, IMEI ID, SIM Number, and PSP App ID
in this message, a device fingerprint of the mobile phone is created. The user must
re-authenticate the mobile device if any changes are made to the mobile
fingerprint, which includes the Mobile Number, Device ID, IMEI ID, SIM
Number, and PSP App ID. The user-created, four to six-digit MPIN is the second
factor of authentication and is used to confirm the transaction.

Fig 4.1: Safety Shield in UPI

For data security, data has been classified into different classes of information:
Sensitive data: Such information should not be retained and should only be
transferred in bed form. For Example Passwords, PINs, and other sensitive data.

20
Private Data: Details like a bank account number. Although only in encrypted
form, the PSP can store private data.
Non-sensitive data: Unencrypted data can be stored for items like names,
transaction histories (including money, timestamp, response code, and location),
etc.

Fig 4.2: Transaction Using UPI application

In the current UPI architecture security is handled in the following ways:

1. Identity and Account Validation: During user registration, the PSP UPI App
automatically sends an external SMS to verify the validity of the user's identity
and bank account as the first stage. The issuer bank then verifies the mobile
number to make sure it is the registered mobile number of the user holding a
legitimate bank account with the bank. This outgoing SMS is delivered in
encrypted form from the Moa bile number. Through this automatic outbound
encrypted SMS that firmly associates the Mobile number with the device, the
PSP UPI App makes device fingerprinting possible. By doing this, it is ensured
that the transactions coming from the hardbound device are safe right away.

2. Application security: Every PSP UPI app is approved by RBI-CertainPCI-

DSS. Sensitive information like MPINs and One password (OTPs) can only be
entered on the embedded NPCI Utilities and Libraries included in the PSP UPI

21
 app. The common library base 64 encodes the encrypted credentials before
returning them to the PSP program for further UPI transmissions.

3. Transaction Level Security: The PSP UPI App and the Issuing Bank share
responsibility for transaction authorization and authentication. The device
fingerprint, which is the initial authentication element, is verified by the PSP
UPI app. Users must enter a 4- to 6-digit MPIN, which is verified by the
issuing bank, to authenticate each transaction. Only when the MPIN and device
fingerprint are verified can any transaction be completed. The user has
complete control over stopping any unwanted and harmful payment requests.
To authenticate the transaction and begin any debit from his bank account, the
user must manually enter the MPIN.
MPIN Security: Only the NPCI library, or the NPCI interface built inside the
PSP UPI App, may capture the MPIN. When entering the MPIN for an
interoperable transaction, this interface is called. Through a secure channel, NPCI
sends the Issuer Bank the MPIN. The MPIN is encrypted by UPI utilizing the
Public Key Infrastructure (PKI) encryption mechanism, and it is decoded by the
Issuing Bank using its Private Key. All APIs must communicate over HTTPS to
guarantee message security, trust, and non-reliability. Additionally, every message
must be digitally signed, have a distinct message id for each request and response,
and have a distinct transaction id. The verified payee's name must always be
displayed to the payer in any payment request to prevent phishing, according to
the Payer's UPI PSP application. Because UPI transactions are closely linked to
your mobile hardware and check all device fingerprints (for example, IMEI
Number, SIM Number, etc.), which makes it technically impossible to replicate
the payment environment, UPI transactions are significantly safer than any Cards
or e-Wallet transactions. The main security risk when using cards and e-Wallets is
the absence of a password-based second factor of authentication during a
transaction. Since transactions may be automatically produced by a hacker
without the requirement for a password, this renders the cards and wallets
vulnerable to system-level breaches. In theory, a hacker can therefore make
thousands of fraudulent transactions at once.

