Payments PSP bank Payment Service Provider UPI NPCI ASBA UPI ASBA Sponsor bank

Payment Service Provider (PSP) bank

From WebNotes, a public knowledge base. Last updated . Reading time ~9 min.

In the Unified Payments Interface (UPI) scheme operated by the National Payments Corporation of India (NPCI) , a Payment Service Provider bank (commonly abbreviated PSP bank or simply PSP) is the licensed bank that authenticates a UPI payer, holds the account-linking record for the payer’s Virtual Payment Address (VPA), routes the payer’s transaction instructions to the NPCI switch, and bears regulatory liability for the payer-side of each transaction.

The PSP bank is the entity through which a payer’s bank account is registered on UPI. In the four-party model that underlies every UPI transaction, the PSP bank sits between the payer and the NPCI switch: it performs the cryptographic PIN verification, applies fraud controls, and submits a debit instruction to the payer’s actual account-holding bank (which may or may not be the same entity as the PSP bank).

Distinction from the sponsor bank

The PSP bank and the sponsor bank are two different roles, often confused because both appear in the context of UPI ASBA for IPO applications.

AttributePSP bankSponsor bank
Appointed byNPCI (certification and licensing)Issuer / lead manager (per-issue engagement)
Relationship to investorInvestor’s own bank (or the bank whose PSP cert underpins the investor’s UPI app)Contracted by the IPO issuer company
FunctionAuthenticates payer; routes transaction; bears payer-side liabilityReceives collect requests from exchange; pushes mandate to investors; receives allotment proceeds
ScopeAll UPI transactions across all use casesA specific public issue (IPO, FPO, rights issue)
Investor’s awarenessVisible as the bank behind the VPA handle (e.g., @ybl for Yes Bank)Visible on the IPO application form as the collecting bank name

A common example: an investor uses PhonePe (TPAP) with the handle investor@ybl (Yes Bank as PSP). The IPO’s sponsor bank is HDFC Bank. When the mandate is created, Yes Bank’s PSP infrastructure authenticates the investor; HDFC Bank’s sponsor-bank role manages the collection. These are independent functions.

Distinction from the sponsor bank in UPI ASBA

In the UPI ASBA context:

  1. The broker or exchange sends the IPO application to the exchange’s bidding system.
  2. The exchange instructs the sponsor bank to create a UPI mandate for the investor.
  3. The sponsor bank sends the mandate request through NPCI to the PSP bank identified by the investor’s VPA.
  4. The PSP bank presents the mandate to the investor’s UPI app.
  5. The investor enters their UPI PIN; the PSP bank verifies it and confirms the mandate to NPCI.
  6. The PSP bank instructs the investor’s account-holding bank to place a lien (block) on the bid amount.
  7. On allotment, the sponsor bank triggers mandate execution; the PSP bank instructs the debit.

The PSP bank is thus the critical authentication and fund-blocking intermediary, even though the initiating party is the sponsor bank and the account-holding bank executes the actual debit entry.

Certification and eligibility

NPCI certifies PSP banks through a product implementation and certification process under the UPI scheme rules. Eligibility requirements include:

  • A valid banking licence from the RBI (scheduled commercial bank, payments bank, or small finance bank, depending on the use case).
  • Technical certification of the UPI API implementation (both payer-side and payee-side interfaces).
  • Compliance with NPCI’s security and fraud management requirements.
  • Infrastructure capable of handling UPI transaction volumes within the response-time SLAs defined by NPCI.
  • A signed UPI participation agreement with NPCI.

NPCI maintains a list of certified PSP banks. As of 2025, approximately 50-60 banks hold PSP certification, a subset of the 600-plus banks that participate in UPI as remitter or beneficiary banks only.

Third-party application providers and the sponsor PSP relationship

Most retail UPI payers do not interact with their PSP bank directly through the bank’s own app. Instead, they use a third-party application provider (TPAP), a non-bank fintech that operates a UPI app under the sponsorship of a licensed PSP bank. Common TPAPs and their historic PSP sponsors:

TPAPPSP bank(s)
PhonePeYes Bank (historically); also ICICI Bank
Google PayAxis Bank; HDFC Bank
PaytmAxis Bank
Amazon PayAxis Bank
WhatsApp PayICICI Bank; Axis Bank; HDFC Bank; SBI; Yes Bank (multi-bank)
CREDFederal Bank

The TPAP is responsible for the user interface and experience. The PSP bank is responsible for UPI API integration, PIN management, NPCI reporting, and regulatory compliance. The TPAP cannot process UPI transactions independently; every transaction flows through the PSP bank’s certified interface to NPCI.

