The midnight momos
It's 12:08 AM in Pune. A student walks up to a momo cart, scans a QR code, taps Pay, and walks away with his food.
He doesn't know it. The shopkeeper doesn't know it. Honestly, most developers don't know it either.
But in those two seconds between tap and paid, NPCI's UPI switch just performed twenty-something steps across banks, PSPs, and security engines and pulled it off without storing a single thing about him.
No account number. No balance. No VPA. No mobile number. Nothing.
All NPCI did was route, validate, sign, and log enough metadata to prove the transaction happened.
Sounds like an L7 load balancer, doesn't it? Pretty much. Just on steroids.
Let's walk through how this actually works.
NPCI is not a bank and that's the whole point
This is where most explanations get muddled, so let's get it out of the way first.
NPCI doesn't hold your account. It doesn't store your balance, your VPA, your PIN, or any personal info. It's not a wallet. It's not a ledger.
What NPCI does see briefly is:
- the encrypted payload
- the headers
- the signatures
- a transaction ID
- routing identifiers (VPA, bank code)
That's it. All of it is processed in real time and never persisted as user data. The actual money movement, balance checks, fraud rules, KYC none of that happens at NPCI. That happens at the banks.
NPCI is the neutral switch sitting in the middle.
The L7 analogy used correctly this time
A lot of articles compare NPCI to a load balancer and stop there. The comparison only really lands once you separate L4 from L7.
An L4 load balancer works at the transport layer. It forwards packets. It doesn't care what's inside them. Fast, but blind.
An L7 load balancer works at the application layer. It can read the payload, parse headers, verify signatures, apply business rules, rate-limit, throttle, and route based on whatever logic you write into it.
NPCI is squarely in the L7 camp. Its UPI switch:
- terminates TLS
- parses the UPI protocol (JSON/XML)
- validates the payload, headers, and format
- verifies cryptographic signatures (PSK)
- runs UPI business rules
- looks up the receiver bank in a routing table
- applies rate limits and fraud heuristics
- logs non-PII metadata for compliance and settlement
So no, NPCI isn't a "dumb router." It's closer to an application gateway purpose built for payments.
What actually happens when you tap Pay
Here's the flow, end-to-end:
Walking through it:
- You initiate the payment in your UPI app.
- The PSP (GPay, PhonePe, Paytm, whatever) packages it up and sends it to NPCI with the payload and signature.
- NPCI validates everything: schema, signature, format, routing identifiers, throttling, fraud rules.
- NPCI looks up the payee's bank in its routing table.
- NPCI sends a debit request to the payer bank.
- The payer bank checks the account, validates balance, runs its own fraud checks, debits.
- NPCI sends a credit request to the payee bank.
- Payee bank credits.
- NPCI returns the final status to the PSP.
- Your app shows Payment Successful.
Two seconds. Maybe three on a bad day.
What NPCI logs and why that's still safe
NPCI does log things. It has to. RBI audits, dispute resolution, reconciliation they all need a paper trail.
But what it logs is metadata, not user data:
- transaction IDs
- timestamps
- routing decisions
- response codes
- fraud engine flags
- system health
No account numbers. No PII. Nothing that ties a transaction back to you without going through your bank first.
This distinction matters. "NPCI stores nothing" is wrong. "NPCI stores no user data" is right.
The scale that makes this feel like magic
The numbers are genuinely wild:
- 100K+ requests per second at peak
- 800M+ users
- billions of transactions per month
- under 2 seconds end-to-end
How? The usual suspects:
- horizontally scaled, mostly stateless processing nodes
- sharded routing tables
- distributed logging queues
- real-time fraud scoring in the request path
- multi-DC redundancy
The key architectural decision is statelessness in the switching path. Anything stateful balance, account, ledger lives at the bank. NPCI just orchestrates.
That's why it scales. State is expensive. Routing is cheap.
So what is NPCI, really?
If I had to land this in one line:
NPCI is a highly optimized L7 application gateway for UPI validating, routing, monitoring, and securing every transaction, without storing any user's personal data.
It's not a bank. Not a wallet. Not a ledger. Not a user database.
Think of it as the:
- traffic cop (routing)
- border guard (validation)
- customs inspector (signature checks)
- CCTV (metadata logging)
- orchestra conductor (end-to-end flow)
It never carries the vehicle. It just makes sure everything moves safely, in the right order, at the right time.
Back to the momos
The student finishes his momos. He never thinks about PSK signatures, VPA routing tables, or interbank switches.
He shouldn't have to. That's the whole point.
But quietly, behind every tap at midnight, at peak hour, on Diwali NPCI's L7 super switch keeps a billion person economy moving.
That's not magic. That's engineering discipline.
Top comments (1)
We are currently looking for a US developer. It would be ideal if we utilized your account to handle financial matters, including account growth and bidding, while you handled the development. It would take 2-3 years to raise your account to a Job Success, top-rated level on your own, but thanks to our extensive network of clients, we can improve your account in just two months. we can discuss together what the right compensation would be. If u have any question, DM me please. thanks