CHAPTER 5
22
 UPI in Day-to-day life
Digital payment is paid via digital methods. Both the payer and the payee
send and receive money using digital methods in digital payments. Another name
for it is electronic payment. Digital payments don't include real money. All the
deals in digital payments are completed online. It's an accessible and accessible
way to make payments. However, you must first withdraw cash from your account,
If we talk about cash payments. Also, you use this cash to pay at shops. The
Shopkeeper deposits the money he received from you at the bank. This process is
time-consuming for you and the shopkeeper. But in digital payments, the plutocrat
transfers from your account to the shopkeeper’s account incontinently. This process
is automatic and neither you nor the shopkeeper is needed to visit the bank. Digital
payments save you from long ranges of ATMs and banks. Because, if you pay
digitally, you won’t need to withdraw cash from your account. It also takes lots of
time and a little bit of plutocracy as well. Internet banking is an arising concept
currently and nearly all the banks have started using the installation of internet
banking. In this fast-moving world, people don't have time to stay in the long
ranges of banks and ATMs.
In this regard, the government of India, colorful fiscal institutions, and other
tech people with great ideas introduced colorful mobile operations and colorful
interfaces for plutocrat transfer and payments. While using these mobile operations
people druggies face problems like security issues, the and-availability of these
payment systems in small seller shops, etc. UPI is an extensively habituated term
currently still, UPI isn't important familiar to the druggies as they're only familiar
with the operation that uses the UPI interface. After the preface of UPI, numerous
operations that used digital holdalls also use UPI as a mode of transfer of plutocrats
hence the druggies might get confused with the same. The study is conducted in the
area of banking. In banking we've numerous options to transfer finances and to do
payments and other important effects, some of the same are IMPS, NEFT, Phone
Banking, Mobile holdalls, and UPI. This study gives a clear view of how easy,
understanding, and secure the UPI is compared to mobile holdalls. This exploration
emphasizes the scholars' druggies of UPI to know their response toward the UPI, to
know their preference for using this interface. This study is conducted among the
scholars of the Faculty of Science and Humanities SRM Institute of Science and
Technology, Kattankulathur, Kanchipuram, Tamil Nadu, India. Several studies
were done which gave results like, the utmost of the druggies of the UPI are
between the age group of 20- 22. operation of UPI is high in males compared to
ladies. Undergraduates use UPI more when compared to postgraduates and

23
exploration scholars. Most of the replies have accounts in the State Bank of India &
CityUnion Bank.
From the data collected the repliers say that private banks give further
installations compared to government banks. Out of 112 replies, only 60 are
completely apprehensive about UPI, 42 are incompletely apprehensive and the
remaining replies aren't at each apprehensive about it. the utmost of the repliers use
UPI compared to Mobile holdalls and a sprinkle of other repliers use both UPI and
mobile holdalls. This is due to the integration of UPI in mobile portmanteau
operations lately. UPI-grounded operations like Google pay and Paytm are
substantially used by the repliers and other operations like Phone Pe, and Amazon
pay is used by many replies. BHIM the operation developed by NPCI is far before
due to the nonstop crashing of the operation UPI is used constantly to do day-to-
day deals by scholars. Special features like cash-back offers and lower time
consumption attract scholars to use UPI. maturity of the scholars transfers 250- 500
rupees via UPI to others. As scholars don't have large sales requirements. The main
problem faced by the replier scholars is garçon affiliated issues, that the
communication of transfer processing is shown on the screen. Among other issues
are the issue with the BHIM operation as the operation keeps on crashing while
using it.
More than half of the replies feel safe using UPI-grounded operations. As
this study is conducted among scholars, they use UPI substantially to transfer
plutocrats, recharge mobiles, and bespeak movie tickets. This is substantially due
to the cashback offers handed by these operations to its druggies. Further, more
than 80 percent of the repliers feel that UPI services are accessible to use. the
utmost of the repliers are satisfied by using UPI and others have neutral passions.
90 percent of repliers say that they will use UPI in the future. The utmost of the
repliers is interested in suggesting and recommending UPI to others. The main
problem in using UPI is garçon related issues and failure in UPI operations
suddenly while making deals. Also, there are numerous ways through which UPI
can add numerous further druggies, similar ways are, Reducing the garçon issues
and operation issues may help to increase the druggies of UPI. Conducting
mindfulness programs also helps to increase the number of guests. prices should be
bettered also people may suggest and recommend them to others. UPI should come
up with attractive offers like cash tails on bookings and other payments. operation
of UPI is less in women, it can be increased by conducting mindfulness programs
in women’s sodalities. utmost of people aren't apprehensive about UPI. So, UPI
should produce mindfulness among people through announcements and
mindfulness programs. UPI should be suitable to be used in e-commerce spots like
24
Amazon and Flipkart. As this point was introduced lately this isn't apprehensive
among scholars. UPI should concentrate on new styles that can help the illiterates
understand about using UPI. Internet connections should be made stronger in
numerous areas. mindfulness juggernauts towards digital knowledge should be
made as numerous people get cheated in some or the other way.

The aforesaid analysis leads us to the conclusion that digital will replace
UPI on a really large volume of transactions. Students in India's young generation
use UPI. for their everyday transactions, thus eventually everyone will begin to
accept this. With enough knowledge and instruction, even the use of UPI will rise
among females Offering a more appealing product or service is another technique
to grow the clientele reward program. The server-related difficulties must be
resolved as soon as possible. UPI may lose its prospective consumers, which will
contribute to the interface's demise. This leads us to the conclusion that UPI is
more practical than mobile wallets.

