Author : Priya Bharati from Narayan School of Law
Balancing Innovation, Competition, and Consumer Protection Discuss UPI, digital wallets, RBI regulations, and consumer rights.
Highly relevant due to India’s digital payment revolution.
ABSTRACT
India’s digital payment ecosystem has witnessed a massive transformation in the last decade, fuelled by the Unified Payments Interface (UPI), the emergence of digital wallets and an active regulatory framework led by the Reserve Bank of India (RBI). This article discusses the interplay of regulatory oversight, market competition and consumer rights in the fast-evolving digital payments landscape in India. It refers to key regulatory milestones such as the Payment and Settlement Systems Act, RBI’s master directions on prepaid instruments and the emerging framework for payment aggregators and gateways. The Indian model has been remarkable in scale – over 13 billion UPI transactions per month – but the article argues that there are critical tensions between stimulating innovation, avoiding monopolistic concentration, and ensuring robust consumer protection. It concludes with policy recommendations for a forward-looking and balanced regulatory architecture.
INTRODUCTION
India’s digital payment revolution is one of the fastest technical revolutions to transform the financial life of a billion people. In the alleyways of Patna or the IT corridors of Bengaluru, the basic scan of a QR code has overtaken currency as the primary medium of ordinary commerce. The speed and scale of this transition are astounding, but it did not occur by accident. It was orchestrated by deliberate governmental action, infrastructure spending and regulatory tuning.
The origin of this revolution was initiated when the National Payments Corporation of India (NPCI) introduced the Unified Payments Interface (UPI) in 2016 under the supervision of the Reserve Bank of India (RBI). UPI has democratized access to digital finance in a level that would not have been possible by the private sector alone. UPI has changed digital finance by enabling instant and interoperable transfers between banks on mobile devices. UPI was launched with a strong ecosystem of digital wallets such as Paytm, PhonePe, Google Pay and CRED, offering a gamut of services from bill payments to micro-insurance.
Yet such unprecedented expansion has also created difficult regulatory challenges. How can the state accommodate the vibrancy of private FinTech innovation with the demands of systemic stability? How to preserve consumer rights in an ecosystem of significant data asymmetries and embryonic dispute redressal mechanisms? And, importantly, because the vast majority of market share is held by a handful of significant platforms, how does regulation prevent anti-competitive consolidation?
This essay seeks to answer these questions by analysing the present regulatory landscape, its strengths and deficiencies and suggesting a framework for balanced governance of India’s digital payment ecosystem
2. Architecture of the Indian Digital Payment Ecosystem
2.1 Unified Payments Interface (UPI) – Public Infrastructure Model
UPI is one of the most impactful digital infrastructure initiatives in the world. It’s not a proprietary platform; it’s an open interoperable protocol that allows clients to transact smoothly across banks and payment systems. As of June 2024, UPI completed over 13 billion transactions per month, with an annual value of more than ₹20 lakh crore – statistics that are higher than many developed economy payment systems.
The brilliance of UPI lies in its layered architecture. NPCI operates the rails, banks are the issuers and acquirers, and third-party apps (TPAPs) such as PhonePe, Google Pay and Paytm Payments Bank provide the user interface. The decoupling of infrastructure and application has led to cut-throat competition at the consumer level, but systemic integrity at the infrastructure level.
But it hasn’t come without its controversies. But the open access design has not been able to prevent PhonePe and Google Pay from commanding over 80% of the UPI transaction volumes, stoking suspicions of a de facto duopoly. This is the classic contradiction between the principles of competition and the realities of network effects. NPCI caps TPAPs to 30% of the market (often lagging)
2.2 Digital Wallets and Prepaid Payment Instruments (PPIs)
Digital wallets are also an essential aspect of India’s payment system. Prepaid Payment Instruments (PPIs) are what RBI calls these. PPIs are of closed loop (may be used only at the issuer’s outlets), semi-closed (may be used at a network of merchants) and open loop (can be used anywhere, including ATMs). Players like Paytm, MobiKwik, Ola Money and Amazon Pay work under a semi-closed or an open-loop licence provided by the Reserve Bank of India.
The PPI framework has evolved substantially. In 2021, the Master Directions on PPIs mandated complete KYC (Know Your Customer) compliance for wallets above a specific threshold, interoperability with the UPI ecosystem and greater constraints for KYC-compliant instruments. The enhanced security and financial inclusion come at a regulatory cost, hurting smaller wallet providers and driving industry consolidation.
2.3 Payment Gateways & Aggregators
The next layer of the ecosystem is not very apparent but equally important – the payment aggregators (PAs) and payment gateways (PGs). PAs allow e-commerce firms to accept payment without needing to partner with each individual bank. The PGs provide the technology to route the transactions. As per the 2020 Guidelines on Regulation of Payment Aggregators and Payment Gateways issued by the RBI, the PAs are required to obtain authorisation from the RBI, keep escrow accounts for the safety of merchants and comply with data storage and cyber security criteria.
