The Five Moments You See
UPI payments happen in five visible steps: scan the QR code, check the name and amount, enter your PIN, see the green tick, and the recipient's phone buzzes. Everything else is hidden. In June 2026 alone, UPI carried over 2,272 crore payments, making it the world's busiest real-time payment system. This article traces what happens between the scan and the tick.
The App: Just a Thin Layer
The app (PhonePe, Google Pay, Paytm, etc.) is officially a Third-Party Application Provider (TPAP). Its job is narrow: gather your intent, show you the payee name, collect your PIN through a secure pad it cannot read, and hand the instruction to a sponsor bank. The app never sees your PIN, holds no money, and has no banking license. Competition is fierce here: PhonePe and Google Pay together handle ~80% of all UPI payments. A newcomer, super.money (Flipkart, 2024), climbed from outside the top 50 to the top 5 in about a year by offering guaranteed cashback.
The Sponsor Bank: Where the Real Connection Lives
The app cannot reach the payment network directly. It borrows a banking license from a Payment Service Provider (PSP) sponsor bank. The suffix on a UPI handle (@ybl, @okaxis) names the sponsor, not the app. PhonePe uses Yes Bank, Axis, and ICICI; Google Pay uses Axis, HDFC, ICICI, and State Bank. Most big apps now use multiple sponsors for resilience. When payer and payee share the same sponsor, the bank resolves both addresses internally, skipping the network directory and saving about 1 paisa per transaction.
NPCI: The Single Switch
Every payment converges on NPCI's central switch. Its first job: route the request to the recipient's sponsor bank, which resolves the handle to a real account. Then the switch enforces a strict order: it asks your bank to debit you first. Your bank is the only party that can decrypt the PIN. Only after the debit is confirmed does the switch ask the payee's bank to credit. Money always leaves before it arrives. The result flows back through the sponsors: your PSP shows "payment sent", the payee's PSP shows "received".
The Banks: Paying vs. Receiving Are Not the Same
On the paying side, State Bank of India leads by a wide margin. But on the receiving side, Yes Bank dominates — its share of incoming payments has doubled in two years. Why? Most UPI payments are now merchant (shop) payments, not person-to-person. The line crossed in August 2022. A shop's UPI code is issued by a sponsor bank, and for the largest merchant apps that sponsor is Yes Bank. So when you scan a PhonePe code at a store, the credit lands first at Yes Bank, and the shopkeeper is paid out later from a pooled account.
Where It Breaks: Business vs. Technical Declines
Every declined payment is one of two types. Business decline: wrong PIN, low balance, daily limit — you understand it immediately. Technical decline: a bank's server didn't respond — "Bank server down, please try again". The gap is widening. Today about 1 in 11 payments is declined, but fewer than 1 in 400 fail due to technical issues. Technical declines have fallen year after year (from >1% to <0.25%) as banks hardened their systems. Business declines have risen. The rail is reliable; the failures are mostly user-side rules.
The Safety Net: Deemed Payments
Because money leaves before it arrives, there's a brief period where the network can't confirm if the credit happened. This is a "deemed" payment. Your app shows "processing" instead of a green tick. After about 90 seconds, the app can query the network for the true status. The system is designed for exactly this scenario.
Conclusion
UPI's architecture is a chain of specialized actors: app, sponsor bank, NPCI switch, and payee's bank. Each has a narrow role. The system's resilience comes from redundancy (multiple sponsors per app) and strict ordering (debit before credit). As a developer, understanding this pipeline helps you debug payment failures, optimize for merchant flows, and appreciate the engineering behind 2,272 crore monthly transactions.