SlideShare a Scribd company logo

Unified payment interface and its security

Download as PPTX, PDF
Akshay Dixit
Akshay Dixit

THE slides makes basic concepts related to UNIFIED PAYMENTS INTERFACE and its SECURITY clear in most easy to understand and clear format.

1 of 31
UNIFIED PAYMENT INTERFACE AND ITS SECURITY AKSHAY DIXIT BTECH.(CSE) AKGEC
Your guide to UPI—the world’s most advanced payments system This is not hyperbole. India just crushed it!
PM launching UPI(30 DEC. 2016)
AGENDA ▶ 1.MISSION AND VISION ▶ 2.WHAT IS UPI? ▶ 3.WHY UPI? ▶ 4.BASIC STRUCTURE OF UPI ▶ 5.KEY INNOVATION TO UPI SUCCESS ▶ 6.PARTICIPANTS ▶ 7.KEY ASPECTS OF UPI ▶ 8.ROLE OF NPCI ▶ 9.ARCHITECTURE OF UPI ▶ 10.CONCEPTS
Contd.. ▶ 11.VALUE PROPOSITION ▶ 12.ADHAAR FACILITIES SUPPORTED ▶ 13.NPCI CENTRAL MAPPERS ▶ 14.SECURITY CONSIDERATIONS ▶ 15.HOW SECURE IS UPI ▶ 16.IDENTITY AND ACCOUNT VALIDATION ▶ 17.PROTECTING ACCOUNT DETAILS ▶ 18.PROTECTING ACCOUNT CREDENTIALS ▶ 19.PROTECTING AGAINST PHISHING ▶ 20.MESSAGE SECURITY AND TRUST ▶ 21.ADVANTAGES ▶ 22.DISADVANTAGES ▶ 23.CONCLUSION
MISSION AND VISION ▶ Mission Statement To ensure payment and settlement systems in the country are safe, efficient, interoperable, authorised, accessible, inclusive and compliant with international standards. ▶ Vision To proactively encourage electronic payment systems for ushering in a less-cash society in India
WHAT IS UPI ?
WHY UPI ?
BASIC STRUCTURE OF UPI
KEY INNOVATION TO UPI SUCCESS ▶ The term “Virtual Payment Address” is used to depict an identifier that can be uniquely mapped to an individual account using a translation service. In addition to Aadhaar number and Mobile number as global identifiers (mapped by NPCI), PSPs can offer any number of virtual addresses to customers so that they can use the virtual address for making and receiving payments. ▶ Virtual payment addresses provide innovative mechanisms for customers to create addresses with attached rules for limiting amount, time (e.g., one time use addresses), and payees.
PARTICIPANTS
KEY ASPECTS OF UPI ▶ The Unified Payment Interface is expected to further propel easy instant payments via mobile, web, and other applications. ▶ The payments can be both sender (payer) and receiver (payee) initiated and are carried out in a secure, convenient, and integrated fashion. ▶ This design provides an ecosystem driven scalable architecture and a set of APIs taking full advantage of mass adoption of smartphone.
Contd…. ▶ Virtual payment addresses, 1-click 2-factor authentication, Aadhaar integration, use of payer’s smartphone for secure credential capture, etc. are some of the core features. ▶ It allows banks and other players to innovate and offer a superior customer experience to make electronic payments convenient and secure. ▶ Supports the growth of e-commerce, while simultaneously meeting the target of financial inclusion. ▶ Proposed architecture is well within the regulatory framework of the mobile and ecommerce transactions having 2 factors of authentication (2FA).
ROLE OF NPCI ▶ Unified – hiding the complexity of dealing with disparate systems – both internal and external to NPCI. ▶ Expandable – to allow for innovations in newer forms of identity, authentication, and banking ▶ Adaptable -to the current way of life- ▶ Smart phones as an integral part of people’s identity ▶ Aadhaar as a form of online verifiable identity - authenticated by a third party ▶ Allow customers to enter credentials on their own device – even when the merchant requests funds. ▶ E Commerce.
Contd.. ▶ Real Time – Allows banks to provide real time experience for interactive transactions. ▶ Secure – Allows for traceability through the entire transaction chain ▶ Monitorable - Allows for NPCI to monitor the system centrally
ARCHITECTURE OF UPI
CONCEPTS Every payment has the following core elements: ▶ Payer and payee account and institution details for routing and authorization ▶ Authentication credentials (password, PIN, biometrics, etc. as required for debit, can be bank provided or 3rd party provided such as UIDAI) ▶ Transaction amount ▶ Transaction reference ▶ Timestamp ▶ Other metadata attributes such as location, product code, mobile number, device details, etc. as required.
Value proposition ▶ Simplifying Authentication ▶ Simplifying Issuance Infrastructure ▶ Flexibility for Users ▶ Enabling 1-click 2-FA Transactions ▶ Embracing Mobile Adoption ▶ Stimulating Innovation ▶ Embracing Aadhaar Adoption ▶ Creating National Interoperability
ADHAAR FACILITIES SUPPORTED ▶ Aadhaar Authentication ▶ Aadhaar e-KYC ▶ Aadhaar Enabled Account (AEA) ▶ Aadhaar Payment Bridge (APB) ▶ Aadhaar Enabled Payment System (AEPS)
NPCI Central Mapper ▶ Aadhaar as the Payment Address ▶ Mobile as the Payment Address
SECURITY CONSIDERATIONS For data security, the following classes of information are defined: ▶ Sensitive Data - Data such as PIN, passwords, biometrics, etc. These are not to be stored and should only be transported in encrypted form. ▶ Private Data - Data such as account number. This information may be stored by the PSP, but only in encrypted form. ▶ Non-Sensitive data - Name, transaction history (amount, timestamp, response code, location, etc.) that can be stored in unencrypted form
How secure is UPI? Nilekani said the security is fool-proof as the transaction will happen in a highly encrypted format. Already NPCI’s IMPS network handles more than Rs.8,000 crore worth of transactions a day, which will exponentially increase with the use of mobile phones. 2 Factor authentication – similar to OTP will be there as its mandated by RBI. In this case, MPIN instead of OTP will be used.
Identity & Account Validation Identity Data Validated When How By Mobile Device PSP & NPCI Customer SMS based OTP initially against the (via common Registration & registered mobile and using library) during HOTP/TOTP for implicit verification transaction during every transaction Aadhaar PSP Customer Aadhaar e-KYC / Authentication or Number or Registration PAN card verification PAN number Customer PSP Customer Aadhaar e-KYC / Demographic Name Registration Authentication, matching with PAN card verification Account PSP Every time a Ideally via an API offered by account Details - payment account providers or via a small value (e.g. Number, is added Rs.1/-) transaction Account Ownership,
Protecting Account Details ▶ Protecting during capture ▶ Verifying the account details with account provider (bank, PPI, etc. - new API may be needed from banks, or Re-1 transaction may be done to validate) ▶ PSPs storing the data should be always in encrypted form
Protecting Authentication Credentials ▶ Authentication credentials encrypted during capture using the public key of the authentication provider ▶ "Trusted" common library for credential (MPIN/Password/PIN/Biometrics) capture. This library needs to bind customer mobile using HOTP/TOTP which is verified as part of transaction
Protecting against Phishing ▶ 3 core techniques may be used to protect against phishing: ▶ Individual (nonentities)pay/collect transactions can be against pre-created and verified address (quite like in the case of NEFT). ▶ Allow direct/collect against ONLY whitelisted within the payer’s pre-listed entries. Payer must add the payee explicitly into this list (quite life NEFT settings). During this, address verification can be done. ▶ For individuals ▶ PSP application should mandatorily share Aadhaar number and verified name which is part of customer information block which can be shown by the second PSP to their customer
Contd.. ▶ For entities ▶ PSP application should mandatorily share PAN number and verified name which is part of customer information block which can be shown by the second PSP to their customer ▶ Whitelist entities (popular ones) and blacklist/rating at central database (NPCI) and show “verified symbol
Message Security and Trust ▶ Every messages within the unified system must be digitally signed ▶ Every message has unique transaction ID (that spans across the organizations for same transaction) and unique message ID for every request-response pair ▶ All APIs must be done over a secure channel (HTTPS) ▶ Auditing transaction (no sensitive data) data for appropriate number of years
ADVANTAGES OF UPI ▶ Minimal Charges and Instant ▶ No Need to Fill Details ▶ No need for Registration and always Available
Disadvantages of UPI ▶ Transaction Limit ▶ Requirement of Internet and Smartphone ▶ Difficult to Convince the Customers
CONCLUSION UPI can replace NEFT, IMPS and RTGS as UPI has only 1 unique ID of he recipient and is required for an instantaneous transfer of funds. It is much more easier than the other modes of transfer. In future it is expected to replace the other modes of payments as it makes payments very easily.

