Professional Documents
Culture Documents
SMS is sent by the Payee PSP to the Payee on the successful create, modify, and
revoke action on the mandate.
Mandate Creation:
Page 34 of 49 Public – UPI 2.0 Product Development Version - 1
Limits:
At the central system, the limit shall be on the per mandate only i.e. Rs.2
Lacs
At the central system there shall be no cumulative limit – neither number
nor amount – for the mandate.
Each mandate shall have limit based on the purpose code, for eg.01(IPO)
shall be Rs.2 Lacs. Each bank shall have to honor this limit. Similarly, say
for 04(hospitality) if the limit agreed is Rs. 1 Lacs then no mandate can be
created for amount higher than this.
In other case the limit shall be Rs.2 Lacs. However the issuer bank may
restrict limit basis the customer profile, risk etc.
To summarize – limit hierarchy will be, purpose code-> bank limit-> Rs.2
Lacs.
The invoice can be embedded as URL and that be accessed through clicking link
in a collect request or scanning QR or intent.
When the user scans a QR or triggers an intent carrying URL tag then he will get
an option on the app to click that URL. This URL can redirect him to the invoice
which can be either viewed or downloaded (As per the PSP). If URL is not passed
then ‘‘view to click the attachment’ shall be disabled. Similarly for collect requests
received on handset, by clicking the ‘view to click the attachment’ option the URL
can be browsed. The URL embedded in the request should be secure, come
from a secure source and should only display the details relevant to that user.
b. When the customer clicks on “View Invoice”, app will redirect the customer
to the link without showing the URL openly to the customer.
c. The link should also show that it’s from a secured channel (similar to https:
or a green lock symbol)
d. When the customer clicks on back button, customer comes back to the
application and proceed with the transaction by invoking the CL to enter UPI
PIN.
e. On the transaction detail page user have an option to also view the
invoice.
f. Guidelines:
1. Virus Scan to be a mandatory check for all URL links
i. PSP apps to put a check that the URL which is being
displayed by the app should be from a secure source.
ii. Banks verifying the merchant should check that the
merchant sends the URL which is secured and should
have necessary checks at their end.
2. Only the whitelisted entities can send the “URL” which will be showed to
the customer.
Rules
Existing intent/QR payment method allows the UPI User to complete the
transaction, invoking the PSP application by means of Android/iOS intent, QR,
NFC, BLE and UHF. The invoked application prompts the UPI User to enter UPI
PIN to complete the transaction. The current implementation of intent is invoked by
merchant application shooting intent or merchant terminal pushing channel specific
intent. The existing intent/QR reception on PSP application faces the below
challenges:
“All intent /QR based transactions if not originating from the trusted
sources” (All unsigned intent/QR) will appear as a warning to the end
user
User Flow
a) Signed intent
Process Flow
The receiving PSP application will “verify the source of intent/QR” and will display
a warning if received from other sources. This will help reducing request from illicit
sources, imitating as merchant. The PSP will also be able to identify any alteration
to payment details passed in intent/QR.
Rules
UPI Mandate