The relationship matters in UPI ASBA because NPCI routes the mandate to the PSP bank identified by the investor’s VPA handle, regardless of which app the investor uses day-to-day.

VPA namespace and handle allocation

NPCI allocates UPI handles (the part after the @ in a VPA) to licensed PSP banks and TPAPs. Each PSP bank or TPAP registered with NPCI gets one or more dedicated handles. For example:

HandleAllocated to
@oksbiGoogle Pay (State Bank of India PSP)
@okhdfcbankGoogle Pay (HDFC Bank PSP)
@okiciciGoogle Pay (ICICI Bank PSP)
@okaxisGoogle Pay (Axis Bank PSP)
@yblPhonePe (Yes Bank PSP)
@iblPhonePe (IndusInd Bank PSP)
@axlPhonePe (Axis Bank PSP)
@paytmPaytm Payments Bank
@upiBHIM (multiple PSP banks)
@aplAmazon Pay (Axis Bank PSP)

NPCI maintains the mapping between handles and PSP banks. When a user registers a VPA with a given handle, their account is linked to UPI through the PSP bank that holds that handle. A user who switches from one UPI app to another may get a different VPA handle.

Handle allocation is not publicly competitive; NPCI assigns handles to PSP banks and TPAPs as part of the certification agreement. A bank or TPAP that loses PSP certification loses its handle allocation, and existing VPAs on that handle must be migrated to another PSP.

Impact of RBI actions on PSP banks

RBI supervisory actions on a bank can directly affect UPI users registered on that bank’s PSP handle. Notable examples:

  • Paytm Payments Bank (2024): The RBI directed Paytm Payments Bank to stop onboarding new customers and eventually restricted its banking operations significantly from 1 March 2024, citing compliance failures. This affected users who held the @paytm UPI handle. NPCI facilitated the migration of existing @paytm VPAs to other PSP banks (Axis Bank, HDFC Bank, SBI, Yes Bank) to minimise disruption to UPI transactions.
  • Yes Bank (2020): The RBI imposed a moratorium on Yes Bank in March 2020, freezing withdrawals. PhonePe, which used Yes Bank as its PSP bank, experienced significant transaction disruption. Following the resolution of the Yes Bank moratorium, PhonePe worked to add additional PSP banks to reduce concentration risk.

These episodes illustrate that PSP bank health is directly relevant to UPI users who hold VPAs on that bank’s handle. NPCI has since encouraged TPAPs to maintain multi-bank PSP arrangements to reduce single-bank concentration risk.

NPCI’s approved PSP list and eligibility updates

NPCI publishes and updates the list of certified PSP banks periodically. New PSP admissions require NPCI board approval. A bank that loses PSP certification (due to technical non-compliance, financial stress, or regulatory direction) has its VPA handles migrated to another PSP or blocked, depending on the circumstances.

The migration of a payer’s VPA between PSP banks (for example, when a TPAP changes its PSP bank) is managed by NPCI’s VPA portability process, which is transparent to the end user.

Revenue model for PSP banks

Interchange fees

NPCI pays PSP banks an interchange fee for transactions processed through their PSP infrastructure. The interchange fee structure varies by product category:

  • For UPI P2P transactions: NPCI shares a portion of its switch fee with PSP banks, though the zero-MDR policy has compressed the total pool.
  • For UPI P2M transactions above ₹2,000: The framework allows for a small interchange (typically 0.15-0.25 per cent for certain merchant categories).
  • For UPI ASBA (capital markets): A per-mandate fee is paid to the PSP bank for mandate creation and execution.

Cross-sell revenue

PSP banks that operate their own UPI app (as opposed to being a behind-the-scenes PSP for a TPAP) earn cross-sell revenue from financial products promoted within the app: personal loans, credit cards, fixed deposits, and mutual funds. These products are higher-margin than the near-zero UPI transaction revenue and are the primary commercial driver for banks to invest in their UPI apps.

