PhonePe, a Flipkart-owned YES Bank application, which allows money transfer and payments using the Unified Payments Interface (UPI), has said that the company saw around 20,000 transactions with total value of over Rs 5 crore failing because ICICI Bank blocked its customers from using the PhonePe. It hasn’t disclosed as to how many PhonePe users have been impacted, and how many are on ICICI Bank, but suffice to say, prior to demonetization, the company had over 500,000 registered users.
PhonePe CEO Sameer Nigam has written to their users responding to the concerns that ICICI raised in the media, specifically about security concerns, restrictive practices, and that the apps integration with Flipkart was in contravention to UPI’s interoperability guidelines.
Using Flipkart to drive PhonePe registrations
Most importantly, though, PhonePe, in the letter, acknowledges that it is currently not compliant with the latest “Android Intent calls” guidelines, which allow a merchant to open a UPI application to complete the transaction. In its defence, PhonePe says that “To be clear, none of the other UPI enabled apps including BHIM have been updated to meet these new guidelines yet.”
It appears that the way PhonePe was integrated with Flipkart (especially how it was integrated until yesterday), that the objective was to drive PhonePe registrations via Flipkart. Until late yesterday, the UPI option displayed was PhonePe UPI. Now it says UPI Pe, with the “Pe” from the PhonePe logo.
Users mandatorily need a PhonePe account to access the UPI payment option, the “link the account with Flipkart” option is auto opt-in.
To use a VPA other than PhonePe, it’s a four step from login, to finding an option to pay using an existing VPA: the UX is designed to encourage PhonePe VPA payments.
PhonePe appears to be using this time it has till January 31st to drive up registrations via Flipkart, since post Jan 31st 2017, the way UPI integration works will have to change. While this may be beneficial for PhonePe, and it doesn’t help Flipkart to add this kind of friction to UPI payments just to support its own payments company, but it’s a short term pain for longer term benefit, I suppose. That’s a recurring theme these days.
The letter from PhonePe to its users
An Open Letter to our Users
January 16th, 2017
To PhonePe users:
On January 13th, 2017, ICICI Bank decided to abruptly block all its customers from using the PhonePe mobile apps & digital payment services without any warning or prior notice to YES bank (our UPI banking partner) or us directly. Further, on Sunday evening, they released a formal press statement alleging “security concerns” and “restrictive practices” that are “in contravention to the UPI guidelines of interoperability”
Given the seriousness of the allegations made in mainstream media, I feel it is imperative to respond to these allegations publicly as well.
1. ICICI Bank said: “Some banks, including us, have raised security-related concerns at appropriate forums about the access to UPI data to a non-banking application…Pending resolution of these concerns, we have temporarily declined to undertake UPI transactions originating from this entity”
a. It’s been 72 hours since ICICI imposed the block on its customers from using PhonePe.
b. We have still not received any official complaint letter from ICICI Bank or NPCI (National Payment Corporation of India) outlining what these alleged violations or concerns are; even though we’ve been trying to get a response.
c. YES Bank also confirms to us that they have not received any official letter from ICICI Bank or NPCI in this regards either.
d. To date, more than 20,000 UPI transactions, amounting to more than Rs 5 Crores by value, have failed due to this action taken by ICICI Bank inconveniencing their own customers.
In summary, no one is telling us what the exact issues are, yet ICICI Bank claims the block will stay until the concerns are resolved.
2. Regarding the alleged “Security Concerns”:
We followed all the detailed guidelines and procedures laid down by NPCI for an app to go live on UPI. We went through over a 100+ use case test cases, detailed certification, vulnerability assessment, penetration testing and third party application security testing, before NPCI gave us permission to go live. PhonePe has been live since August, 2016 and none of these issues have been raised earlier.
3. Regarding the alleged “Restrictive Practices”:
a. Our UPI payments integration has been live on Flipkart, Myntra and a couple of smaller merchant websites since Oct 2016. So ICICI had more than two months to inform YES Bank, NPCI or us if they felt our solutions did not meeting the UPI guidelines. Either they felt our integration was okay until now, or they felt we were being restrictive but decided to sit on this fact till now for reasons known only to them.
b. Finally, it’s important to state that we are not yet compliant with the latest “Android Intent calls” guidelines published by NPCI. The deadline for this compliance is January 31st, 2017 – per NPCI’s circular. To be clear, none of the other UPI enabled apps including BHIM have been updated to meet these new guidelines yet.
c. However, the app supports collection of payments from any other upi app / VPA handle contrary to what has been reported in the media.
In summary, it is my request to ICICI Bank, that it kindly share its detailed reservations so we can review them. We’re just here to build really cool digital payment solutions which will solve consumer payment problems, and work with the banking system of the country to further the cause of making digital payments widely accepted in India. For now, it is my sincere hope that ICICI Bank will reverse this block and work towards find a lasting solution.
Founder & CEO,