PhonePe Fraud. Is PhonePe is a fraud app? They are not refunding my money after 15 days, also after getting confirmation from IRCTC that they didn’t get the payment from PhonePe. https://qr.ae/TSVdN3

Technology is a many splendored thing, when it works. Digital Payment is no exception.

But, when it fails, technology can be a PITA.

Especially a technology like Digital Payment whose failure can cause disproportionately higher anxiety and heartburn compared to other technologies because money is at stake rather than a document or 280 character text or a cat video.

Going by what you’ve said, you’re sadly a victim of a failed digital payment. It used to be fairly common with credit card and debit card payments subject to two factor authentication but it’s news to me that the failed payments problem has started afflicting payment apps like PhonePe.

I’ve copied-pasted a passage from my blog post Why COD Still Rules Ecommerce In India to explain what happens behind the scenes of a digital payment. While it references a payment card payment, many of the basic principles and problems therefrom are also applicable for an Account-to-Account payment method like Zelle (USA), FPS (UK), and UPI (India) including PhonePe, Google Pay, et al.

Why Two Factor Authentication Is A “Conversion Killer” & “Blood Pressure Booster”

A credit / debit card payment goes through a value chain comprising several players: Consumer (e.g. You), Merchant (e.g. Amazon), Acquirer (the bank that supplies the POS terminal and enables the merchant to accept card payments e.g. ICICI), Card Network (e.g. Visa / MasterCard), Issuer (the bank that issues the card and enables the Consumer to make card payments e.g. Citi), Electronic Payment Gateway (e.g. Bill Junction), Payment Service Provider (e.g. PayZapp) and Mobile Network Operator (e.g. Vodafone).

Each player processes a part of the payment and forwards it along to the next player in the value chain. To that extent, the card payment rails resembles a power train made up of several moving parts.

In a 2FA card payment, there are typically five moving parts. When a Consumer pays by card on the Merchant’s website, they’re shunted around from one moving part to another. One tells them to enter their card details (card #, etc.), another prompts them to enter their password (e.g. VerifiedByVisa), and another sends an OTP (One Time Password) to their mobile phone, and so on. The Consumer is confronted by several systems, each with a different UI, flitting around the screen, one after the other in rapid succession. This causes a lot of anxiety. In response, some Consumers abandon the payment midway. The Merchant loses business. Ergo Conversion Killer #1.

The remaining intrepid Consumers who brave the friction and complete the journey now rely on the various moving parts to go to work to process the payment. When all moving parts hum along nicely and complete their respective tasks, the payment succeeds. But even if one moving part is down, the payment fails.

In an ideal world, all servers will have 100% availability, all pipes will enjoy non-stop connectivity, and all software will be bug-free – enabling all moving parts to work 24/7/365 and process all payments successfully.

But in the real world, things are not so hunky dory. Cost and other considerations cap the uptime of each moving part to around 90%. This is not as high as it sounds – an end-to-end 2FA transaction that needs to traverse five moving parts having 90% availability each will succeed only 59% of the time (being 0.9*0.9*0.9*0.9*0.9*100%). Ergo, a credit / debit card payment subject to 2FA has a success rate of only ~60%. Which means, the Merchant loses 40% business. Ergo Conversion Killer #2.

The remaining 40% of 2FA payments fail, which means the Consumer’s account will be debited but the Merchant will refuse to ship because he hasn’t received the money. Ergo Blood Pressure Booster #1. Failed payments fall into a “CyberAbyss” of sorts, which comprises Collection Account of Merchant, Nostro Account of Sender Bank at Scheme Operator, Nostro Account of Beneficiary Bank at Scheme Operator, Internal Collection Accounts at Sender Bank and Beneficiary Bank, Scheme Operator Account, Unintended Beneficiary’s Account, and dozens of other nooks and crannies in the payment value chain.

Some Merchants / Issuers use sophisticated tools that will help them ferret out failed payments from the CyberAbyss and reprocess them. Others don’t and won’t, so the failed payments will remain stuck in the CyberAbyss. Consumers of the first cohort will get their money back in their accounts automatically within a few days. Consumers of the second cohort will be made to run from pillar to post between the Issuer and the Merchant for several months to get a refund. Ergo Blood Pressure Booster #2. Either way, most Consumers who suffer a failed payment will think twice before hazarding another card payment in future.

In a nutshell, two factor authentication poses tremendous friction and causes failed payments, because of which Merchants lose revenues and Consumers undergo stress. That’s why it’s called a “Conversion Killer” and “Blood Pressure Booster”.

Your experience suggests that your Payments Service Provider belongs to the second type i.e. it lacks sophisticated tools with which to ferret out failed payments from the CyberAbyss. So you might need to run from pillar to post for several months to get your money back.

While your experience might influence your decision on whether to use PhonePe in future or not, it does NOT support a charge of fraud against the said PSP (at least not yet).

On a side note, if the same failed payment had happened with a credit card, your money will still be in your bank account and it will be easier to wage the battle to reverse the debit entry. So, after this experience, you might want to consider switching your mode of digital payment to plastic credit card or credit card linked payment app like PayTM or PayZapp (both in credit card mode, not UPI mode).