Recommended

Upi, e wallets & other digital payments
Upi, e wallets & other digital paymentsUpi, e wallets & other digital payments
Upi, e wallets & other digital payments
Arshit Agarwal
 
UPI Presentation.pptx
UPI Presentation.pptxUPI Presentation.pptx
UPI Presentation.pptx
RaushanKumar375157
 
Unified payments interface (upi)
Unified payments interface (upi)Unified payments interface (upi)
Unified payments interface (upi)
Naina Singh
 
Unified Payment Interface
Unified Payment InterfaceUnified Payment Interface
Unified Payment InterfaceAkash Chandra
 
UPI Technology
UPI TechnologyUPI Technology
UPI Technology
indiastack
 
Unified Payment Interface (UPI)
Unified Payment Interface (UPI)Unified Payment Interface (UPI)
Unified Payment Interface (UPI)
Ravindra Dastikop
 
Unified Payments Interface (UPI)
Unified Payments Interface (UPI)Unified Payments Interface (UPI)
Unified Payments Interface (UPI)
Akash Kumar
 
Unified Payments Interface (UPI) - Introduction
Unified Payments Interface (UPI) - Introduction Unified Payments Interface (UPI) - Introduction
Unified Payments Interface (UPI) - Introduction
indiastack
 

Recommended

Upi, e wallets & other digital payments
Upi, e wallets & other digital paymentsUpi, e wallets & other digital payments
Upi, e wallets & other digital payments
Arshit Agarwal
 
UPI Presentation.pptx
UPI Presentation.pptxUPI Presentation.pptx
UPI Presentation.pptx
RaushanKumar375157
 
Unified payments interface (upi)
Unified payments interface (upi)Unified payments interface (upi)
Unified payments interface (upi)
Naina Singh
 
Unified Payment Interface
Unified Payment InterfaceUnified Payment Interface
Unified Payment InterfaceAkash Chandra
 
