top of page
This site was designed with the
.com
website builder. Create your website today.Start Now
    • Jan 16, 2023

Flows in UPI - Sequence flow (VPA, Aadhaar, Mobile)

Ever imagined how GPay , Paytm and Internet banking is providing UPI services to Indian customers, Also how Govt. of India is proud about offline UPI services.

We will decode one by one with basic flows explained about UPI with different use cases. Also we will list some other non-financial transaction flows which supports the UPI system.


Before we start lets we fix some understanding about certain terms and entities , below are the entities which I believe are self-explanatory, they take part in the process of UPI transaction,


- Merchant and Customer or Consumer

- PSP (Payment service provider)

- Acquirer Bank and Issuer Bank

- Remitter Bank and Beneficiary Bank

- UIDAI(NPCI Mapper) , USSD (NPCI Mapper), IMPS

- P2P, P2M, M2P (peer to peer, peer to merchant, merchant to peer)


First process in this flow of UPI is to have customer create their account in PSP application . A PSP application be created by banks or by third party like Google (GPay), Flipkart (PhonePay) , Paytm who let user create their account and register their VPA. A PSP responsibility it is validate the remitter VPA, initiate the transaction and carry debiting of remitter account (via Bank).


Indian govt. or NPCI has played a nice game for financial inclusion by letting Indian consumer to only permitting debit to their account by letting user authenticate via their mobile device. This creates trust and control by the remitter to permit cash transaction only when the user allows it. The security of the account and UPI has been given by two factor authentication

  1. by PSP application PIN or biometric

  2. by issuer bank PIN set for UPI/or UIDAI Biometric

Every VPA from a PSP has a handle approved by NPCI and user identify another user account by these VPAs. Let get close encounter with UPI scenarios:


A. P2P via VPA, when both the PSPs are account handling Banks (Remitter and Beneficiary)


NPCI Library makes whole validation and debit request flow to be executed.

Without NPCI library a PSP which is also Remitter bank can debit the customer account and request UPI for credit.

Steps:

  1. remitter will initiate by giving beneficiary PSP (bene@icici)

  2. acquirer PSP, also being remitter bank, will identify remitter account from the remitter VPA handle (remit@hdfcbank) and send details to UPI in request.

  3. UPI will validate and give forward the request to receiver/issuer PSP also called beneficiary PSP, post identifying the handler.

  4. receiver/issuer/beneficiary bank PSP will then validate and send Account details to UPI as response.

  5. UPI will request the remitter bank PSP to debit the customer account.

  6. Remitter /acquirer PSP will be sending success response to UPI

  7. UPI will then request beneficiary bank/receiver PSP to credit the customer account whose VPA was (bene@icici).


B. P2P via VPA when beneficiary bank and receiver/issuer PSP are different entity and beneficiary bank is registered with UPI.


A third party PSP will only be able to configure user account with VPA handle if the user account bank is registered with UPI.



Steps :

  1. remitter will initiate by giving beneficiary PSP (bene@OKicici)

  2. acquirer PSP, also being remitter bank, will identify remitter account from the remitter VPA handle (remit@hdfcbank) and send details to UPI in request.

  3. UPI will validate and give forward the request to receiver/issuer PSP and it's not called beneficiary bank.

  4. receiver/issue PSP will then validate and send Account details to UPI as response.

  5. UPI will request the remitter bank PSP to debit the customer account.

  6. Remitter /acquirer PSP will be sending success response to UPI.

  7. UPI will then request to issuer psp to send back beneficary account details as registered by them for the beneficiary.

  8. UPI will be then requesting beneficiary bank system as identified by the response from receiver PSP to credit the customer account whose VPA was bene@OKicici.

  9. the customer / remitter with VPA remit@hdfcbank will get confirmation of transaction went successful.

C. P2P via VPA when beneficiary bank and receiver/issuer PSP are different entity and also remitter bank and acquirer PSP are different entities . Also both banks are registered with UPI.




Steps:

  1. Remitter will initiate by giving beneficiary PSP (bene@OKicici)

  2. acquirer PSP will identify remitter account from the remitter VPA handle (remit@paytm) and send details to UPI in request.

  3. UPI will validate and give forward the request to receiver/issuer PSP and its not called beneficiary bank. UPI will identify the receiver PSP is third party Paytm.

  4. receiver/issue PSP will then validate and send Account and bank details to UPI as response.

  5. UPI will request the remitter bank to debit the customer account whose VPA was remit@paytm.

  6. Remitter bank will then give response of debit to UPI.

  7. UPI will then request the issuer PSP as identified with remit@paytm and request for bank details.

  8. UPI will then request beneficiary bank system as identified by the response from receiver PSP to credit the customer account whose VPA was bene@OKicici.

