UPI: India's Unified Payments Interface(the-other-side.blog) |
UPI: India's Unified Payments Interface(the-other-side.blog) |
1) UPI is unreliable. Based on my experience, it doesn't work many times per day. I once needed to beg my friend to pay for me after realizing that it didn't work when i purchased something in shop but had no money(only upi account)
2) It is closed source. UPI forces every App that uses UPI to use it's closed source code.
3) I find Bank transfer like IMPS/NEFT more reliable than UPI.
4) One advantage of UPI is it's id which led to discovery of account (through qr code) . This is also the reason it got adopted by people.
> 3) I find Bank transfer like NEFT more reliable than UPI.
NEFT is great for occasional transfer of a large amount of money, but not for daily transactions as it requires a lot of info compared to UPI (it needs the receivers name, account number, IFSC code, branch name compared to UPI's singular <person>@<bank> id)
2) An ID could be created for IMPS account like in BHIM to mitigate the "lot to fill" problem.
It’s still not real time, but NPCI doesn’t see your transactions :)
I have made thousands of UPI payments, make at least 1 payment daily, and never has a payment failed after telling me it has succeeded. I get an immediate fail/pass and that has never been wrong.
> I find Bank transfer like IMPS/NEFT more reliable than UPI.
I find NEFT to be very unreliable in the time it takes to complete the transaction.
I think the main driver of UPI adoption is the immediate nature. It is as fast or faster than transacting in cash. NEFT/IMPS etc need you to add payee, confirm addition using 2 factor, wait for 24 hours to get it unlocked, then the actual payment also takes at least a couple of hours, it doesn't work on weekends. UPI is literally 10 seconds from scanning QR code to the shopkeeper getting a confirmation on their phone. It takes more time to deal with cash!
Not saying it is 100% reliable, but there's a good possibility the aggregator you are using (GPay / PhonePay / etc.) might have issues on the whole or with the account.
One reason behind this (communicated to me by a friend who has some insight into the banking system) is that the government has prohibited charging for UPI transactions. So every bank needs to maintain the infrastructure to integrate with UPI but don't make money off it. This leads some to not treat it with priority (a good to have, not a necessity) or treat it like IMPS/NEFT/RTGS (which only work in a fixed time window).
Overall the reliability is still quite good and with increasing reliance of the masses on it, it will hopefully get better.
80% of fintech is excel sheets getting sent from one system to the other. A lot of these were baby-sit earlier, and RBI changed this over a year or so. They asked for banks to make sure the processes were automated first, then lots of test-runs.
I think another important reason was that the morning rush (build-up of pending transfers) was causing issues and chokepoints. Smaller window-sizes helped fix that.
With vernacular support/affordable cellular data, these apps have found its users even among those who have never used a computer in their life to login to their banking portal or used debit card before to conduct any online transactions earlier.
Now, what 'I' don't like about it,
Extraordinary dependence on 'Mobile Number' for security, RBI(India's central bank) requires personal phone number to be synced with the bank account, so these 'UPI' apps send SMS from the phone at random to 'verify' that it's actually you i.e. if the phone number matches its you. If you are like me, who has the phone in aeroplane mode 24*7 or use cellular on-demand be prepared for transaction failures at best to getting locked out of the UPI apps at worst.
Then there is the question of SMS OTP as the backbone of Indian banking infrastructure's 2FA security, we know SIM-Jacking attacks are getting prevalent every passing day, coercing an employee of a Telecom who earns minimum wage is not that difficult and especially since there is zero 'cyber-security' awareness among much of the population; attackers just dupe many of them into giving them the OTP[1].
It's high time banking infrastructure here start supporting hardware tokens or at least TOTP apps and UPI has to hedge its unique id dependence to email id as well.
[1]https://economictimes.indiatimes.com/wealth/save/beware-of-t...
Western countries in your statement is probably mainly USA, as most of Europe has been using contactless payment via NFC for many years.
Apple Pay is effectively just using the phone’s NFC chip instead of that embedded in the debit/credit card, although it does bring one advantage: Because the iPhone has its own authentication system, you’re never asked for PIN code when paying with your phone, whereas paying with a debit/credit card will ask for PIN if the amount is above a certain threshold, or if it hasn’t asked for a long time.
