National Payments Corporation of India (NPCI) Guidelines on UPI
The National Payments Corporation of India (NPCI) is enhancing its oversight on the Unified Payments Interface (UPI) to avoid disruptions due to stress on the core network.
Operational Guidelines
- NPCI has issued guidelines for 10 Application Programming Interfaces (APIs) associated with UPI.
- Payment service providers and acquiring banks are instructed to monitor their API usage.
- Rate limits may be imposed on API calls.
- The action follows a root cause analysis identifying system overload from excessive “check transaction status” API calls.
Compliance and Penalties
Non-compliance with guidelines may result in:
- UPI API restrictions
- Penalties
- Suspension of new customer onboarding
Members and partners must implement guidelines by July 31.
Implementation and System Changes
- System changes at banks may take 2-3 months.
- Utility API executions are scheduled during low-traffic hours.
- Peak hours are defined as 10 am to 1 pm and 5.30 pm to 9.30 pm.
API Use Cases
- Transaction status checks
- Balance enquiries
- Autopay mandate executions
- Account detail verifications
Audit Requirements
- Banks must conduct a system audit by a CERT-In empanelled auditor.
- Audit reports are due by August 31.
- Annual audits are mandatory.
Previous Measures and API Timers
- NPCI previously issued circulars to reduce response times and curb API misuse.
- “First check transaction status API” should be initiated only after 90 seconds from transaction authentication.
- Post-timer changes, initiation can occur after 45-60 seconds.