  9. the customer / remitter with VPA remit@paytm will get confirmation of transaction went successful.

There are some other scenarios where payments are requested based on account and IFSC code or Aadhaar number or mobile number (registered by mobile banking MMID).


D. P2P via Aadhaar number from PSP to beneficiary bank (registered as PSP)


Steps:

  1. Remitter will initiate by adding Aadhaar number to the application given by PSP. The remitter may authenticate the transaction with Biometric fingerprints.

  2. Acquirer PSP will send the data to UPI and UPI will have its interface with UIDAI.

  3. UIDAI will then validate the Aadhaar and cross verify biometric. Post which it will give response to UPI for the account details.

  4. UPI will then request the remitter bank to debit the remitter, Post which remitter bank will give response to UPI.

  5. UPI will then request the Beneficiary bank (if they have registered to PSP) to credit the beneficiary, post which beneficiary bank will give response to UPI. if Beneficiary bank is not in UPI, UPI connects with IMPS system directly by sending converted credit request message into ISO8583, and request the beneficiary bank to credit the owner.

  6. UPI will then give confirmation response to the remitter PSP and thus, customer.


E. P2P via Aadhaar number from PSP to beneficiary bank (not registered as PSP)


Steps:

  1. Remitter will initiate by adding Aadhaar number to the application given by PSP. The remitter may authenticate the transaction with Biometric fingerprints.

  2. Acquirer PSP will send the data to UPI and UPI will have its interface with UIDAI via NPCI Mapper.

  3. UIDAI will then validate the Aadhaar and cross verify biometric. Post which it will give response to UPI for the account details.

  4. UPI will then request the remitter bank to debit the remitter, Post which remitter bank will give response to UPI.

  5. UPI will then request the Beneficiary bank, as Beneficiary bank is not in UPI, UPI connects with IMPS system directly by sending converted credit request message into ISO8583 and request the beneficiary bank to credit the owner. Post which IMPS gives response back to UPI.

  6. UPI will then give confirmation response to the remitter PSP and thus, customer.

Note : USSD flow or offline flow also mostly work similar as Aadhaar, only just USSD *99# service helps in Aadhaar resolution or Mobile banking resolution. let me know if you want diagrams of


The Mobile banking PIN or biometric details will be sent to UPI and then to Aadhaar or USSD in encrypted form (PKI) so as to secure the transaction, and also response, user account data, comes back to UPI in encrypted form.


F. Payment collection from payee to payer.

The payment collection from Payee can be initiated by any system Mobile or Non-mobile application but as payment authorization is carried by payer in his registered mobile.




Steps:

  1. Payee makes a collection request via its acquirer PSP, adding amount and schedule time by which it wants the payment to be done, thus expiration is set. The request will have amount, due date and payer VPA (payer@okicici)

  2. UPI will be validating the request and send the response to the payee via acquirer PSP

  3. UPI will be sending the collection request to payer via its UPI handler (payer@okicici) and thus the PSP GPay.

  4. If by the scheduled time or due time user makes authentication of the payment, then payment will proceed start the whole process as scenario C steps.


G. Merchant triggering payment collection


Merchant required to be onboarded to acquirer PSP and acquirer PSP can give an SDK so that merchant can invoke collection request to payer from its dedicated mobile app or web app or gateway.

Steps:

  1. Merchant makes a collection request via its acquirer PSP, adding amount and schedule time by which it wants the payment to be done, thus expiration is set. The request will have amount, due date and payer VPA (payer@okicici)

  2. UPI will be validating the request and send the response to the payee via acquirer PSP

  3. UPI will be sending the collection request to payer via its UPI handler (payer@okicici) and thus the PSP GPay.

  4. If by the scheduled time or due time user makes authentication of the payment, then payment will proceed start the whole process as scenario C steps.

More or less flow diagram is same as F scenario.



H. AUTOPAY scenario

UPI has also come up with autopay for merchant payment service, the onboarded merchant can request recurring payment and can request payer to authenticate the mandate set up by this collection request.

This merchant service can have the mandate creation system to be created manually or automatically via API or portal, in the portal the merchant can also see the various mandate created and can cancel them too.




For Acquirer PSP to initiate request for the remitter, NPCI libraries will be used to securely send the data to UPI . Various APIs (request and response) which comes for financial and non-financial transactions are given below :


Transcation APIs:

ReqPay /RespPay

ReqAuthDetail /RespAuthDetail

ReqAuth

ReqTxn

ReqCollect

ReqAuthCollect


Non Transaction APIs:

ListPSP

ListAccountProviders

ListKeys

ListAccount

Bal Inquiry API

Mandate API

Check Transaction


Plus some more additional APIs are present which can be used. but majority of them are shown above.

bottom of page