I have been using payment apps in Asia, not India, but Apple Pay is definitely more seamless (or NFC enabled cards), as these only require you to hold them near the terminal, whereas a payment app require first being launched, and then either scanning a QR code and confirming, or bringing up your QR code to have the cashier scan it.
Don’t get me wrong: I am very much a fan of the concept of UPI, I am commenting just to clarify that universal payment interface with third party apps is different than NFC enabled payments, where I think it is really the latter, that your friends in Western countries are describing as seamless.
One example is Visa Japan has some ongoing fallout with Apple and JR East, so you cannot use your Visa credit card to top up your Suica transit card with Apple pay, but it works fine on Android with Google pay. Lot of merchants get confused between NFC/Apple Pay/Google Pay/Visa Pay and so many spin offs of something that's essentially just NFC A-B mode of payment.
With Osaifu Keitai you just choose one provider - Passmo, Suica etc and just top up money in any form you want - cash, credit card, debit card, points etc. And it just works. No internet, no middlemen and sub millisecond latency which is very crucial transit payments.
So, I completely understand when you mean NFC payments vs UPI. I made my statement not as a direct technical comparison, but to inform that there is a way for seamless payments in India now which wasn't available earlier. Btw, Apple has put its plans to integrate UPI with Apple Pay on hold due to disagreements with data storage, I wonder what its doing in China.
Interestingly, it's not my friends in US who raved about Apple Pay but those in England(Not sure what's that about).
UPI withdraws money out of your bank account -- in that respect it's like a debit card with no way to "claw back" wrongly-sent money short of going through the justice system, which is notoriously slow in India.
It's useful for what it is, but needs way more work (especially in the ability to recall payments and/or address fraudulent transactions) to become a payment system that protects even the technically less proficient.
[1] https://timesofindia.indiatimes.com/city/bengaluru/customers...
[2] https://indianexpress.com/article/technology/tech-news-techn...
>attackers just dupe many of them into giving them the OTP[1]
I also think there is no way to change the upper limit of the transactions with UPI i.e. its Rs.1,00,000 in most banks/transaction/day. Where as for Debit/Credit card we can set it to even Rs.1000 and other sub-limits as fraud prevention methods via the bank portal.
So if someone has set such limits for Debit/Credit card(everyone should), if the card gets stolen/cloned and if the hacker/thief tries to withdraw it in an ATM even in other side of the world, all they would get is a maximum of Rs.1000 when compared to Rs.1,00,000 via UPI.
Also private companies are not that great in protecting the card details, like remember when Paytm wanted us to enter our card details on the merchant's phone during demonetisation? I disclosed it as security vulnerability[1] to them, they withdrew the PoS feature, told me that it was done due to business decision and not because of any security implications. When News media enquired about my disclosure to its CEO, he told them “This news is false” although the the News site had independently verified my claim[2].
Then again, if the SIM gets jacked or the telecom employee gets compromised all bets are off in India, everything from the identity to savings could be lost.
[1]https://abishekmuthian.com/paytm-says-to-me-that-its-pos-fea...
[2]https://www.medianama.com/2016/12/223-paytm-merchant-payment...
The only internet connected device these users have are the cheap smartphones and within the phone perhaps only complex apps that they are familiar with is messaging (apart from entertainment and 'selfie' related ones).
So any other authentication mechanism (email or others) would see the usage plummet.
True, but Security > Friction; especially when it comes to hard earned wealth in a poor country like ours, where even daily wage earners use UPI now, especially because of COVID-19 induced lockdowns(COVID-19 themed UPI frauds for OTP are also increasing at the alarming rate for the same reason).
More over email is Federated, not owned by any single entity, I can run my own email infrastructure with minimal expenditure if needed. But for phone number itself I have to depend upon a Monopoly, Duopoly or an Oligarchy at best who if needed can screw me up if they want at anytime.
Few phones with more than decent specs:
https://www.flipkart.com/oppo-a5s-black-64-gb/p/itmffhgzsqac...
https://www.flipkart.com/redmi-8-emerald-green-64-gb/p/itme0...
https://www.flipkart.com/realme-narzo-10-that-blue-128-gb/p/...
Yeah this sucks. I haven't been in India since 2018 and I'm locked out of UPI after my previous phone died.
Can you clarify on this? I’ve made transactions with UPI over in-flight Wi-Fi and no cellular coverage. The entire protocol does not require cellular/SMS coverage beyond the initial setup. Unless your specific PSP is doing some risk checks and signing you out, I don’t see why this would happen. The SIM-bindings are supposed to be persistent in nature.