UPI Technology
UPI TechnologyUPI Technology
UPI Technology
indiastack
 
Unified Payment Interface (UPI)
Unified Payment Interface (UPI)Unified Payment Interface (UPI)
Unified Payment Interface (UPI)
Ravindra Dastikop
 
Unified Payments Interface (UPI)
Unified Payments Interface (UPI)Unified Payments Interface (UPI)
Unified Payments Interface (UPI)
Akash Kumar
 
Unified Payments Interface (UPI) - Introduction
Unified Payments Interface (UPI) - Introduction Unified Payments Interface (UPI) - Introduction
Unified Payments Interface (UPI) - Introduction
indiastack
 
Unified payment interface
Unified payment interfaceUnified payment interface
Unified payment interface
Ravi Raj Kamal
 
Unified Payment Interface (UPI) - A Way Towards Cashless Economy
Unified Payment Interface (UPI) - A Way Towards Cashless EconomyUnified Payment Interface (UPI) - A Way Towards Cashless Economy
Unified Payment Interface (UPI) - A Way Towards Cashless Economy
IRJET Journal
 
Digital payments
Digital paymentsDigital payments
Digital payments
Venkatesh Kumar Maale
 
Overview of digital payments in india
Overview of digital payments in india Overview of digital payments in india
Overview of digital payments in india
Mathew Chacko
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
Nyros Technologies
 
India - A Cashless Economy (NPCI/UPI)
India - A Cashless Economy (NPCI/UPI)India - A Cashless Economy (NPCI/UPI)
India - A Cashless Economy (NPCI/UPI)
Aravind Krishnaswamy
 
Presentation of digital payments
Presentation of digital paymentsPresentation of digital payments
Presentation of digital payments
pro prosecl
 
Digital payments
Digital payments Digital payments
Digital payments
Umashanker Sahu
 
E wallet
E walletE wallet
E wallet
Ayushi Shah
 
Digital payments Presentations
Digital payments PresentationsDigital payments Presentations
Digital payments Presentations
TRIPLE S PORTFOLIO
 
Digital Payments
Digital PaymentsDigital Payments
Digital Payments
Shivam Saxena
 
Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway System
Mannu Khani
 
Unified payment interface
Unified payment interfaceUnified payment interface
Unified payment interface
pranoy_seenu
 
Mobile Banking
Mobile BankingMobile Banking
Mobile Banking
Ajitesh Srivastava
 
Unified Payments Interface (UPI) - easy way to transfer money through banks
Unified Payments Interface (UPI) - easy way to transfer money through banksUnified Payments Interface (UPI) - easy way to transfer money through banks
Unified Payments Interface (UPI) - easy way to transfer money through banks
CA Janardhana Gouda
 
Digital payment
Digital paymentDigital payment
Digital payment
Rushikesh Maddalwar
 
Digital Banking
Digital BankingDigital Banking
Digital Banking
Home
 
BUILDING DIGITAL INFRASTRUCTURE FOR A BILLION
BUILDING DIGITAL INFRASTRUCTURE FOR A BILLIONBUILDING DIGITAL INFRASTRUCTURE FOR A BILLION
BUILDING DIGITAL INFRASTRUCTURE FOR A BILLION
indiastack
 
Utk upi 15je001127
Utk upi 15je001127Utk upi 15je001127
Utk upi 15je001127
Utkarsh Sinh
 
Digital wallet (e-wallet)
Digital wallet (e-wallet)Digital wallet (e-wallet)
Digital wallet (e-wallet)Krishna Kumar
 
Fintech
FintechFintech
Fintech
AayushBedi3
 
present.pptx
present.pptxpresent.pptx
present.pptx
AadityaRauniyar1
 

More Related Content

What's hot

Unified payment interface
Unified payment interfaceUnified payment interface
Unified payment interface
Ravi Raj Kamal
 
Unified Payment Interface (UPI) - A Way Towards Cashless Economy
Unified Payment Interface (UPI) - A Way Towards Cashless EconomyUnified Payment Interface (UPI) - A Way Towards Cashless Economy
Unified Payment Interface (UPI) - A Way Towards Cashless Economy
IRJET Journal
 
Digital payments
Digital paymentsDigital payments
Digital payments
Venkatesh Kumar Maale
 
Overview of digital payments in india
Overview of digital payments in india Overview of digital payments in india
Overview of digital payments in india
Mathew Chacko
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
Nyros Technologies
 
India - A Cashless Economy (NPCI/UPI)
India - A Cashless Economy (NPCI/UPI)India - A Cashless Economy (NPCI/UPI)
India - A Cashless Economy (NPCI/UPI)
Aravind Krishnaswamy
 
Presentation of digital payments
Presentation of digital paymentsPresentation of digital payments
Presentation of digital payments
pro prosecl
 
Digital payments
Digital payments Digital payments
Digital payments
Umashanker Sahu
 
E wallet
E walletE wallet
E wallet
Ayushi Shah
 
Digital payments Presentations
Digital payments PresentationsDigital payments Presentations
Digital payments Presentations
TRIPLE S PORTFOLIO
 
Digital Payments
Digital PaymentsDigital Payments
Digital Payments
Shivam Saxena
 
Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway System
Mannu Khani
 
Unified payment interface
Unified payment interfaceUnified payment interface
Unified payment interface
pranoy_seenu
 
