UPI is an Indian Success Story. Zero Trust Architecture Can Help Ensure It Stays That Way
Published 11/21/2023
Originally published by CXO REvolutionaries.
Written by Sudip Banerjee, CTO in Residence, Zscaler.
If you want to make an Indian beam with national pride, you need only mention the country’s Unified Payments Interface (UPI) success.
This homegrown interbank digital payments infrastructure has made India the world's largest source of digital payment transactions. Along the way, UPI has integrated millions of formerly unbanked Indians into the formal economy, lowered the cost of doing business, and provided a fee-free way for the country’s diaspora to send a portion of its roughly $100 billion in annual remittances to family back home.
For those who don’t know about the value UPI delivers average Indians, it allows everyone from the poorest to the poor to the ultra-rich to walk up to nearly any vendor, scan a QR code, and deliver enrolled merchants – from a fruit vendor to a construction contractor – in any payment denomination, without incurring the fees normally charged by popular credit card vendors.
UPI diminishes the opportunity for fraud and eliminates some of the inconveniences of a cash-centric society. Vendors know how much they are being paid (often through a Siri-like speaker box announcement) and all transactions are traceable. They are also absolved of the need to make multiple cash deposits at banks throughout the business day. With UPI, the money can be transferred instantaneously. And because UPI is a government-sponsored initiative, it's free from added fees, making it a more attractive option than a credit card for both buyers and sellers.
I wrote about the emerging success of this program during the height of our last global pandemic. At that time, it was a lifeline for many who were without work, had small businesses closed, or relied on financial assistance from relations living abroad.
Post-pandemic, UPI is simply another piston powering the engine of India’s economic growth – as well as a point of civic pride. Some predict the platform will enable up to $10 trillion in transactions by 2026. An estimated 300 million individuals and 50 million merchants have signed onto the platform. But it’s part of a larger initiative on India’s part to digitize public life.
Jamming out in the digital economy
The “JAM trinity” or “India Stack,” as it’s known, is a trio of technologies that have served to overhaul the personal finance system of a country that maintains a significant urban-rural divide.
The initial element of the stack, “Jan Dhan,” was the first step in providing access to financial services for millions of previously unbanked citizens across the country. Jan Dahn provided Indian citizens without another account to open a basic savings bank deposit (BSBD) for savings, lines of credit, receiving remittances, and other personal finance needs.
Next, every citizen received an Aadhaar number, a unique 12-digit number that associates each individual with their bank account. Like zero trust security (something we’re fond of here), India’s Aadhaar system was built with identity and identity verification at its core. As an added benefit, two-factor authentication (2FA) is built into the system through its prioritization of something the cardholder knows (such as a birthday or email address) and something they are (such as fingerprints or iris scans).
Finally, since India essentially leapfrogged the PC-loving West to become a society powered by smartphones, India’s digital landscape is designed to be mobile-first. In fact, with over 650 million smartphone users, it’s the world’s second-largest mobile phone market.
Source: The World Bank
This technology stack forms the bedrock on which India has built its digital-first future, even impressing the likes of Google CEO Sundar Pichai. JAM essentially enabled the rise of UPI and opened the door for additional applications, like direct funding of education initiatives, to be further explored.
With great value comes great demand
UPI was set up by the National Payments Corporation of India (NPCI). Most banks participate in this scheme, which allows them to make transfers from accounts across individual banks. But due to the huge number of eligible UPI users and the microtransactions it enables, internet traffic to and from participating banks has spiked. This led many banks’ “core” systems" to begin to fall behind rising transaction volumes.
Beyond just throwing water onto the user experience, the NPCI initiated a system for fining banks for failed transactions. Being a reliable source of account-to-account payments is essential if UPI is to continue gaining traction – and users. So, how does a bank ensure its architecture is agile and scalable to handle this traffic explosion?
While lenders must hold core banking functions tight to the vest for security and compliance reasons, they can offload much of the traffic that threatens to slow transactions down. This could mean branch-to-branch routing, inter-employee communications, or traffic generated by a bank’s public-facing web presence.
Upon first consideration, this may seem like like a reason to add additional MPLS or dedicated WAN. The same holds for physical security appliances with capacity limited according to their workload. But banks can’t rely on these solutions because they can’t predict surges in demand that arise organically. Pursuing this “scale up everything” course of action would leave banks paying for more capacity than they truly need during off-peak periods.
By offloading this traffic to the internet, banks don’t have to plan for the surges in capacity or deal with backhauling issues likely to arise from routing all traffic through in-house data centers. They free up their architecture to handle UPI transactions. This keeps business essential applications like Teams and Slack from sucking up the bandwidth required for doing the actual business of facilitating payments.
When regulators don’t look kindly on failed transactions, and the system is a point of pride for its users, financial institutions can’t afford to bank on obsolete network traffic to handle their rising transaction volume. Zero trust network architecture could help ease much of the burden.
Related Resources
Related Articles:
Secure by Design: Implementing Zero Trust Principles in Cloud-Native Architectures
Published: 10/03/2024
What ‘Passwordless’ Really Means for Privileged Access Management
Published: 10/03/2024