Maybe your PSP is over-eager and you should try switching?
Not sure whether aeroplane mode interrupts app's ability to fetch unique hardware ID like(IMEI, MEID, ESN, IMSI) but I've had such troubles multiple times, but as I said my phone is always on Aeroplane mode.
>Maybe your PSP is over-eager and you should try switching?
Could be. But the choice of apps according to me range from, less trustworthy to totally not-trustworthy and so I'm out of luck there as well. Nowadays, I just enable cellular services for few minutes, recharge that damn thing, before UPI transactions.
Search Google News for [upi fraud India]. It happens far more than you think.
1. Security: Signup requires phone number validation via SMS and phone number must be registered with bank. It also requires additional details like debit card validation. This makes is hard to spoof. After signup your device finger print is stored with NPCI and this works as 1st factor. An additional PIN is also required during signup. You can send money only from registered device and requires fingerprint and pin validation.
2. Every digital transaction in India triggers SMS, so that provides additional transparency to user.
3. All payments are from bank account to bank account and they happen in real time! Also no transaction fee!
4. Merchants require no special equipments and they advertise their VPA usually via QR code in shops so it’s easy for users to pay.
4. Online payments can be either user triggered or can be requested via pushing payment request to user app. However user needs to approve the request with pin.
Point 3 & 4 were the biggest reasons why India adopted it pretty quickly. Also ofcourse due to Jio boom & cheap chinese smartphones!
For anyone that's curious, the platform's home page at https://nibss-plc.com.ng/ has a nice little statistics summary of both POS and account-to-account transactions (you might have to scroll past the fold). There's five-minute and whole day numbers for total transactions and error rate broken down into types of errors - it's a nice bit of transparency.
It's a big problem when Visa, Mastercard, and PayPal control a large part of money transactions.
UPI = Venmo + Paypal
UPI Autopay = open credit card subscriptions pull
PCR = Open FICO+Equifax
NBFC-AA = Open Plaid
Digilocker = Open docusign+dropbox
OCEN = Open Lendingclub
Together, they are called IndiaStack (along with our upcoming health and drone apis).
Concurrent with negotiations to build on UPI, there were also leaks and stories by both sides in the press to bolster or communicate positions. For example, there was one story where an official said that a tech CEO made a commitment. The tech CEO did not make that commitment. That company's team had their own set of meeting notes confirming their position. Other companies were livid with the tech company for supposedly taking that position. With the story now published, the tech company could not publicly deny the story or else they would anger the other side. So they quietly rolled with it.
It is also a credit to PayTM's CEO. Their CEO saw that succeeding with UPI was a matter of survival. Backed up against a wall, he fought back against his competitors with everything he had and is winning so far.
Someone needs to write a book on the behind the scenes happenings.
Given PayTM’s losses[1,2], I find “winning” an odd choice of words.
The reality is that digital payments in India experienced an artificial “bump” following India’s ill-thought demonetisation experiment, which has evaporated since. And what growth there is, is on vendor-neutral UPI (which Facebook, Google, Jio et al can all use) rather than proprietary e-wallets like PayTM.
[1] https://timesofindia.indiatimes.com/business/india-business/...
[2] https://www.livemint.com/companies/news/paytm-sees-its-losse...
IMHO, this is how it should be, a bank-agnostic standard set by the central bank that other services use to connect to the central and with each other. Competition is good? Yes, but not when it's a complete mess.
But people need to realize one aspect of UPI that it is exactly as unsafe as cash. Would you send cash to someone over the phone for accepting delivery of a product later? No. So don't do that with UPI.
Use UPI when it would be appropriate to use cash, when you're standing face to face with the seller. Just think of it as more convenient cash. Otherwise, it is ripe for exploitation by thieves.
Yup exactly. As someone mentioned above, it's a frictionless payments system, unlike Visa/Mastercard which also offer dispute resolution.
Of course, if you trust the vendor, I don't see why you should implicitly pay for the protection mechanism of Visa/Mastercard when UPI is literally free.
So far. Lots of banks are fighting to introduce fees. The actual cost is getting subsidised so far, but there are no free lunches. Banks can't keep this up forever.
Two key aspects of NUE are, it could be a for-profit, and it'll be governed by India's FDI rules, meaning foreign investments are allowed and could even be encouraged as FDI rules get relaxed.
