[[{“value”:”
The National Payments Corporation of India (NPCI) has rolled out additional set of measures for payment service providers (PSPs) and acquiring banks to streamline UPI transactions.
In a circular issued on May 21, the NPCI outlined operational guidelines for 10 application programming interfaces (APIs) linked to UPI payments.
For the uninitiated, APIs are a set of rules or protocols that allow different software systems to communicate with each other. In case of the UPI infrastructure, PSPs like Paytm, PhonePe and Google Pay use these APIs to communicate with the UPI system which helps such platforms to initiate, process and track transactions in real time.
After a major UPI outage last month, where 2,387 users faced issues in the instant payment interface, the NPCI found that over utilisation of APIs by the PSPs and acquiring banks led to delay in transactions, slower time response and failure of transactions due to queue overflow.
The retail payment body further said that it has observed initiation of a high number of “check transaction status” APIs by PSP banks at a very high transactions per second (TPS).
To curb this situation, NPCI asked the PSP banks that the first ‘check transaction status’ API should only be initiated 90 seconds after the original transaction took place. Besides, members may initiate the same 45 to 60 seconds ahead of the original transaction, after receiving revised communication from the retail payments body.
NPCI Guidelines
To further strengthen the UPI infrastructure, NPCI gave additional guidelines for 10 APIs to PSP banks. These are as follows:
Balance Enquiry: This API is used to check balance available via the UPI app. The NPCI has decided to limit the frequency of such requests to 50 for each app and per customer in a day. Additionally, the digital payment operator has asked all the UPI apps to limit or stop balance enquiry requests if needed during peak hours. Besides, the acquiring bank should add the available balance with every successful UPI transaction.
List Keys: The said API is used by the PSP banks to request for public keys from the NPCI system. These keys are used as encryptions to secure data exchanged between the NPCI and the member banks. The NPCI has limited the frequency of this API to only once per PSP in a day and has limited the page size of such requests to 1,000. Besides, these requests are to be made by the PSP banks during non-peak hours.
List Account: This API allows customers to find the list of accounts linked to their mobile by a particular account provider. NPCI has limited the frequency of these requests to 25 for each app and every customer in a day. It further states that such requests can only be initiated once the customer selects the issuer bank in the app. In case of failure, every request for re-try should be made with the consent of the customer.
Check Transaction Status: This API allows PSPs to request the status of the transaction. NPCI asked the PSP banks that the first ‘check transaction status’ API should only be initiated 90 seconds after the original transaction took place. Besides, members may initiate the same 45 to 60 seconds ahead of the original transaction.
Autopay Mandate Execution: This API allows to create autopay mandates. The NPCI has limited this feature to maximum one attempt and three retries per mandate. Further, the PSPs have been mandated to execute the following API at moderated transactions per second (TPS) and be initiated only during non-peak hours.
List Verified Merchants: This API allows PSPs to access the verified address entries of merchants. The API has been mandated to once per PSP in a day. The minimum page size of the request is limited to 1,000 and should be done in non-peak hours.
Penny Drop: The API allows to verify the validity and ownership of an account. The said service is only extended to entities who are required to do this due to regulatory requirements and should have a consent from the customers beforehand. The API should only be initiated during non-peak hours.
ValCrust: The said API is used to validate the customer details for pre-debit notifications and customer activation for FIR. The API should be used for a valid reason with limited attempts and at moderate TPS.
API Header Format: The NPCI has asked the PSP to ensure only the mentioned API headers to be included in the API request. These include–host, content length, content type and user agent. API headers are the meta descriptions sent with an API request. Further, the NPCI has asked the PSP banks to make provisions to strip out unauthorised headers and direct their API clients and reverse proxies to whitelist only permitted headers.
Validate Address: This API is used to validate the UPI IDs and virtual payment addresses before a payment is initiated. The NPCI guidelines says that the said API is only to be used when the customer intends to pay. The payments operator will release updated limits for this API.
The NPCI has observed peak hours in UPI transactions between 10 AM and 1 PM and between 5 PM and 9:30 PM.
The retail payments body has asked all the PSPs to implement the above guidelines by July 31. For this, the payment providers might have to ready and modify their backend systems to comply with the said notification of NPCI.
“In the event of non-compliance with the above guidelines, NPCI may take necessary action including UPI API restrictions, penalties, suspension of new customer onboarding or any other measures deemed appropriate,” said the circular.
The post NPCI Brings In Additional Measures To Curb UPI Outage appeared first on Inc42 Media.
“}]]
Read More Latest Startup News From The Indian Startup Ecosystem – Inc42 Media