TPAPs that rely on a sponsor PSP bank earn revenue from merchant services, in-app financial products (buy-now-pay-later), and advertising, not from UPI transaction fees. The PSP bank earns the interchange; the TPAP earns from the monetisation layer on top of the UPI plumbing.

Zero-MDR impact on PSP economics

The zero-MDR waiver on UPI P2P and small-ticket P2M transactions, in force since January 2020, materially reduced the interchange revenue pool. PSP banks and TPAPs have lobbied through the Indian Banks’ Association and industry bodies for a restoration of a modest MDR (0.1-0.25 per cent) on P2M transactions above ₹100, arguing that zero MDR is unsustainable as volumes scale. The government and the RBI have maintained the zero-MDR position citing financial inclusion priorities.

Common PSP banks (as of 2025)

The following banks hold PSP certification and collectively cover the majority of UPI volume:

  • State Bank of India
  • HDFC Bank
  • ICICI Bank
  • Axis Bank
  • Kotak Mahindra Bank
  • Yes Bank
  • IndusInd Bank
  • Federal Bank
  • IDBI Bank
  • Punjab National Bank
  • Bank of Baroda
  • Paytm Payments Bank (limited scope; subject to RBI directions)
  • Fino Payments Bank

PSP bank liability in fraud

The PSP bank is the first point of regulatory liability for payer-side fraud on UPI. Under NPCI’s scheme rules:

  • If a fraudulent UPI transaction is traced to a compromised device or VPA linked to a PSP bank, the PSP bank is responsible for the investigation and, where applicable, the compensation to the victim under the RBI’s framework for customer protection in electronic banking transactions.
  • PSP banks must maintain fraud monitoring and reporting infrastructure.
  • PSP banks must file Suspicious Transaction Reports (STRs) with FIU-IND for transactions meeting AML thresholds.

The RBI’s circular on Limiting Liability of Customers in Unauthorised Electronic Banking Transactions (2017) applies to UPI transactions. A customer who reports an unauthorised UPI transaction within three working days is entitled to the full amount refunded from the PSP bank. The PSP bank can then pursue recovery from the beneficiary PSP bank or the beneficiary if the fraud is established.

To clarify the distinction, consider an investor applying for an IPO through Zerodha Kite:

  1. Investor’s VPA: investor@ybl (PhonePe, with Yes Bank as PSP).
  2. IPO sponsor bank: HDFC Bank (contracted by the issuer for this issue).
  3. Investor’s broker: Zerodha.
  4. Investor’s account: Held at ICICI Bank (not the PSP bank, the investor linked their ICICI account to PhonePe through Yes Bank’s PSP interface).

Transaction flow:

  • Zerodha submits the bid to the NSE bidding system.
  • NSE instructs HDFC Bank (sponsor bank) to create a mandate.
  • HDFC Bank sends a mandate request to NPCI.
  • NPCI resolves @ybl to Yes Bank (PSP bank) and routes the mandate.
  • Yes Bank presents the mandate to the investor’s PhonePe app.
  • Investor enters UPI PIN; Yes Bank (PSP) verifies PIN and confirms mandate to NPCI.
  • Yes Bank instructs ICICI Bank (account-holding bank) to block the bid amount.
  • On allotment, HDFC Bank (sponsor bank) triggers execution via NPCI.
  • Yes Bank (PSP) instructs ICICI Bank to debit the allotted amount.

In this example: Zerodha is the broker, HDFC is the sponsor bank, Yes Bank is the PSP bank, ICICI is the account-holding bank, and PhonePe is the TPAP. Four different entities play four different roles.

Technical certification process

NPCI’s PSP bank certification process involves:

  1. API integration: The bank or TPAP implements the NPCI UPI API specification (current version).
  2. Certification testing: A structured set of test cases covering all transaction types, error codes, and edge cases. The bank must pass all mandatory test cases.
  3. Pilot: A limited live pilot with a small user base under NPCI monitoring.
  4. Full launch: Full commercial launch upon NPCI’s confirmation.

Recertification is required when NPCI releases a new major API version. PSP banks that fail to recertify within NPCI’s migration window are temporarily suspended from processing new transactions until compliance is restored.