Both these are in direct contrast to NPCI's charter which is a not-for-profit and entirely owned by Indian entities. In fact NPCI is a quasi government organisation, owned by a combination of RBI and Indian banking association.
Google (through its India subsidiary) has already applied for building/operating an NUE, and I won't be surprised if Facebook has done it too.
I just hope that 20 years down the line we won't end up with a fragmented quagmire with half a dozen payment networks each of which don't talk to anyone else. UPI solved a huge problem of interoperability and it'll be a shame if its seamlessness is squandered away.
[1] https://www.rbi.org.in/scripts/bs_viewcontent.aspx?Id=3832
By Indian entities, if you do include Citibank and HSBC (local arms), then yes. The promoters are private and public banks.
> In fact NPCI is a quasi government organisation, owned by a combination of RBI and Indian banking association.
It's promoted by RBI, but not really owned by it. The ownership lies with the consortium of private and public banks.
The real problem is most banks backend systems are still old mainframes where this isn't possible.
Source: I'm a prior developer at multi-billion dollar payment processor working with many acquirers.
I agree with India's protectionist attitudes that's kept Western companies from monopolizing the ecosystem though. It works well enough, much to chagrin of SV tech companies lol.
"National Payments Corporation of India (NPCI) is a non-profit set up by the Government of India to facilitate digital payments. They facilitate many payment schemes (like IMPS, BBPS, FASTag, etc.)"
It is not controller by the government and is a separate entity that more or less operates as a conglomerate of major banks.
One important reason for the growth is the explosive increase in 4G connectivity in the last 4 years, which has data usage on mobile see a compound average growth of 93% to become the highest in the world at 11.2 GB per user / month. The rates are almost laughably cheap, at around 0.20 USD/GB.
COVID has also driven more recent growth because people don't want to handle cash.
Your bank presumably knows a bit more about you than... nothing like a free Gitlab user and the account is valuable to both of you. So they can "just" do old fashioned manual account recovery as they would have in 1820 or 1920.
If I lose my phone and all backup authenticators, maybe in a house fire or something, I can live with the fact that maybe I need to go in person to a big stone building and talk to a human face-to-face about account recovery. My home just burned down, I think I can make a little time for essentials like that.
> Imagine the pain that everyone has to go through in reaching a consensus when configurations or infrastructures change. It would be chaos.
Welcome to the Internet.
The financial system in practically every country is already fully controlled by a central authority, and for good reason: finance is critical to national security and financial decisions are inherently political, therefore finance is controlled by political authorities.
It is more akin to a not for profit VISA than the Fed Reserve.
The equivalent for US would be for VISA to have a marketshare of 90% and MasterCard around.
RBI floated a paper recently trying to setup a alternative body to fix this, but this might take ages.
For context: we're a small B2C bootstrapped company offering online anatomy learning. We use Stripe and Paypal (via Fastspring), but it seems like it's far from enough for the local market in India...
They also support a variety of wallets.
Instamojo actually advertises that they support over 100 payment methods.
Some of these payment gateways also allows you a "Pay Later" option which allows the user to pay via a micro loan that they take from the gateway. This is apart from the credit card, debit card options.
Razorpay: https://razorpay.com/payment-gateway/
Instamojo: https://www.instamojo.com/
Disclaimer: I work at Razorpay.
But how about NOT having to pay banks for instantaneous funds transfers to any 3rd party? And how about actually have instantaneous funds transfer to any 3rd party (something which does not exist in the US banking system)
Same surveillance, lower costs, faster payments.
And no, my bank won’t give any details about my account and its transactions (unless I do something really horrible), even to the national tax authorities (I live in Switzerland, where bank secrecy is still a thing, at least for the residents/citizens).
For comparison, in Singapore, the local UPI-like "PayNow" network uses numbers as IDs, meaning you can easily send money to anybody in the system (these days virtually everybody) without needing to know their bank. You can also transfer to any Singaporean company or organization via their Unique Entity Number, which is an existing company/org ID assigned at formation that includes a checksum.
Maybe I don't want to give people my phone number
Maybe I have multiple phones
Maybe I anticipate changing my phone number (maybe I hate my current carrier)
Maybe I want something easy for people to remember, or catchy "mybusinessname@mybank"
Forcing people to use a particular naming regime should only be done if there is a very compelling case for limiting your users
UPI truly is a revolution. I can have a 6Rs chai tea (8 cents) from a road side tea stall and pay using UPI with zero transaction fees.