25
 CHAPTER 6
Advantages & Disadvantages of UPI

Advantages: -

1. Using the UPI pin, you will be able to make the most secure payment.
This is a very safe medium, it just gives you a single PI, through which
you can transfer money.
2. If you make payment from UPI, you will not have to pay any charges as
this is completely free by the Indian government.
3. UPI that you can also send any payment at one time or ask for it in your
account. It either deposits money into your account or transfers money to
another account in a matter of seconds.
4. UPI offer access to all your bank account through a single mobile
application
5. You can send payment to any unified payments interface support bank,
which is very easily without any charge, the State bank of Panjab national
bank, and all other banks.
6. UPI is easy to access, you can use24*7 hours a day, at any time and any
place, even on public holidays.
7. UPI is the one that does not need to fill in the various details like ATM
card number, IFSC code, account number.
8. The UPI payment is very simple, with the help of this, you can send
money quickly and easily to another account.
9. If you send any money to another account holder, then if you send the
same payment through the UPI, they are given some cashback in it. You
can get a lot of benefits from it.

26
Disadvantages: -

1. UPI is a deal for smaller fund transfers, when an amount is high then
other modes of online transfer are preferable.
2. Another issue with UPI is that it is difficult to persuade customers to
download the bank application to their smartphone for a single payment
interface because they are concerned about online fraud.
3. Do not tell your personal information such as the date of birth, The UPI
pin, and other information to any other person, so that your account will
be safe.
4. If you want to transfer payment in the UPI, then you can transfer up to Rs
10,000 as much as possible. You should send it one at a time if you need
to send it more than once.
5. You must know that you have to transfer money from the unified payment
interface pin is also known as the UPI pin, and it is a very small digit, 4 to
6 digit while having a small digit, it is not safe, so make your payment
carefully and its information does not let anyone else know.
6. It does not work on the slow of the internet.
7. UPI is a very fast and safe medium, but sometimes it takes a lot of time to
send the payment after the bank’s server down.
8. If you want to pay using the UPA, you won’t need the UTI support app,
which you’ll need to install on your Android smartphone and use
regularly take your mobile RAM too much. So that your mobile hangs or
uses too much internet to avoid it, you can clear app cache and
background data to the user can also shut down.

27
 CHAPTER 7
Conclusion

In this report, we discussed how the new payment methods impact on banks in
three categories. Here, we summarize them and try to make suggestions to banks
for survival. Transactions between the individuals would be made more convenient
by the emergence of Mondex-type smart cards. On the other hand, banks will lose
fees for person-to person money transfer and fees for ATM transactions. Though
adoption rate of the smart cards cannot be pre dicted, banks have to look at other
business functions by aggressively join smart cards projects. As the smart cards
proliferate, they would make money by issuing the smart cards and transfer money
from banking account to the cards Emerging methods for transactions between
consumer and company can be divided into three methods- (1) expansion of credit
card method, (2) Digital Check and Internet Banking and (3) Smart Card and
Digital Money. The impact to the banks are different in each cases. For case (1),
opportunities to make loan for consumers will increase due to the increase of credit
card use. Banks should leverage the information on customers to gain profit. For
case (2), though Digital Check will make business chances for banks by motivating
consumers to open account, handling charge from normal type of money transfer
will decrease. Internet banking will bring about new opportunities for banks to gain
handling charge from customers by expanding customers base and will reduce the
operational cost of banks drastically. However, since the entry barrier to Internet
banking is low, banks which fails to make strategy about Internet banking will
decline. For case (3), banks can enjoy new opportunities to gain handling charge to
deal with Digital Money. On the other hand, banks may loose all information,
handling charge and credit business by Smart Card and Digital Money. Banks have
to promote the favourable methods and join to construct the new rules to profit all
the participants when they promote these methods. By netting through EDI,
transactions between companies will be compressed and the companies might take
over some portion of the settlement function that banks have traditionally con
ducted. Banks would lose money, and lose control on companies by losing
information on the business movements accompanied with the transactions. In
order to overcome the threat, banks should expand their business area by acquiring
the knowledge of the technology and business related to the EDI and providing
total integrated finance systems to companies. expected.

28
 CHAPTER 8
References

 Mamta, Prof. Hariom Tyagi and Dr. Abhishek Shukla –“The Study Of
Electronic Payment Systems”. International Journal of Advanced Research
in Computer Science And Software Engineering, 2016.

 Vidya Shree DV, Yamuna N. and Nitu Shree G “A Study on New

Dynamics in Digital Payments System-with reference to Paytm and
PayUMoney”, International Journal of Applied Research 2015, 1(10):1002-
1005

 Sujith T S, Julie C D “Opportunities and Challenges of E-payment System

in India”, International Journal of Scientific Research and Management
(IJSRM), 2017.

 Ashike, H. (2011), “Cashless Economy can Reduce Risk of Carrying Huge

Cash”, [Online] available: https://www.businessdayonline.com/.../22217.

 Cashlessindia.gov.in

29