Mobile Banking
Mobile BankingMobile Banking
Mobile Banking
Ajitesh Srivastava
 
Unified Payments Interface (UPI) - easy way to transfer money through banks
Unified Payments Interface (UPI) - easy way to transfer money through banksUnified Payments Interface (UPI) - easy way to transfer money through banks
Unified Payments Interface (UPI) - easy way to transfer money through banks
CA Janardhana Gouda
 
Digital payment
Digital paymentDigital payment
Digital payment
Rushikesh Maddalwar
 
Digital Banking
Digital BankingDigital Banking
Digital Banking
Home
 
BUILDING DIGITAL INFRASTRUCTURE FOR A BILLION
BUILDING DIGITAL INFRASTRUCTURE FOR A BILLIONBUILDING DIGITAL INFRASTRUCTURE FOR A BILLION
BUILDING DIGITAL INFRASTRUCTURE FOR A BILLION
indiastack
 
Utk upi 15je001127
Utk upi 15je001127Utk upi 15je001127
Utk upi 15je001127
Utkarsh Sinh
 
Digital wallet (e-wallet)
Digital wallet (e-wallet)Digital wallet (e-wallet)
Digital wallet (e-wallet)Krishna Kumar
 

What's hot (20)

Unified payment interface
Unified payment interfaceUnified payment interface
Unified payment interface
 
Unified Payment Interface (UPI) - A Way Towards Cashless Economy
Unified Payment Interface (UPI) - A Way Towards Cashless EconomyUnified Payment Interface (UPI) - A Way Towards Cashless Economy
Unified Payment Interface (UPI) - A Way Towards Cashless Economy
 
Digital payments
Digital paymentsDigital payments
Digital payments
 
Overview of digital payments in india
Overview of digital payments in india Overview of digital payments in india
Overview of digital payments in india
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
 
India - A Cashless Economy (NPCI/UPI)
India - A Cashless Economy (NPCI/UPI)India - A Cashless Economy (NPCI/UPI)
India - A Cashless Economy (NPCI/UPI)
 
Presentation of digital payments
Presentation of digital paymentsPresentation of digital payments
Presentation of digital payments
 
Digital payments
Digital payments Digital payments
Digital payments
 
E wallet
E walletE wallet
E wallet
 
Digital payments Presentations
Digital payments PresentationsDigital payments Presentations
Digital payments Presentations
 
Digital Payments
Digital PaymentsDigital Payments
Digital Payments
 
Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway System
 
Unified payment interface
Unified payment interfaceUnified payment interface
Unified payment interface
 
Mobile Banking
Mobile BankingMobile Banking
Mobile Banking
 
Unified Payments Interface (UPI) - easy way to transfer money through banks
Unified Payments Interface (UPI) - easy way to transfer money through banksUnified Payments Interface (UPI) - easy way to transfer money through banks
Unified Payments Interface (UPI) - easy way to transfer money through banks
 
Digital payment
Digital paymentDigital payment
Digital payment
 
Digital Banking
Digital BankingDigital Banking
Digital Banking
 
BUILDING DIGITAL INFRASTRUCTURE FOR A BILLION
BUILDING DIGITAL INFRASTRUCTURE FOR A BILLIONBUILDING DIGITAL INFRASTRUCTURE FOR A BILLION
BUILDING DIGITAL INFRASTRUCTURE FOR A BILLION
 
Utk upi 15je001127
Utk upi 15je001127Utk upi 15je001127
Utk upi 15je001127
 
Digital wallet (e-wallet)
Digital wallet (e-wallet)Digital wallet (e-wallet)
Digital wallet (e-wallet)
 

Similar to Unified payment interface and its security

Fintech
FintechFintech
Fintech
AayushBedi3
 
present.pptx
present.pptxpresent.pptx
present.pptx
AadityaRauniyar1
 
SECURED BANKING TRANSACTION USING VIRTUAL PASSWORD
SECURED BANKING TRANSACTION USING VIRTUAL PASSWORDSECURED BANKING TRANSACTION USING VIRTUAL PASSWORD
SECURED BANKING TRANSACTION USING VIRTUAL PASSWORD
International Journal of Technical Research & Application
 
Digital Payment Terms Simplified
Digital Payment Terms SimplifiedDigital Payment Terms Simplified
Digital Payment Terms Simplified
AGS Transact Technologies
 
A Comprehensive guide to understanding Digital Wallets.pdf
A Comprehensive guide to understanding Digital Wallets.pdfA Comprehensive guide to understanding Digital Wallets.pdf
A Comprehensive guide to understanding Digital Wallets.pdf
Pay10
 
upi new-birkumar 2024 jana123456789.pptx
upi new-birkumar 2024 jana123456789.pptxupi new-birkumar 2024 jana123456789.pptx
upi new-birkumar 2024 jana123456789.pptx
BirkumarJana
 
Cleartech Infosys Capabilities
Cleartech Infosys CapabilitiesCleartech Infosys Capabilities
Cleartech Infosys Capabilitiescleartech
 
Juno pay ipos_pickup_v1
Juno pay ipos_pickup_v1Juno pay ipos_pickup_v1
Juno pay ipos_pickup_v1
Rashi Vaidya
 
India stack - A detailed presentation
India stack - A detailed presentationIndia stack - A detailed presentation
India stack - A detailed presentation
indiastack
 
Trends in Banking Part vII
Trends in Banking Part vIITrends in Banking Part vII
Trends in Banking Part vII
anuppresentations
 
Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...
Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...
Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...
Eswar Publications
 
Micro Finance with Smart Card
Micro Finance with Smart CardMicro Finance with Smart Card
Micro Finance with Smart Card
Parikshit Sampat Ram
 
Moneypad
MoneypadMoneypad
Moneypad
ankur bhalla
 
Transactions Using Bio-Metric Authentication
Transactions Using Bio-Metric AuthenticationTransactions Using Bio-Metric Authentication
Transactions Using Bio-Metric Authentication
IRJET Journal
 
Tradesbay-Online cashless trading system
Tradesbay-Online cashless trading systemTradesbay-Online cashless trading system
Tradesbay-Online cashless trading system
IRJET Journal
 
UPI
UPIUPI
UPI
Sundar B N
 
Security & Seamless CX in User Authentication: How to Achieve Both?
Security & Seamless CX in User Authentication: How to Achieve Both?Security & Seamless CX in User Authentication: How to Achieve Both?
Security & Seamless CX in User Authentication: How to Achieve Both?
Ivona M
 
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONCASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
Pankaj Rane
 
E-Banking Services and Challenges in India
E-Banking Services and Challenges in IndiaE-Banking Services and Challenges in India
E-Banking Services and Challenges in India
Dheeraj Kumar Tiwari
 

Similar to Unified payment interface and its security (20)

Fintech
FintechFintech
Fintech
 
present.pptx
present.pptxpresent.pptx
present.pptx
 
SECURED BANKING TRANSACTION USING VIRTUAL PASSWORD
SECURED BANKING TRANSACTION USING VIRTUAL PASSWORDSECURED BANKING TRANSACTION USING VIRTUAL PASSWORD
SECURED BANKING TRANSACTION USING VIRTUAL PASSWORD
 
Digital Payment Terms Simplified
Digital Payment Terms SimplifiedDigital Payment Terms Simplified
Digital Payment Terms Simplified
 
Digital wallet
Digital walletDigital wallet
Digital wallet
 
A Comprehensive guide to understanding Digital Wallets.pdf
A Comprehensive guide to understanding Digital Wallets.pdfA Comprehensive guide to understanding Digital Wallets.pdf
A Comprehensive guide to understanding Digital Wallets.pdf
 
upi new-birkumar 2024 jana123456789.pptx
upi new-birkumar 2024 jana123456789.pptxupi new-birkumar 2024 jana123456789.pptx
upi new-birkumar 2024 jana123456789.pptx
 
Cleartech Infosys Capabilities
Cleartech Infosys CapabilitiesCleartech Infosys Capabilities
Cleartech Infosys Capabilities
 
Juno pay ipos_pickup_v1
Juno pay ipos_pickup_v1Juno pay ipos_pickup_v1
Juno pay ipos_pickup_v1
 
India stack - A detailed presentation
India stack - A detailed presentationIndia stack - A detailed presentation
India stack - A detailed presentation
 
Trends in Banking Part vII
Trends in Banking Part vIITrends in Banking Part vII
Trends in Banking Part vII
 
Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...
Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...
Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...
 
Micro Finance with Smart Card
Micro Finance with Smart CardMicro Finance with Smart Card
Micro Finance with Smart Card
 
Moneypad
MoneypadMoneypad
Moneypad
 
Transactions Using Bio-Metric Authentication
Transactions Using Bio-Metric AuthenticationTransactions Using Bio-Metric Authentication
Transactions Using Bio-Metric Authentication
 
Tradesbay-Online cashless trading system
Tradesbay-Online cashless trading systemTradesbay-Online cashless trading system
Tradesbay-Online cashless trading system
 
UPI
UPIUPI
UPI
 
Security & Seamless CX in User Authentication: How to Achieve Both?
Security & Seamless CX in User Authentication: How to Achieve Both?Security & Seamless CX in User Authentication: How to Achieve Both?
Security & Seamless CX in User Authentication: How to Achieve Both?
 
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONCASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
 
E-Banking Services and Challenges in India
E-Banking Services and Challenges in IndiaE-Banking Services and Challenges in India
E-Banking Services and Challenges in India
 

Recently uploaded

how to sell pi coins on Bitmart crypto exchange
how to sell pi coins on Bitmart crypto exchangehow to sell pi coins on Bitmart crypto exchange
how to sell pi coins on Bitmart crypto exchange
DOT TECH
 
655264371-checkpoint-science-past-papers-april-2023.pdf
655264371-checkpoint-science-past-papers-april-2023.pdf655264371-checkpoint-science-past-papers-april-2023.pdf
655264371-checkpoint-science-past-papers-april-2023.pdf
morearsh02
 
innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...
innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...
innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...
Falcon Invoice Discounting
 
How to get verified on Coinbase Account?_.docx
How to get verified on Coinbase Account?_.docxHow to get verified on Coinbase Account?_.docx
How to get verified on Coinbase Account?_.docx
Buy bitget
 
BYD SWOT Analysis and In-Depth Insights 2024.pptx
BYD SWOT Analysis and In-Depth Insights 2024.pptxBYD SWOT Analysis and In-Depth Insights 2024.pptx
BYD SWOT Analysis and In-Depth Insights 2024.pptx
mikemetalprod
 
where can I find a legit pi merchant online
where can I find a legit pi merchant onlinewhere can I find a legit pi merchant online
where can I find a legit pi merchant online
DOT TECH
 