With just phone number, I will need to get multiple sim cards for each bank account.
(User of both UPI and PayNow)
However, VPA lookups are public (VPA->Name), so your mobile Numbers can now be used to get your real name, which resulted in a lot of backlash and PSPs making this an opt-out feature.
If not fraud, it will clutter the whole experience of UPI payments.
This is also a country where millions of people give their transaction data willingly to companies like Walnut.
This is actually an America problem and not a world problem. Even cards and POS in Europe are chip enabled. On the other hand, I have used my PIN-less American credit card in Europe and India and it always worked without asking for a PIN.
Indian websites accepting online payments are usually extremely poorly designed and can't handle International credit cards at all. Most even require that you must have Indian phone number.
+1, the entire online banking experience sucks.
buy Internet access on international airports in India. It is impossible unlike rest of the world. The worst thing is that to even get in the Indian payment system you need govt issued citizenship documents and wait for approvals
That's not true. There are cell-phone service providers on the Airport that issue you a working SIM with an international passport on the spot. You don't need Indian citizenship. But you do need an Indian bank account for UPI.
India, in response to various terrorist attacks, enacted laws that made:
1. Burner phones impossible. Every new SIM requires a physical KYC
2. Every bank account requires KYC. And linking to a phone number
3. If you are a public WiFi operator(such as an Airport or a Internet Café), you are bound by law to keep KYC records of who used your services. The easiest way for this in India (that covers almost everyone) is to send an OTP over SMS. Sadly, this doesn’t work if you just landed in India and don’t have a working SIM.
The credit cars on PoS is more of a US issue because US banks refuse to support chip-and-PIN. With NFC payments being supported more and more (no PIN required), this should get easier - but I don’t think of this as a fault in the Indian system.
Disclaimer: I work at a Indian payments company.
From a user's stand point this is a fair criticism. However, if it helps to mitigate your bad user experience, it helps to know the larger context in this this exist.
The government of India's first, and mostly sole, priority is to build a payment network and get most of its citizens adopt it. This is an unprecedented challenge at multiple levels which very few know, let alone appreciate.
Back when UPI was being built, the digital infrastructure was shitty, smart phone penetration was not much to speak of, banks were unwilling to support this, merchants didn't care, most of the citizens didn't even have a digital/online identity let alone bank account -- just to name a few challenges. Overlaid on that is the incredible diversity, scale (1300+ millions), political diversity and so on. Multiple and parallel mega-initiatives had to be carried out (Adhaar for identity, Jandhan for bank accounts, NPCI to pull together all the banks, overhauling subsidies system) besides indirect push through demonetisation.
For the Indian government, payment infrastructure was a means to several ends such as equitable distribution resources, plugging the subsidy leakage through corruption.
Now in all this international users' use case is so low down the priority that no one would even bring it up, let alone acknowledge it. Even if we go by just numbers, international transactions are so low in comparison that it's less than round off error.
With that, let me try to address your frustration points because not all of them are unique or specific to India.
> Indian POSes expect pins and most international credit cards do not have one so they get auto-decline
As others have pointed out this is mostly due to US cards being behind the curve in adopting better security standards.
This is a feature not a bug and neither is it specific to India. Between acquirer, issuer, network and regulator any one could demand the POS to enforce a PIN failing which merchant is expected to be liable for fraudulent transactions.
> Some slightly smarter POSes will try to do things like Verified by Visa and usually there are so many bugs in implementation that things never gets through.
Verified by visa (VBV) is one specific implementation of 3DS (3-domain-secure) for online payments. You seem to be confused between POS payments and mobile/web payments. But this is a valid observation/concern. There way too many systems involved in the transaction chain and coupled with India's not so reliable internet infrastructure it's a recipe for shitty experience. Though it's improving fast.
> One of the challenge I give to non-Indian folks is buy Internet access on international airports in India. It is impossible unlike rest of the world
The best way to circumvent is to buy airport lounge access. Almost all the lounges accept international cards so you should be fine. It's bit expensive but not so much in $ terms and the lounges are in fact quite nice with free food/drinks nice seatings etc., :-)
> The worst thing is that to even get in the Indian payment system you need govt issued citizenship documents and wait for approvals.