The regulatory move was meant to mitigate a genuine systemic hazard, as the PA had previously failed, leaving merchants and customers with unprocessed cash. The guidelines highlighted the regulatory change from post hoc intervention to pre-emptive prudential surveillance.
3. Development and structure of the regulatory framework
3.1 The Payment and Settlement Systems Act, 2007
The Payment and Settlement Systems (PSS) Act, 2007, is the legal framework for regulating digital payments in India and gives the RBI the authority to regulate and monitor payment systems. All system providers have to be authorised under the Act, and RBI has the power to define operating criteria and penalties for non-compliance. The Act is a basic text. But that was before the days of the smartphone and UPI. Laws need to be amended to reflect the present reality in respect of their regulations, especially on market structure and consumer redressal.
3.2 RBI’s regulatory architecture: A multi-tier structure
The RBI, over the years, has evolved a tiered regulatory architecture through Master Directions, circulars and recommendations. The giant’s gun of regulation:
• Master Direction on PPIs (2021): Rules for issuance, operation and security of digital wallets.
• Guidelines on Payment Aggregators and Gateways (2020) – PAs authorisation, escrow and compliance criteria.
• Tokenisation Infrastructure: Use tokens in place of real card data. Used for card-on-file tokenisation to increase the security of online transactions.
• Interoperability requirements: PPIs should be interoperable with UPI and card networks to avoid lock-in.
• Domestic Card Scheme Supported RuPay as a sovereign alternative to foreign card networks, as a start to address data sovereignty concerns.
This multi-tiered approach has enabled RBI to respond flexibly to technological advancements. But critics argue that legislative reform is outpacing technological advancement, leaving businesses in the dark about how to comply.
3.3.1 Cross-border problems and data localisation
Data localisation is one of the more controversial aspects of India’s payment regulation. The RBI’s 2018 circular ordering that all payment data connected to Indian transactions be retained
only in India was a groundbreaking decision prompted by concerns over surveillance, systemic risk and national security. This mandate has been operationally burdensome for global participants, but has stimulated domestic data infrastructure investment and has enabled the RBI to seek audit access to entire transaction data – a huge supervisory advantage.
4. Competition, Market Structure and Innovation
4.1 The Concentration Problem of UPI
The paradox of UPI is that an open-infrastructure paradigm has resulted in a very concentrated application market. As of early 2024, PhonePe and Google Pay together account for about 83% of UPI transaction volumes. This concentration is driven by network effects, aggressive subsidy-funded growth tactics, and the scale benefits of enterprises supported by global technology giants (Flipkart, backed by Walmart, controls PhonePe; Alphabet owns Google).
If implemented, the proposed market share cap of 30% by the NPCI would be an algorithmic market regulation of the first kind – a kind of structural intervention to avoid monopolisation of public infrastructure. But implementation problems are serious. Artificial market share caps risk a worsening of user experience while failing to tackle the structural advantages of dominant businesses. A more complex approach would incorporate asymmetric duties – increased interoperability, data-sharing, and API access from dominant firms, similar to the “gateway” designations under the EU Digital Markets Act.
4.2 Regulatory sandbox and Fintech innovation
Recognising the contradiction between monitoring and innovation, the Reserve Bank of India (RBI) developed the Regulatory Sandbox framework in 2019, allowing FinTech firms to test novel products in a controlled setting under eased regulatory constraints. The cohorts have covered sectors like retail payments, cross-border remittances, MSME financing and financial inclusion technology.
There have been various regulatory learnings that have come out of the sandbox, including learnings around offline payment systems (important for low-connectivity rural areas) and tokenised credit lines on UPI – a nascent product category that is blurring the borders between payments and credit. But the sandbox’s small scale and slow approval timeframes have come under attack from the FinTech industry, which says regulatory uncertainty remains a big drag on investment in early-stage payment innovation.
5. Consumer Protection in the Digital Payment Environment
5.1 The Consumer Rights Shortfall
While access to digital payment has grown exponentially, consumer protection standards have not. Major lacunae are related to poor grievance redressal systems, uneven responsibility regimes, lack of transparency in fee structures, and mushrooming of payment frauds that outstrip consumer knowledge and institutional reaction capacities.
The RBI’s 2017 framework on capping customer liability in electronic transactions was an important move, stipulating that in circumstances of third-party breaches where the customer is not at fault due to carelessness, the customer will have zero liability for fraudulent transactions. However, the burden of proof provisions and the practical responsiveness of bank grievance processes continue to be a major hurdle for impacted consumers, particularly those from semi-urban and rural areas with low digital literacy.