234Presentation on Indian Debt Market.ppt
234Presentation on Indian Debt Market.ppt234Presentation on Indian Debt Market.ppt
234Presentation on Indian Debt Market.ppt
PravinPatil144525
 
一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理
一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理
一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理
ydubwyt
 
how to sell pi coins in South Korea profitably.
how to sell pi coins in South Korea profitably.how to sell pi coins in South Korea profitably.
how to sell pi coins in South Korea profitably.
DOT TECH
 
What price will pi network be listed on exchanges
What price will pi network be listed on exchangesWhat price will pi network be listed on exchanges
What price will pi network be listed on exchanges
DOT TECH
 
how to sell pi coins at high rate quickly.
how to sell pi coins at high rate quickly.how to sell pi coins at high rate quickly.
how to sell pi coins at high rate quickly.
DOT TECH
 
how can I sell pi coins after successfully completing KYC
how can I sell pi coins after successfully completing KYChow can I sell pi coins after successfully completing KYC
how can I sell pi coins after successfully completing KYC
DOT TECH
 
Commercial Bank Economic Capsule - May 2024
Commercial Bank Economic Capsule - May 2024Commercial Bank Economic Capsule - May 2024
Commercial Bank Economic Capsule - May 2024
Commercial Bank of Ceylon PLC
 
how can I sell/buy bulk pi coins securely
how can I sell/buy bulk pi coins securelyhow can I sell/buy bulk pi coins securely
how can I sell/buy bulk pi coins securely
DOT TECH
 
Exploring Abhay Bhutada’s Views After Poonawalla Fincorp’s Collaboration With...
Exploring Abhay Bhutada’s Views After Poonawalla Fincorp’s Collaboration With...Exploring Abhay Bhutada’s Views After Poonawalla Fincorp’s Collaboration With...
Exploring Abhay Bhutada’s Views After Poonawalla Fincorp’s Collaboration With...
beulahfernandes8
 
Which Crypto to Buy Today for Short-Term in May-June 2024.pdf
Which Crypto to Buy Today for Short-Term in May-June 2024.pdfWhich Crypto to Buy Today for Short-Term in May-June 2024.pdf
Which Crypto to Buy Today for Short-Term in May-June 2024.pdf
Kezex (KZX)
 
Isios-2024-Professional-Independent-Trustee-Survey.pdf
Isios-2024-Professional-Independent-Trustee-Survey.pdfIsios-2024-Professional-Independent-Trustee-Survey.pdf
Isios-2024-Professional-Independent-Trustee-Survey.pdf
Henry Tapper
 
Introduction to Indian Financial System ()
Introduction to Indian Financial System ()Introduction to Indian Financial System ()
Introduction to Indian Financial System ()
Avanish Goel
 
how to sell pi coins effectively (from 50 - 100k pi)
how to sell pi coins effectively (from 50 - 100k pi)how to sell pi coins effectively (from 50 - 100k pi)
how to sell pi coins effectively (from 50 - 100k pi)
DOT TECH
 
how to sell pi coins in all Africa Countries.
how to sell pi coins in all Africa Countries.how to sell pi coins in all Africa Countries.
how to sell pi coins in all Africa Countries.
DOT TECH
 

Recently uploaded (20)

how to sell pi coins on Bitmart crypto exchange
how to sell pi coins on Bitmart crypto exchangehow to sell pi coins on Bitmart crypto exchange
how to sell pi coins on Bitmart crypto exchange
 
655264371-checkpoint-science-past-papers-april-2023.pdf
655264371-checkpoint-science-past-papers-april-2023.pdf655264371-checkpoint-science-past-papers-april-2023.pdf
655264371-checkpoint-science-past-papers-april-2023.pdf
 
innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...
innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...
innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...
 
How to get verified on Coinbase Account?_.docx
How to get verified on Coinbase Account?_.docxHow to get verified on Coinbase Account?_.docx
How to get verified on Coinbase Account?_.docx
 
BYD SWOT Analysis and In-Depth Insights 2024.pptx
BYD SWOT Analysis and In-Depth Insights 2024.pptxBYD SWOT Analysis and In-Depth Insights 2024.pptx
BYD SWOT Analysis and In-Depth Insights 2024.pptx
 
where can I find a legit pi merchant online
where can I find a legit pi merchant onlinewhere can I find a legit pi merchant online
where can I find a legit pi merchant online
 
234Presentation on Indian Debt Market.ppt
234Presentation on Indian Debt Market.ppt234Presentation on Indian Debt Market.ppt
234Presentation on Indian Debt Market.ppt
 
一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理
一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理
一比一原版BCU毕业证伯明翰城市大学毕业证成绩单如何办理
 
how to sell pi coins in South Korea profitably.
how to sell pi coins in South Korea profitably.how to sell pi coins in South Korea profitably.
how to sell pi coins in South Korea profitably.
 