This, unfortunately, is the by-product of Indian government prioritising Indian citizens as I explained above.
> Indian websites accepting online payments are usually extremely poorly designed
This however is fast improving, especially if you use native mobile apps. But even then you do have to contend with 2FA with is downright horrible on mobile device but there are some auto-otp-read features that reduce the pain.
There's been a talk of dropping 2FA requirement for low value transactions but I think it's still to be done.
> can't handle International credit cards at all
This, again, is a feature. The fraud rate is so high on international card that it's just not worth it to enable them. Note that the issue here is on the issuing side i.e., stolen US cards are dime a dozen and shockingly they just work out of the box thanks to next to no fraud control on them. There's an option to go through Stripe/Paypal etc., but then their rates are very high (again, due to high fraud rate of US cards) that it doesn't make business sense.
> So imagine you come to airport, have working International plan but you can't use it for payments or anything because the entire system assumes you are an Indian citizen with documents, all government approvals done and have a mobile phone number in India.
This too is a by-product of what I explained above. That said, within International Airports your card should just work fine on POSes. Because those POSes are configured to accept them as, well, they in fact deal with more foreign issued cards than Indian ones. So I'm surprised to hear that that's not the case. Something doesn't add up here.
This is by design, because the Indian government is terrified of anonymous phone/internet access and doesn't care one whit about user experience.
Prepaid SIM issuers and internet cafes alike are supposed to ask for and retain documentation about their users, which creates lots of opportunities for identity theft.
The further reason to not be impressed by the Indian system is how it handles fraud. If you are defrauded by UPI, you've got to go to the police/courts -- Indians will know that that's the start of a Kafka-esque process.
Compare this with how Visa and Mastercard handle fraud, at least in the US and W.Europe, and it's far more customer friendly.
This is a statement true in other infrastructure domains, from plumbing to roads to healthcare. It was explained to me that although the US possesses world-class technology in practically every field, the deployment is mediated through a fragmented and diverse political economy.
That’s when I properly internalised how the US is federated not merely at the top level, but through many strata of localised governance, and the practical consequences thereof.
Couple this to the inertia of regulatory capture by entrenched wealth (which occurs in all human systems irrespective of political construct) and it’s easy to accept that US retail banking, which is approaching three centuries of uptime, will be a very late adopter of mass-market technology.
The EU is far more fragmented at a government level, but chip&pin cards where much more common than in the US far earlier.
Likewise, mobile communication was far better in Europe 20 years ago than it was in the US (all of Europe had GSM while the US was insanely fragmented).
And the EU was able to push the open banking directive with relative ease while the US still seems to have nothing comparable.
So it seems to me there's something else in play that explains your observation.
Not to mention that bizarre toxic mindset of "I'm losing money (taxes) if someone else is getting comfortable."
India is a completely different market. There are millions of people there who don't even have a bank account, nor do they have email. The road-side vendors use cash.
To my knowledge the situation in the US is getting better with the rise of Zelle, but that's still a half-assed solution - not all institutions participate, and customers have to opt in to it. Quite a few (older) people I've talked to don't even know it exists.
> India is a completely different market.
Ironically you are quite close to getting the point here, which is that India (and many other developing nations) are able to build and push the cutting edge of national fintech precisely because they don't have decades if not centuries of cruft and technical debt weighing them down. They can skip the inefficient stages of development that developed nations went through and go straight to creating banking systems for the 21st century.
0. https://en.wikipedia.org/wiki/Pradhan_Mantri_Jan_Dhan_Yojana
Edit: added link
In China the gov doesn't care about any amounts of transation or cash, you can walk in banks and deposit millions of dollars of cash and will be treated as VIPs, "all-cash-bill" buying of condos is normal. I think it kind of has something to with corruption, since you don't know who is behind this money and what trouble will get you if you dig too deep.
Also the protection others mentioned, once the money got to other accounts, which usually happens instantly, it's almost impossible to get it back.
[1]
https://www.frbservices.org/financial-services/fednow/announ...
In theory, all you need is institutional trust and KYC, but as soon as you hit a situation like, "oh shit, someone stole my wallet (/ online identity)", you realize why the fees are there.
A one-way payment system, such as Venmo, lacks that. (Venmo is trying to retrofit a dispute mechanism, for which they charge 3% extra.) What's Google proposing? Probably something with terms that include "sole discretion" (theirs) and forced arbitration.
