by zero_kool on 8/8/20, 7:20 PM with 178 comments
by Abishek_Muthian on 8/9/20, 5:10 AM
With vernacular support/affordable cellular data, these apps have found its users even among those who have never used a computer in their life to login to their banking portal or used debit card before to conduct any online transactions earlier.
Now, what 'I' don't like about it,
Extraordinary dependence on 'Mobile Number' for security, RBI(India's central bank) requires personal phone number to be synced with the bank account, so these 'UPI' apps send SMS from the phone at random to 'verify' that it's actually you i.e. if the phone number matches its you. If you are like me, who has the phone in aeroplane mode 24*7 or use cellular on-demand be prepared for transaction failures at best to getting locked out of the UPI apps at worst.
Then there is the question of SMS OTP as the backbone of Indian banking infrastructure's 2FA security, we know SIM-Jacking attacks are getting prevalent every passing day, coercing an employee of a Telecom who earns minimum wage is not that difficult and especially since there is zero 'cyber-security' awareness among much of the population; attackers just dupe many of them into giving them the OTP[1].
It's high time banking infrastructure here start supporting hardware tokens or at least TOTP apps and UPI has to hedge its unique id dependence to email id as well.
[1]https://economictimes.indiatimes.com/wealth/save/beware-of-t...
by dheerendra73 on 8/9/20, 12:06 AM
1. Security: Signup requires phone number validation via SMS and phone number must be registered with bank. It also requires additional details like debit card validation. This makes is hard to spoof. After signup your device finger print is stored with NPCI and this works as 1st factor. An additional PIN is also required during signup. You can send money only from registered device and requires fingerprint and pin validation.
2. Every digital transaction in India triggers SMS, so that provides additional transparency to user.
3. All payments are from bank account to bank account and they happen in real time! Also no transaction fee!
4. Merchants require no special equipments and they advertise their VPA usually via QR code in shops so it’s easy for users to pay.
4. Online payments can be either user triggered or can be requested via pushing payment request to user app. However user needs to approve the request with pin.
Point 3 & 4 were the biggest reasons why India adopted it pretty quickly. Also ofcourse due to Jio boom & cheap chinese smartphones!
by filleduchaos on 8/8/20, 10:00 PM
For anyone that's curious, the platform's home page at https://nibss-plc.com.ng/ has a nice little statistics summary of both POS and account-to-account transactions (you might have to scroll past the fold). There's five-minute and whole day numbers for total transactions and error rate broken down into types of errors - it's a nice bit of transparency.
by lykr0n on 8/8/20, 8:43 PM
It's a big problem when Visa, Mastercard, and PayPal control a large part of money transactions.
by sandGorgon on 8/9/20, 4:59 AM
UPI = Venmo + Paypal
UPI Autopay = open credit card subscriptions pull
PCR = Open FICO+Equifax
NBFC-AA = Open Plaid
Digilocker = Open docusign+dropbox
OCEN = Open Lendingclub
Together, they are called IndiaStack (along with our upcoming health and drone apis).
by zorro58 on 8/9/20, 12:17 AM
Concurrent with negotiations to build on UPI, there were also leaks and stories by both sides in the press to bolster or communicate positions. For example, there was one story where an official said that a tech CEO made a commitment. The tech CEO did not make that commitment. That company's team had their own set of meeting notes confirming their position. Other companies were livid with the tech company for supposedly taking that position. With the story now published, the tech company could not publicly deny the story or else they would anger the other side. So they quietly rolled with it.
It is also a credit to PayTM's CEO. Their CEO saw that succeeding with UPI was a matter of survival. Backed up against a wall, he fought back against his competitors with everything he had and is winning so far.
Someone needs to write a book on the behind the scenes happenings.
by pedrocx486 on 8/9/20, 5:25 AM
IMHO, this is how it should be, a bank-agnostic standard set by the central bank that other services use to connect to the central and with each other. Competition is good? Yes, but not when it's a complete mess.
by perryizgr8 on 8/9/20, 5:33 AM
But people need to realize one aspect of UPI that it is exactly as unsafe as cash. Would you send cash to someone over the phone for accepting delivery of a product later? No. So don't do that with UPI.
Use UPI when it would be appropriate to use cash, when you're standing face to face with the seller. Just think of it as more convenient cash. Otherwise, it is ripe for exploitation by thieves.
by vishnugupta on 8/9/20, 11:51 AM
Two key aspects of NUE are, it could be a for-profit, and it'll be governed by India's FDI rules, meaning foreign investments are allowed and could even be encouraged as FDI rules get relaxed.
Both these are in direct contrast to NPCI's charter which is a not-for-profit and entirely owned by Indian entities. In fact NPCI is a quasi government organisation, owned by a combination of RBI and Indian banking association.
Google (through its India subsidiary) has already applied for building/operating an NUE, and I won't be surprised if Facebook has done it too.
I just hope that 20 years down the line we won't end up with a fragmented quagmire with half a dozen payment networks each of which don't talk to anyone else. UPI solved a huge problem of interoperability and it'll be a shame if its seamlessness is squandered away.
[1] https://www.rbi.org.in/scripts/bs_viewcontent.aspx?Id=3832
by galaxyLogic on 8/8/20, 9:01 PM
by throwaway432334 on 8/9/20, 2:47 AM
I agree with India's protectionist attitudes that's kept Western companies from monopolizing the ecosystem though. It works well enough, much to chagrin of SV tech companies lol.
by Kednicma on 8/8/20, 8:59 PM
by lonesword on 8/9/20, 11:18 AM
by Finster on 8/8/20, 9:05 PM
by sseth on 8/9/20, 5:59 AM
One important reason for the growth is the explosive increase in 4G connectivity in the last 4 years, which has data usage on mobile see a compound average growth of 93% to become the highest in the world at 11.2 GB per user / month. The rates are almost laughably cheap, at around 0.20 USD/GB.
COVID has also driven more recent growth because people don't want to handle cash.
by rootkea on 8/10/20, 8:18 AM
by jgalt212 on 8/8/20, 8:42 PM
by not2b on 8/8/20, 11:21 PM
by zimbatm on 8/8/20, 10:13 PM
> Imagine the pain that everyone has to go through in reaching a consensus when configurations or infrastructures change. It would be chaos.
Welcome to the Internet.
by gingerlime on 8/9/20, 7:01 AM
For context: we're a small B2C bootstrapped company offering online anatomy learning. We use Stripe and Paypal (via Fastspring), but it seems like it's far from enough for the local market in India...
by quarantine on 8/8/20, 10:23 PM
by known on 8/9/20, 3:25 PM
by atemerev on 8/8/20, 8:47 PM
by varbhat on 8/9/20, 4:34 AM
1) UPI is unreliable. Based on my experience, it doesn't work many times per day. I once needed to beg my friend to pay for me after realizing that it didn't work when i purchased something in shop but had no money(only upi account)
2) It is closed source. UPI forces every App that uses UPI to use it's closed source code.
3) I find Bank transfer like IMPS/NEFT more reliable than UPI.
4) One advantage of UPI is it's id which led to discovery of account (through qr code) . This is also the reason it got adopted by people.