What price will pi network be listed on exchanges
What price will pi network be listed on exchangesWhat price will pi network be listed on exchanges
What price will pi network be listed on exchanges
 
how to sell pi coins at high rate quickly.
how to sell pi coins at high rate quickly.how to sell pi coins at high rate quickly.
how to sell pi coins at high rate quickly.
 
how can I sell pi coins after successfully completing KYC
how can I sell pi coins after successfully completing KYChow can I sell pi coins after successfully completing KYC
how can I sell pi coins after successfully completing KYC
 
Commercial Bank Economic Capsule - May 2024
Commercial Bank Economic Capsule - May 2024Commercial Bank Economic Capsule - May 2024
Commercial Bank Economic Capsule - May 2024
 
how can I sell/buy bulk pi coins securely
how can I sell/buy bulk pi coins securelyhow can I sell/buy bulk pi coins securely
how can I sell/buy bulk pi coins securely
 
Exploring Abhay Bhutada’s Views After Poonawalla Fincorp’s Collaboration With...
Exploring Abhay Bhutada’s Views After Poonawalla Fincorp’s Collaboration With...Exploring Abhay Bhutada’s Views After Poonawalla Fincorp’s Collaboration With...
Exploring Abhay Bhutada’s Views After Poonawalla Fincorp’s Collaboration With...
 
Which Crypto to Buy Today for Short-Term in May-June 2024.pdf
Which Crypto to Buy Today for Short-Term in May-June 2024.pdfWhich Crypto to Buy Today for Short-Term in May-June 2024.pdf
Which Crypto to Buy Today for Short-Term in May-June 2024.pdf
 
Isios-2024-Professional-Independent-Trustee-Survey.pdf
Isios-2024-Professional-Independent-Trustee-Survey.pdfIsios-2024-Professional-Independent-Trustee-Survey.pdf
Isios-2024-Professional-Independent-Trustee-Survey.pdf
 
Introduction to Indian Financial System ()
Introduction to Indian Financial System ()Introduction to Indian Financial System ()
Introduction to Indian Financial System ()
 
how to sell pi coins effectively (from 50 - 100k pi)
how to sell pi coins effectively (from 50 - 100k pi)how to sell pi coins effectively (from 50 - 100k pi)
how to sell pi coins effectively (from 50 - 100k pi)
 
how to sell pi coins in all Africa Countries.
how to sell pi coins in all Africa Countries.how to sell pi coins in all Africa Countries.
how to sell pi coins in all Africa Countries.
 