That would offer buyer protection, seller protection would necessarily relate to some combination of combining contract fulfillment reliability / risk and where fitting holds that either side can clear early if the transaction is canceled. (With notification)
[1]: https://www.wkbw.com/rebound/coronavirus-money-help/stubhub-...
Isn't one supposed to be responsible for their own passwords/security? Does Microsoft take responsibility if someone steals your windows password or hacks your computer? No, they will just say its you who didn't install the security updates. Why should a banking transaction be any different?
It is currently undergoing adoption among several big banks, although adoption for individual non-corporate accounts is slow
Personally, I’d rather the Fed run real time payments instead of some private consortium made up of the largest US banks (some governance/overnight vs less so as a private corporation), but the Fed’s been dragging their feet for years while Zelle has rolled out quickly. Humorously, Facebook’s Libra is what set a fire under the Fed [1] [2].
[1] https://www.bankingdive.com/news/fed-gives-new-details-on-it...
[2] https://www.federalreserve.gov/newsevents/pressreleases/file... (warning: 50 page pdf)
They're amazing if, in fact, you don't yet have the Public Switched Telephone Network, and so ordinarily data moves no faster than a horse in your culture. And they're completely astounding if you do not yet have the Universal Postal Union and so ordinarily data doesn't move over long distances at all.
But if you live in the mid-20th century or later you can do better. "Let's make wire transfers free" is one of those ideas which you'd come up through lack of imagination. There's an apocryphal Henry Ford quote about customers wanting "faster horses" but more recently when people had no idea they all wanted a handheld computer we told them it was a "mobile telephone" so they'd buy it and we could let them discover they've never wanted a telephone anyway but they did actually want a handheld computer.
I am sure I am missing something. Just curious to know where do you see an attack vector for DDoS or MOTM attack?
I am not sure how this would happen in this case. If you want to flood the system you will have initiate a lot of payments which will be costly.
Both sender and receiver are authenticated with bank, so there is a traceability.
Also, you need a bank license from the central bank to act as a bank and each UPI is linked to an bank account which itself is linked to details. To add, it is now difficult (not impossible) to have anonymous bank account because they are linked to a central ID called Aaddhar number [1] and other KYC procedures.
One will have to really execute an elaborate scam like in Ocean's 11 movie to make this work.
[1] https://www.exalog.com/en/swiftnet-network-banking-communica...
NCPI could definitely be a single point of failure, and I think that makes them vulnerable to more than just MITM and DDOS attacks.
The client-PSP is over HTTPS, and the remaining legs are over UPI (which is essentially SOAP+XML) which uses XML signatures.
There are rate-limits built at most ends, and I think most PSPs also cache the resolution.
I suspect a fair amount of other countries have this discrepancy as well. Based on a brief online search it seems like the data on US checking/savings accounts of US residents are not shared with the IRS, for instance, unless a summons (which can be contested) is approved. I'm not sure what the difference is in practice.
Card blocking is easier with phone calls. With most banks, there's a direct option right at the start via IVR - the operator will confirm basic personal details (like DOB), and done.
I have had to do it more times than I should have had to.
For other cases, most PSPs will automatically register mobile@psp for you with an opt-out.
https://minesafetydisclosures.com/blog/2019/5/29/part-l-a-hi... ( https://news.ycombinator.com/item?id=20523646 )
Nowadays cards are taken for granted and always accepted because it's necessary, but it would still be pretty hard to create your own system that checked if a user had enough funds in the bank to purchase something without either Visa/MC (or I guess Plaid).
The main benefit of UPI is that it works really well for small amounts, e.g. the INR 6 tea. Such small transcations were traditionally too small/uneconomical for Visa/Mastercard.
However as the transaction size grows, say you're buying a laptop for INR 50,000 -- that's when the protections Visa/Mastercard build in against fraud start helping you and UPI's "no transaction fee" value proposition also starts looking like "no accountability".
Interestingly, India has a home-grown Visa/MC alternative called RuPay, which also waives transaction fees for small amounts and is a credible alternative to Visa/MC.
Unfortunately Indian startups have been obsessed with pushing e-wallets (PayTM et al) or direct electronic cash transfers (UPI) because it benefits them -- as the transaction size goes up it certainly doesn't protect the consumer.
The rest of the world manages it. Do they not use mainframes?
