MUMBAI: The Unified Payments Interface (UPI) – a new open source platform for mobile-to-mobile fund transfers without account details – will bring about a disruption, Nandan Nilekani, former chairman of the Unique Identification Authority of India (UIDAI), said. The launch of the platform will facilitate transactions between mobile apps of different banks by bringing about interoperability.
“Currently, mobile wallets are not interoperable. You cannot make payments from one to another. Increasingly with UPI coming in and wallet companies becoming payments banks, their coming on to the UPI platform will make them interoperable,” said Nilekani. The co-founder of Infosys and adviser to the National Payments Corporation of India (NPCI) on the UPI was speaking in a video discussion, which was part of the SISA summit – a seminar on payments security. Work on the UPI platform started last year and it is expected to be launched in a couple of months. In the second phase, UPI will plug into UIDAI for biometric identification.
According to Nilekani, while NPCI’s IMPS (immediate payment system) – a mode for instant online fund transfers – has captured 30% market share, it is largely used for transferring money. The UPI will enable merchants to send debit requests to account holders, which is the equivalent of swiping a card but without having a physical card or even the customer’s account details. The customer will have to authenticate the debit using his PIN, which would result in a funds transfer.
UPI is expected to be a game changer because unlike other competing platforms, it is promoted by NPCI which is owned by banks and operates as a cooperative. NPCI is making UPI open source, so that it is available to all banks. What this means is that while banks will design their own apps, these can communicate with the apps of other banks. According to security experts, UPI will change the dimensions of security. “In the card environment, there were only four players – the consumer, the merchant and the two banks. Here the number goes up manifold. Unlike the point of sales terminal, which is a dedicated device, the consumer could be asked the PIN when he is surfing a website. The threat landscape therefore becomes magnified,” said Dharshan Shantamurthy, founder and CEO of SISA – payment security specialists.
“The way you think about security in the open internet world is different from the way in which you view security in the card world,” said Nilekani. He said that UPI would bring the concept of virtual payment address. While in the card payment world the merchant stores card details, which raises the risk of a breach, in UPI the payment is based on tokens without the merchant receiving any credentials like account number.