Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Unified Payments Interface (UPI)
 The Unified Payments Interface (UPI) offers an architecture and a set of standard
Application Programming Interface (API...
UPI Architecture
Scalable Architecture
Banks Banks
IMPS AEPS RuPay Ecom
Unified Payments Interface
NPCI
Standard Interface...
 “Payment Address" is an abstract form to represent a handle that uniquely identify an
account details in a “normalized" ...
A user id provided by PSP, resolved directly by that PSP, is represented as user-id@psp-
code (e.g. joeuser@mypsp)
IFSC ...
UPI – Message Flow
PSP 1
PSP 2
Account
Provider 2
Account
Provider 1
A/C
providers
live in UPI
UPI
RespPay
ReqPay(PAY/COLL...
Pay Transaction
Payee PSPUnified
Payments
Interface
Payer PSP
Acquiring Channel
(Mobile App/E-Com)
Beneficiary
Bank
Remitt...
Collect Transaction
Payee PSPUnified
Payments
Interface
Payer PSP
Acquiring Channel
(Mobile App/E-Com)
Beneficiary
Bank
Re...
List of Core APIs
List of Meta APIs
List of Meta APIs
 UPI Solution provides strong end-to-end security and data protection. The key Security
features of the Unified Payments ...
 NPCI common library will be distributed to PSP’s for all the three major mobile operating
systems viz. Android, iOS & Wi...
 Applications that integrate with PSP Apps to collect Payment
 Web App, Desktop App, Mobile App etc
 Re-imagine various...
Sample Mobile App Flow – In app Payment
If UPIenabledAPPis not
availableuser will be
routed to
playstore/website to
mercha...
Sample Mobile App Flow – Collect Pay
UPI
Over
Inter
net
Thank You
Upcoming SlideShare
Loading in …5
×

UPI Technology

5,475 views

Published on

UPI is a API protocol developed by the NPCI for interoperable payments in India. This presentation gives a overall view of the technology behind UPI

Published in: Technology
  • Doesn't really explain what's a PSP.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

UPI Technology

  1. 1. Unified Payments Interface (UPI)
  2. 2.  The Unified Payments Interface (UPI) offers an architecture and a set of standard Application Programming Interface (API) specifications to facilitate online payments. It aims to simplify and provide a single interface across all NPCI systems besides creating interoperability and superior customer experience. Instant “Pay” (push) and “Collect” (pull) using single click two factor authentication where mobile is first factor (what you have) and MPIN/Biometrics (what you know/are) as second factor. Ability to use Virtual Payment Addresses(VPA), thus eliminating the need to provide sensitive account information to merchants or other individuals. What is UPI
  3. 3. UPI Architecture Scalable Architecture Banks Banks IMPS AEPS RuPay Ecom Unified Payments Interface NPCI Standard Interface Standard Interface Standard Interface Internet Banking 3rd Party Apps (Collect only) Banks *99# APBS NACH NFS *99# Central Repository UID-BIN 3rd Party Apps (Collect only) Mobile application Payment System Players (PSP) Mobile application Mobile application
  4. 4.  “Payment Address" is an abstract form to represent a handle that uniquely identify an account details in a “normalized" notation  Virtual Payment Addresses are denoted as “account@provider“  PSPs can allow their customers to create any number of virtual payment addresses and allow attaching various authorization rules to them.  PSPs may offer “one time use” addresses or “amount/time limited” addresses or "limit to specific payees" addresses to customers What is Virtual Payment Address
  5. 5. A user id provided by PSP, resolved directly by that PSP, is represented as user-id@psp- code (e.g. joeuser@mypsp) IFSC code and account number combination, resolved directly by NPCI, is represented as account-no@ifsc-code.ifsc.npci (e.g. 1234500000000001@HDFC0000001.ifsc.npci) Aadhaar number, resolved directly by NPCI using existing Aadhaar to bank mapper, is represented as aadhaar-no@aadhaar.npci (e.g. 234567890123@aadhaar.npci) Examples of Virtual Payment Address
  6. 6. UPI – Message Flow PSP 1 PSP 2 Account Provider 2 Account Provider 1 A/C providers live in UPI UPI RespPay ReqPay(PAY/COLLECT) RespAuthDetail ReqAuthDetail RespPay ReqPay(Debit) RespPay ReqPay(Credit)
  7. 7. Pay Transaction Payee PSPUnified Payments Interface Payer PSP Acquiring Channel (Mobile App/E-Com) Beneficiary Bank Remitter Bank 54ReqPay debit RespPaydebit 1 8 ReqPay RespPay 2 3 6 7ReqPay credit RespPay credit RespAuthDetails ReqAuthDetails A B 9 10 RespTxnConfirmation ReqTxnConfirmation Financial Non-Financial
  8. 8. Collect Transaction Payee PSPUnified Payments Interface Payer PSP Acquiring Channel (Mobile App/E-Com) Beneficiary Bank Remitter Bank 54 ReqPay debit RespPay debit 1 8 ReqPay RespPay 2 3 6 7ReqPay credit RespPay credit RespAuthDetails ReqAuthDetails A B 9 10 RespTxnConfirmation ReqTxnConfirmation Financial Non-Financial C D
  9. 9. List of Core APIs
  10. 10. List of Meta APIs
  11. 11. List of Meta APIs
  12. 12.  UPI Solution provides strong end-to-end security and data protection. The key Security features of the Unified Payments Interface are:  Device Fingerprinting during the registration process  Credential Capture through NPCI Common Library  Credentials encrypted by using RSA 2048 Asymmetric Encryption  The decryption/encryption at NPCI will be performed through HSM  Message communication between PSPs and UPI over HTTPS  All messages are digital signed using SHA2 with RSA. Security features
  13. 13.  NPCI common library will be distributed to PSP’s for all the three major mobile operating systems viz. Android, iOS & Windows.  Common library has the following security features: Capture the credentials securely Embedding Device and Transaction related data as salt into the Credential block for each Transaction to  Prevent the Acquiring PSP to replay the Credential block  Ensure actual device finger print is sent to NPCI for every transaction  Ensure NPCI Common Library is used to Secure Credential capture To encrypt the sensitive data (credentials like OTP, MPIN, and biometric data) using RSA 2048 public key encryption. Digital Signature verification of xml payload of public keys before performing the credential capture. NPCI Common Library
  14. 14.  Applications that integrate with PSP Apps to collect Payment  Web App, Desktop App, Mobile App etc  Re-imagine various use cases that can move to cashless through UPI  Sample PSP App/PSP Server provided by NPCI may be used  When developing mobile app, deep link to sample PSP app  Common Library will be part of Sample PSP and should not be directly used  PSP application itself which is provided to consumers/Merchants  PSP server including optional interface/sdk for merchants  PSP mobile app for consumers by embedding Common Library Types of Applications
  15. 15. Sample Mobile App Flow – In app Payment If UPIenabledAPPis not availableuser will be routed to playstore/website to merchant preferred PSP APP
  16. 16. Sample Mobile App Flow – Collect Pay UPI Over Inter net
  17. 17. Thank You

×