5.2 The Scale and Response to Digital Payment Fraud
Over 1.3 lakh occurrences of digital payment fraud were reported in India in the financial year 2022-23 alone, with fraudsters deploying an increasing array of techniques such as SIM swap assaults, vishing calls, QR code scams, and advanced deepfake-enabled impersonation. Institutional responses, such as the RBI’s creation of a Central Payments Fraud Information Registry (CPFIR) and its integration with the National Cyber Crime Reporting Portal, are significant, but systemic gaps persist in near-real-time fraud detection, timelines for consumer compensation, and cross-jurisdictional enforcement.
5.3 Digital Divide and Financial Inclusion
Consumer protection in digital payments also has to address the structural exclusions that are inherent in the ecosystem. UPI has brought about a massive expansion in access to payments. But a large section of India’s population — especially older adults, women in rural homes and those without smartphones or dependable connectivity — is still left out or is vulnerable. The RBI’s rule for simpler on-boarding processes, UPI Lite (for low-value, offline transactions) and “123PAY” feature for feature phone users are beneficial interventions. However, a holistic financial inclusion plan must continue to invest in digital literacy, cheap access to devices, and vernacular-language support for payment interfaces.
6. New Challenges and the Road Ahead
6.1 Digital Rupee: Central Bank Digital Currency (CBDC)
The gradual adoption of the Digital Rupee (e₹) in both wholesale and retail formats by the RBI adds a new dimension to the payments landscape of India. As a sovereign digital currency, the CBDC has the potential to provide programmable money, higher cross-border settlement efficiency and more insight for central banks into monetary transactions. But its engagement with the existing UPI-wallet ecosystem also presents difficult problems concerning disintermediation of commercial banks, privacy design (token-based vs. account-based), and the acceptable scope of central bank retail involvement.
6.2 Artificial Intelligence, Big Data and Regulatory Frontier
The use of artificial intelligence in payment systems – for fraud detection, credit scoring, tailored offers and customer service – presents potential and hazards that existing regulatory frameworks are ill-equipped to handle. New consumer protection issues such as algorithmic bias in credit decisions, opaque scoring models and weaponisation of behavioural data by dominant platforms require proactive regulatory attention, including required explainability criteria and algorithmic audit frameworks.
6.3 Globalisation of UPI and Cross-Border Payments
India’s internationalisation of UPI in the form of bilateral linkages with Singapore’s PayNow, UAE’s AANI and several other ASEAN and Gulf systems adds to the regulatory complexity regarding currency rate risk, AML/CFT compliance, data sovereignty and cross-jurisdictional dispute resolution. A strong multilateral regulatory framework – maybe anchored through the G20’s cross-border payment work programme – will be key to unleashing the full potential of UPI internationalisation while mitigating systemic risks.
CONCLUSION
India’s digital payment revolution is one of the biggest experiments in state-led financial innovation anywhere in the world. The UPI architecture, RBI’s adaptable regulatory framework and the competitive dynamism of the FinTech sector have built a system that has changed commerce, promoted financial inclusion and put India at the global frontier of digital payment infrastructure.
The revolution is not yet finished. Sustained concentration in UPI application markets, a consumer protection framework that has not kept pace with the scale of fraud and complexity of disputes, underpowered regulatory sandboxes and the emerging challenges of CBDC integration, AI governance and cross-border harmonisation all deserve sustained policy attention.
The way forward is not to choose between innovation and regulation, but to create regulatory institutions that are intelligent enough to do both at the same time. This calls for legislative modernisation of the PSS Act, increasing independent institutional capacity in the RBI’s payment oversight function, meaningful consumer representation in regulatory design processes and a competitive framework that preserves the benefits of India’s open payment infrastructure from the entropy of concentration.
India’s digital payments tale may provide a blueprint for the developing globe. Whether it realises that promise will rely on the wisdom and agility with which the state manages the ongoing conflict between the three imperatives that characterise the challenge: innovation, competition and consumer protection.
References
Reserve Bank of India (2021). Master Directions on Prepaid Payment Instruments, 2017. RBI/DPSS/2021-22.
Reserve Bank of India. (2020). Guidelines for Regulation of Payment Aggregators and Payment Gateways
Annual Report of NPCI 2023-24. Payment Corporation of India.
Government of India, Ministry of Finance (2023). Report on Digital Payments Department of the Financial Services.
Arner, D.W., Barberis, J. & Buckley, R.P. (2020). FinTech, RegTech and the Re Conceptualisation of Financial Regulation. Northwestern Journal of International Law & Business.
Singh, C. and Bhatt, V., 2022. Digital Payments in India: Challenges and Opportunities. IIM Bangalore Working Paper.
Payments Council of India. (2024). Industry Whitepaper: Consumer Protection in Digital Payments
This article added something new to my knowledge