Unified payment interface and its security

  • 1. UNIFIED PAYMENT INTERFACE AND ITS SECURITY AKSHAY DIXIT BTECH.(CSE) AKGEC
  • 2. Your guide to UPI—the world’s most advanced payments system This is not hyperbole. India just crushed it!
  • 3. PM launching UPI(30 DEC. 2016)
  • 4. AGENDA ▶ 1.MISSION AND VISION ▶ 2.WHAT IS UPI? ▶ 3.WHY UPI? ▶ 4.BASIC STRUCTURE OF UPI ▶ 5.KEY INNOVATION TO UPI SUCCESS ▶ 6.PARTICIPANTS ▶ 7.KEY ASPECTS OF UPI ▶ 8.ROLE OF NPCI ▶ 9.ARCHITECTURE OF UPI ▶ 10.CONCEPTS
  • 5. Contd.. ▶ 11.VALUE PROPOSITION ▶ 12.ADHAAR FACILITIES SUPPORTED ▶ 13.NPCI CENTRAL MAPPERS ▶ 14.SECURITY CONSIDERATIONS ▶ 15.HOW SECURE IS UPI ▶ 16.IDENTITY AND ACCOUNT VALIDATION ▶ 17.PROTECTING ACCOUNT DETAILS ▶ 18.PROTECTING ACCOUNT CREDENTIALS ▶ 19.PROTECTING AGAINST PHISHING ▶ 20.MESSAGE SECURITY AND TRUST ▶ 21.ADVANTAGES ▶ 22.DISADVANTAGES ▶ 23.CONCLUSION
  • 6. MISSION AND VISION ▶ Mission Statement To ensure payment and settlement systems in the country are safe, efficient, interoperable, authorised, accessible, inclusive and compliant with international standards. ▶ Vision To proactively encourage electronic payment systems for ushering in a less-cash society in India
  • 10. KEY INNOVATION TO UPI SUCCESS ▶ The term “Virtual Payment Address” is used to depict an identifier that can be uniquely mapped to an individual account using a translation service. In addition to Aadhaar number and Mobile number as global identifiers (mapped by NPCI), PSPs can offer any number of virtual addresses to customers so that they can use the virtual address for making and receiving payments. ▶ Virtual payment addresses provide innovative mechanisms for customers to create addresses with attached rules for limiting amount, time (e.g., one time use addresses), and payees.
  • 12. KEY ASPECTS OF UPI ▶ The Unified Payment Interface is expected to further propel easy instant payments via mobile, web, and other applications. ▶ The payments can be both sender (payer) and receiver (payee) initiated and are carried out in a secure, convenient, and integrated fashion. ▶ This design provides an ecosystem driven scalable architecture and a set of APIs taking full advantage of mass adoption of smartphone.
  • 13. Contd…. ▶ Virtual payment addresses, 1-click 2-factor authentication, Aadhaar integration, use of payer’s smartphone for secure credential capture, etc. are some of the core features. ▶ It allows banks and other players to innovate and offer a superior customer experience to make electronic payments convenient and secure. ▶ Supports the growth of e-commerce, while simultaneously meeting the target of financial inclusion. ▶ Proposed architecture is well within the regulatory framework of the mobile and ecommerce transactions having 2 factors of authentication (2FA).
  • 14. ROLE OF NPCI ▶ Unified – hiding the complexity of dealing with disparate systems – both internal and external to NPCI. ▶ Expandable – to allow for innovations in newer forms of identity, authentication, and banking ▶ Adaptable -to the current way of life- ▶ Smart phones as an integral part of people’s identity ▶ Aadhaar as a form of online verifiable identity - authenticated by a third party ▶ Allow customers to enter credentials on their own device – even when the merchant requests funds. ▶ E Commerce.
  • 15. Contd.. ▶ Real Time – Allows banks to provide real time experience for interactive transactions. ▶ Secure – Allows for traceability through the entire transaction chain ▶ Monitorable - Allows for NPCI to monitor the system centrally
  • 17. CONCEPTS Every payment has the following core elements: ▶ Payer and payee account and institution details for routing and authorization ▶ Authentication credentials (password, PIN, biometrics, etc. as required for debit, can be bank provided or 3rd party provided such as UIDAI) ▶ Transaction amount ▶ Transaction reference ▶ Timestamp ▶ Other metadata attributes such as location, product code, mobile number, device details, etc. as required.
  • 18. Value proposition ▶ Simplifying Authentication ▶ Simplifying Issuance Infrastructure ▶ Flexibility for Users ▶ Enabling 1-click 2-FA Transactions ▶ Embracing Mobile Adoption ▶ Stimulating Innovation ▶ Embracing Aadhaar Adoption ▶ Creating National Interoperability
  • 19. ADHAAR FACILITIES SUPPORTED ▶ Aadhaar Authentication ▶ Aadhaar e-KYC ▶ Aadhaar Enabled Account (AEA) ▶ Aadhaar Payment Bridge (APB) ▶ Aadhaar Enabled Payment System (AEPS)
  • 20. NPCI Central Mapper ▶ Aadhaar as the Payment Address ▶ Mobile as the Payment Address
  • 21. SECURITY CONSIDERATIONS For data security, the following classes of information are defined: ▶ Sensitive Data - Data such as PIN, passwords, biometrics, etc. These are not to be stored and should only be transported in encrypted form. ▶ Private Data - Data such as account number. This information may be stored by the PSP, but only in encrypted form. ▶ Non-Sensitive data - Name, transaction history (amount, timestamp, response code, location, etc.) that can be stored in unencrypted form
  • 22. How secure is UPI? Nilekani said the security is fool-proof as the transaction will happen in a highly encrypted format. Already NPCI’s IMPS network handles more than Rs.8,000 crore worth of transactions a day, which will exponentially increase with the use of mobile phones. 2 Factor authentication – similar to OTP will be there as its mandated by RBI. In this case, MPIN instead of OTP will be used.
  • 23. Identity & Account Validation Identity Data Validated When How By Mobile Device PSP & NPCI Customer SMS based OTP initially against the (via common Registration & registered mobile and using library) during HOTP/TOTP for implicit verification transaction during every transaction Aadhaar PSP Customer Aadhaar e-KYC / Authentication or Number or Registration PAN card verification PAN number Customer PSP Customer Aadhaar e-KYC / Demographic Name Registration Authentication, matching with PAN card verification Account PSP Every time a Ideally via an API offered by account Details - payment account providers or via a small value (e.g. Number, is added Rs.1/-) transaction Account Ownership,
  • 24. Protecting Account Details ▶ Protecting during capture ▶ Verifying the account details with account provider (bank, PPI, etc. - new API may be needed from banks, or Re-1 transaction may be done to validate) ▶ PSPs storing the data should be always in encrypted form
  • 25. Protecting Authentication Credentials ▶ Authentication credentials encrypted during capture using the public key of the authentication provider ▶ "Trusted" common library for credential (MPIN/Password/PIN/Biometrics) capture. This library needs to bind customer mobile using HOTP/TOTP which is verified as part of transaction
  • 26. Protecting against Phishing ▶ 3 core techniques may be used to protect against phishing: ▶ Individual (nonentities)pay/collect transactions can be against pre-created and verified address (quite like in the case of NEFT). ▶ Allow direct/collect against ONLY whitelisted within the payer’s pre-listed entries. Payer must add the payee explicitly into this list (quite life NEFT settings). During this, address verification can be done. ▶ For individuals ▶ PSP application should mandatorily share Aadhaar number and verified name which is part of customer information block which can be shown by the second PSP to their customer
  • 27. Contd.. ▶ For entities ▶ PSP application should mandatorily share PAN number and verified name which is part of customer information block which can be shown by the second PSP to their customer ▶ Whitelist entities (popular ones) and blacklist/rating at central database (NPCI) and show “verified symbol
  • 28. Message Security and Trust ▶ Every messages within the unified system must be digitally signed ▶ Every message has unique transaction ID (that spans across the organizations for same transaction) and unique message ID for every request-response pair ▶ All APIs must be done over a secure channel (HTTPS) ▶ Auditing transaction (no sensitive data) data for appropriate number of years
  • 29. ADVANTAGES OF UPI ▶ Minimal Charges and Instant ▶ No Need to Fill Details ▶ No need for Registration and always Available
  • 30. Disadvantages of UPI ▶ Transaction Limit ▶ Requirement of Internet and Smartphone ▶ Difficult to Convince the Customers
  • 31. CONCLUSION UPI can replace NEFT, IMPS and RTGS as UPI has only 1 unique ID of he recipient and is required for an instantaneous transfer of funds. It is much more easier than the other modes of transfer. In future it is expected to replace the other modes of payments as it makes payments very easily.