BANKING · PAYMENTS · RISK

Credit on UPI: Rails, Risk, and Rupees — A Merchant-First Explainer

Pay-by-credit on UPI is moving from pilots to prime time. Here’s how economics shift for issuers, merchants, and PSPs.
By bataSutra Editorial · August 11, 2025
In this piece:
  • The short version — what changes and for whom
  • How credit on UPI actually flows (issuer ↔ PSP ↔ merchant)
  • Unit economics: MDR, interchange, rewards, risk
  • Risk controls without breaking UX
  • What to watch over the next 12 months

The short

  • Merchants get a bigger basket and better conversion; MDR exists but can be priced to ROI.
  • Issuers gain new spend corridors and richer data; underwriting must be “session-aware”.
  • PSPs / Apps win on engagement, lose if dispute ops aren’t tight.
  • Consumers see card-like rewards with UPI familiarity; misuse controls matter.

What “credit on UPI” covers

1) RuPay credit card on UPI

Card credentials are tokenised into UPI; merchant sees a UPI collect/pay, issuer settles as card credit.

2) Pre-sanctioned credit lines

Bank/NBFC extends a revolving line mapped to a UPI handle. Feels like pay-later, settles like credit.

3) Merchant-tied EMIs

Higher-ticket purchases split into instalments at checkout; MDR includes subvention where applicable.

Flow & roles

Issuer owns underwriting, line management, rewards. PSP/App owns UX, risk prompts, dispute intake. Merchant owns KYC discipline, refund SLAs, and reconciliation hygiene.

Golden rule: authorise fast, settle clean. Ops debt compounds quickly in disputes and refunds.

Unit economics (stylised)

StakeholderMoney OutMoney InComment
MerchantMDR 0.3–1.0%Higher AOV, conversion, potential offersFor low-margin SKUs, pair with minimum bill value
IssuerRewards, funding cost, lossesInterchange, interest/EMI, dataSession-aware risk cuts loss-rate tails
PSP/AppIncentives, support costsMDR share, engagement, cross-sellDispute tooling is moat

For issuers, the hinge is loss rate. When loss < interchange + interest – rewards – ops, the model scales. Rewards should track lifetime value, not headline rates.

Risk controls that don’t trash UX

  • Contextual limits: Lower per-txn limits for new devices, new merchants, or odd hours.
  • In-session re-KYC: Step-up only when risk spikes (geo-mismatch, device change, SIM swap).
  • Merchant hygiene: MCC whitelists, refund-policy checks, settlement holdbacks for fresh merchants.
  • Abuse controls: Velocity checks, chargeback heatmaps, dynamic 2FA with fallback rails.

Playbooks

For Banks/NBFCs

  • Spin up session-aware risk scoring (device, geo, merchant, ticket size).
  • Tune rewards to preferred corridors (grocery, fuel, billpay) not flat rates.
  • Instrument disputes for T+0 intake; automate provisional credits.

For Merchants

  • Offer credit only where uplift beats MDR. Track AOV and refund friction.
  • Surface EMI on product pages; keep refund SLAs crisp.
  • Monitor issuer/PSP reliability; switch off noisy corridors quickly.

What to watch

  • Interchange/MDR evolution as volumes scale
  • Risk-ops: fraud rings and app-to-app exploits
  • Consumer controls: per-merchant caps and “cool-off” windows
  • Cross-sell: how issuers turn UPI credit traffic into deposits and loans