PSP bank onboarding of new users

VPA registration flow

When a new user registers a UPI VPA:

  1. The user downloads a UPI-enabled app (bank-own or TPAP).
  2. The app detects the SIM card and verifies the linked mobile number via an SMS OTP sent to the registered mobile number at the bank.
  3. The user selects a bank account from the list of accounts linked to that mobile number (retrieved via an NPCI API query).
  4. The user sets a UPI PIN using their debit card’s last six digits and expiry date, plus an OTP sent to the registered mobile number.
  5. The PSP bank confirms the VPA registration to NPCI and updates the VPA mapping table.

Steps 2 and 4 constitute the two-factor setup: the mobile number (possession factor for ongoing transactions) and the debit card credentials (knowledge factor for initial PIN setup).

Debit card requirement

The debit card requirement for UPI PIN setup has been a financial inclusion constraint: customers with zero-balance Jan Dhan accounts often do not have active debit cards. NPCI has worked with banks to allow UPI PIN setup via the account holder’s netbanking credentials as an alternative to debit card credentials, which has extended UPI registration to a wider base.

Regulatory context

PSP banks operate under:

  • NPCI UPI Scheme Rules and Operational Circulars: Primary governance for PSP certification, liability, and settlement.
  • Payment and Settlement Systems Act, 2007: The RBI’s supervisory framework for payment system participants.
  • RBI Master Direction on Payment Service Providers: Includes KYC, fraud reporting, and grievance redressal obligations for PSP banks.
  • SEBI ASBA Circulars (2019, 2022, 2023): Define the PSP bank’s role in UPI ASBA, including mandate creation, lien placement, and execution obligations.

For the role of the other banking intermediary in ASBA, the collecting bank for bank (non-UPI) ASBA applications, see Self Certified Syndicate Bank (SCSB) .

References

  1. NPCI, UPI Scheme Rules and Operational Circulars, https://www.npci.org.in/what-we-do/upi/product-overview (accessed May 2026).
  2. NPCI, UPI API Specification, PSP Technical Guidelines, Version 2.0.
  3. SEBI Circular SEBI/HO/CFD/DIL2/CIR/P/2022/45, Streamlining of Application Process in Public Issues, UPI Mechanism, April 2022.
  4. RBI, Master Direction on Prepaid Payment Instruments, RBI/2017-18/153, April 2017.
  5. RBI, Guidelines on Regulation of Payment Aggregators and Payment Gateways, March 2020.
  6. NPCI, List of Live PSP Banks on UPI, https://www.npci.org.in/what-we-do/upi/3rd-party-apps (accessed May 2026).

Related articles

  • UPI ASBA (Unified Payments Interface, Application Supported by Blocked Amount)

    Encyclopedic reference on UPI ASBA: the NPCI mandate framework powering retail IPO applications in India, including sponsor and issuer bank …

  • UPI 2.0 mandate explained

    An explainer on the UPI 2.0 mandate construct, focusing on how the one-time block mandate works in IPO ASBA applications: creation, …

  • UPI mandate

    A UPI mandate is a future-dated debit authorisation under UPI 2.0 (UPI AutoPay), used for mutual fund SIPs, IPO ASBA, and recurring …

  • BHIM app

    BHIM (Bharat Interface for Money) is the government-affiliated UPI reference app operated by NPCI, launched in December 2016 as a simple, …

  • National Payments Corporation of India (NPCI)

    NPCI is the RBI-promoted umbrella institution for retail payment infrastructure in India, operating UPI, IMPS, RuPay, NACH, AePS, FASTag, …

  • Unified Payments Interface (UPI)

    UPI is India's real-time interbank payment rail built by NPCI, enabling instant fund transfers via a Virtual Payment Address across 600-plus …

Reviewed and published by

WebNotes Editorial Team

The WebNotes Editorial Team covers Indian capital markets, payments infrastructure and retail investor procedures. Every article is fact-checked against primary sources, principally SEBI circulars and master directions, NPCI specifications and the official support documentation published by the intermediary in question. Drafts go through a second-pair-of-eyes review and a separate compliance read before publication, and revisions are tracked against the SEBI and NPCI rule changes referenced in the methodology section.

Last reviewed
Conflicts of interest
WebNotes is independent. No relationship with any broker, registrar or bank named in this article.