Faster Payments is the unimaginative name for the rule that allows most UK bank account holders to move money the same day (typically in reality instantly) at zero cost to them. The date for Faster Payments becoming possible was set, and banks are just obliged to provide it. Some were earlier, most were not.
The banks did not actually implement the underlying backend transfers in time, but customers don't care. Rick Smith, father to an 18 year old daughter who seemingly always needs another few hundred quid for something wants to send Beth £750 right now, and Beth wants to be able to spend that money when she receives it from her father. Neither of them cares that Rick's and Beth's banks are running different versions of some 1970s COBOL application or are struggling to ensure a backend funds transfer matching the Rick-> Beth transaction happens in a timely fashion.
So the banks just faked the UX. This technically means if Rick's bank fails after Rick sent the money, but before the backend catches up in a day or two, Beth's bank (but not Beth or Rick) could lose the value of the transaction because the underlying money actually didn't go anywhere yet, just the two account balances were updated. But regulators reasoned that banks being more likely to freak out and report if they suspect their competitors are struggling and likely to fail imminently is a good thing so let them take that risk.
Maybe they have subsequently fixed their backends, maybe they didn't, as an end user I needn't care so I paid no further attention.
Fair correction. However, correct me if I'm wrong, it still plays the role of a singular national authority blessed by the central bank. I'm skeptical that its non-government status is an important distinction when it appears to be an exclusively Indian institution co-established by the RBI. I don't think Visa's status is quite the same: Visa has actual competitors and operates under many foreign jurisdictions. I'd say the NPCI is as trustworthy and protected as the government institutions that bless it.
The RBI initiated process to setup a parallel body to NPCI, but that will take eons in fintech time.
The non-government status is important because the NPCI fought a case (and won) to keep it out of the ambit of the Right yo Information act. It is an opaque institution with a government granted monopoly that is also simultaneously a cartel of sorts.
There is, and with apologies for the late reply, I'll unpack one term I used, which is diversity. I've lived and worked all over the EU and feel comfortable observing that practically all EU national, regional, and local governments are politically clustered within one deviation of the International Standard Social Democracy. What's more, they actively work together at the top level to promote harmonisation of processes and industrial/commercial/technical/legal/administrative standards.
I'll contrast this with the US where the political window is splattered all over the compass, process & technical standards are driven by corporations that actively seek to differentiate themselves from one another, and regional and local political groupings will take a deliberately contrarian tack on a diverse policy spectrum in order to more clearly disambiguate themselves from opposing forces and to segment and cement their constituencies.
I believe the latter drives more innovation through competition, but distributes it more unevenly. And I'm neither a US citizen or (currently) resident, just a frequent visitor both for work and play, but I also think that the greatest single quality of the US is being the only country where practically anyone, regardless of cultural backdrop or however divergent their social/political preferences, might hope to find a community of like-minded individuals. What that isn't: a recipe for harmony.
e.g. having strong anti-fraud/anti-theft practices built around signatures.
In comparison US banking seems rather adversarial in nature and so there are few interbanking standards which led to the need of a layer on top in the form of credit card companies to abstract away the differences.
I allways thought, that the fed is exactly this? A private consortium out of the biggest US banks?
(But I am not a US citizen, but this is what I understood and thought strange, compared to the EU for example)
Wherever email they sent was caught in GMail’s filters, so I never saw it. And you have to click a link to accept the payment, even from an established contact who’s sent funds previously. And after a bit the funds get returned. Too easy to lose money.
Instead, I just ask friends to use Square Cash. Auto-deposits into my bank account so there’s nothing to worry about.
Also, higher value payments are still easiest via check - since the online payment services will threaten to suspend your account if they think you’re running a business. Splitting rent amongst roommates was enough to get one of my accounts flagged as a business.
All I do is tell people to send money to my phone/email, and it shows up pretty quickly.
If i really want to spread my payments for privacy, i can open 10 banks accounts in 10 different banks.
> You can't use it internationally, unlike contactless EMV.
Technically it's incorrect. Visa/Mastercard works internationally, I have a RuPay card from India and it didn't work internationally until recently. So it depends on the reciprocal agreement between networks - https://en.wikipedia.org/wiki/Card_reciprocal_agreements
Also I'm sure you'd agree it's easier to trust something issued internationally if there was some element of online verification to it (admittedly probably not much of an issue for transit applications).