We must be careful about how GenAI is used: PhonePe CTO Rahul Chari | Technology News

We are quite open about this in a fully interoperable network where there are no barriers to entry… if you look at the number of applications that exist and are released, there is a preference that has been built over time. Let consumers choose based on what is trustworthy.

At the end of 2019, we stopped the cashback and incentive program for users, so it is a customer choice in this type of environment. For the companies that have spent time, effort and money on networks to build this large digital payments ecosystem, I believe the cap is meaningless.

Any type of limit is discouraged for any category. So the question is why will future investment, innovation and entrepreneurship happen? Limitation is not an accurate model for addressing systemic risk. One approach could be to model with strict scale-based rules. We invest heavily in capacity planning to ensure that performance, reliability and availability are always our first focus.

But regulators aren't wrong either. Market concentration is a risk

The regulator's concern is justified. The question is whether your solution is correct. Concerns can be addressed in several ways. The fact that new players continue to constantly emerge and become relevant (key) players shows that there is still a willingness to enter and, indeed, an opportunity to create new use cases. Having something like a limit can actually discourage you – it can go against the greater cause.

The issue of Merchant Discount Rate (MDR) has been in the news lately, but nothing has been done by regulators.

We are very transparent about this. Zero MDR on UPI has played a role in scaling up UPI, especially for adoption. I think at some point payments should be self-sufficient for the sake of payments and it should be encouraged to build a pure payments organization. I believe MDR must happen at some point for unit economics and the payment itself to be positive.

How is PhonePe using GenAI in its processes?

When it comes to GenAI we must be cautious about its use, especially when it comes to controlled space. We have long used ML (machine learning) extensively in containing risk and fraud. Given the scale of our more than 270 million daily transactions, I cannot use set rules to determine whether a transaction should be executed. We have used ML significantly in determining and integrating cohorts.

GenAI – We need to be careful because we need to have the ability to interpret when you are doing things like underwriting. Even when generating code, I think you need to be very careful when managing money or using financial space.

How is PhonePe's technology ready to handle scale?

A big part of our effort on the payments side continues to be towards scale and performance. More than 50-70 percent of the work goes into the ongoing maintenance of our systems. It's also about having a very good team, the best thing is to have good talent in large-scale distribution systems. One of the things we've had the luxury of – this being our third startup – we've built an incredible talent network through our first startup and our journey with Flipkart. Some of these best engineers and architects are with us. We designed a system that would actually deliver 10 million transactions on day one. That was our goal on the first day. Many decisions we made early on helped us. Another thing we chose is to be on-premises, so payment operations aren't running in a public cloud. This gives us the ability to really make the most of hardware and design many systems to perform beyond regulatory requirements such as data localization. We certainly use the public cloud for some other operations.

UPI fraud and cyber threats are on the rise. How is PhonePe preparing for this?

Many of our investments are in risk and fraud detection platforms. This is one of our platforms that we built as Guardian and now we want to see if we can externalize it to the ecosystem and other stakeholders. Whether it's doing device fingerprinting to ensure there's no device cloning, or having a platform where we can run our own ML models and rulesets at scale… we also do a lot of anti-aliasing. Pattern matching to identify whether a performed transaction matches the user's pattern. Whether through social engineering or any other malicious takeover attempt, we attempt to block such transactions.

Cybersecurity takes a multifaceted approach. We have two different roles, one team looks from the outside and they are more like ethical hackers and the other information security team looks from an internal perspective with regular updates etc.

As UPI has grown, we need to make more efforts to contain it (cyber threats). This is crucial because the next 300 million users who join will require more support and education on how not to be scammed.

This debate is about using more software or systems made in India than MNCs. What is your opinion?

We build our systems entirely on open source software. We are able to use the best from around the world to build population-scale systems at the lowest cost, without being tied to a proprietary solution. We have open sourced all three of our solutions. PhonePe Github is now a public repository. Our end-to-end container orchestration solutions are developed in-house and open source AND we've open-sourced our security framework… and we hope to give back more to the community. I believe that since we use so much open source, we should also give it back to the community.