We have been fairly open about the fact that in a completely interoperable network where there is no barrier to entry…if you take the number of apps there are and that get launched, there is a choice that has been built over time and on the back of that consumers choose based on what is reliable.

 

Since late 2019 we stopped cash backs and incentive programmes for users, so it is the consumer’s choice in such an environment. For companies that have put in time, effort and money along with the network to build out this large digital payment ecosystem, I do believe that the cap does not make sense.

 

Any sort of cap is discouraging for any segment. The question then is why will future investment, innovation and entrepreneurship happen at all. Putting a cap is not a right model to solve systemic risk. The model of having stricter norms based on scale could be one methodology. We invest a lot into capacity planning…to be able to ensure that performance, reliability and availability are always our first focus.

But regulators are not wrong either. Market concentration is a risk

The regulator’s concern is fair. The question is whether the solution to that is correct. The concerns can be addressed in multiple ways. The fact that there are new players still coming in continuously and becoming relevant (big) players shows that there is still an appetite to enter and there are opportunities to actually build new use cases. Having something like a cap might actually discourage that – it can go against the larger reason.

The merchant discount rate (MDR) issue is being discussed lately but nothing has happened from the regulators’ side.

We have been very transparent about this. Zero MDR on UPI did play a role in the scaling up of UPI, especially on the acceptance side. I think at some point payments for the sake of payment should be self-sufficient and it should be encouraged to build a pure payments company. I believe MDR should happen at some point so that the unit economics and payment itself is positive.

How is PhonePe using GenAI in its processes?

When it comes to GenAI we should be cautious about its usage, especially when it comes to the regulated space. We have been using ML (machine learning) extensively in risk and fraud detention for the longest period of time. At our scale of more than 270 million transactions on a daily basis, I cannot use rules set to start determining whether a transaction should go through or not. We have been using ML significantly in cohort determination, on-boarding.

GenAI – we need to be cautious because we need to have explain-ability when you are doing things like underwriting. Even in the case of code generation, I think one needs to be very careful when it comes to money management or in financial space use cases.

How is PhonePe’s technology prepared for managing scale?

A large part of our effort on the payment side continues to be towards scale and performance. More than 50- 70 per cent of the work goes towards continuous maintenance of our systems. It also comes on to one having an extremely good team, having good talent in large scale distributed systems is paramount. One of the things that we had the luxury of doing – this is our third startup – we built a network of amazing talent through our journey with our first startup and with Flipkart. Some of those best engineers and architects continue to be with us. We designed a system that on day one would be actually delivering for 10 million transactions. That was our goal on day one. There are many decisions that we made very early on that have helped us. Some of the other choices that we made was to actually be on-prem, so payments operations do not run on any public cloud. This gives us the ability to actually utilize the hardware to the maximum and also design a lot of our systems to be lean for performance outside of regulatory requirements like data localization. We do of course use the public cloud for some of the other operations.

Fraud and cyber threats on UPI are increasing. How is PhonePe preparing for these?

Lot of our investments are on risk and fraud detection platforms. That is one of our platforms that we have productised as Guardian and we are now looking to see whether we can externalise it to the ecosystem and other players. Whether it is in terms of doing device fingerprinting to ensure that there is no cloning of the devices, or about being able to have a platform where we can run our own ML models and rule sets at scale…we also do a lot of anti-patterns matching to detect whether a transaction that is being done matches the users pattern. This can be through social engineering or any other malicious takeover attempt, we try to block such transactions.

On cybersecurity there is a multi-pronged approach. We have two different functions one team looks from outside and they are more like ethical hackers and the other infosec team looks from inside perspective with regular updates etc.

The sheer scale at which UPI has grown, we have to make more effort to curb it (cyber threats). This is crucial because the next 300 million users coming on board are going to be the one that need even more handholding and education about not getting defrauded

There is this debate on using more made-in-India software or systems than from MNCs. What is your view?

We have built our systems completely on open source software. We have been able to utilise some of the best work that people have done across the world to build population scale systems at the lowest cost without getting tied into any proprietary solutions. We just open sourced three of our solutions. The PhonePe Github is now a public repository. Our entire container orchestration solutions have been developed in-house and have been open-sourced. And we also open sourced our security framework…and we hope to give back more to the community. I believe that since we have utilized so much from open source we should also give it back to the community.

First Published: Oct 13 2024 | 11:36 PM IST