We should be careful while using GenAI: PhonePe CTO Rahul Chari | Technical news

We are quite open about this for a fully interoperable network where there are no barriers to entry… If you look at the number of applications available and running, you can see that preferences have accumulated over time. So that consumers choose based on what is reliable.

We ended our cash back and user incentive program at the end of 2019, so in this type of environment it's a customer choice. For companies that have spent time, effort and money on networks to build this large digital payments ecosystem, I believe that the restriction does not make sense.

It is not recommended to use any type of cap in any category. So the question is why will future investment, innovation and entrepreneurship happen at all? Mitigation is not an accurate model for dealing with systemic risk. One approach could be modeling that has strict rules based on scale. We invest heavily in capacity planning to ensure that performance, reliability and availability are always top of mind.

But regulators are not wrong either. Market concentration is a risk

The regulator's concerns are justified. The question is whether its solution is correct. Concerns can be addressed in many ways. The fact that new players continue to arrive and become significant (major) players shows that there is still an appetite to enter the market and even an opportunity to create new use cases. Having something like a hat can actually discourage you from doing this – it can go against the greater cause.

The issue of the Merchant Discount Rate (MDR) has been in the news lately, but regulators have done nothing.

We are very transparent about this. Zero MDR in UPI has played a role in scaling UPI, especially towards adoption. I think that at some point payments should be self-sustaining for payment's sake and building a pure payments organization should be encouraged. I believe that MDR should occur at some point so that the unit economics and the payment itself are positive.

How does PhonePe use GenAI in its processes?

When it comes to GenAI, we should be careful when using it, especially when it comes to controlled spaces. We have been extensively using ML (machine learning) to reduce risk and fraud for a long time. With the scale of our over 270 million transactions per day, I am unable to determine based on established rules whether a given transaction should be completed. We used ML extensively to determine the cohort and onboard new employees.

GenAI – We need to be careful because we need to be able to interpret when we do things like underwriting. Even when generating code, I think you need to be extra careful when it comes to managing your money and using the financial space.

How is PhonePe's technology ready to handle scale?

Much of our effort on the payments side continues to focus on scale and efficiency. We spend over 50-70 percent of our work on continuous maintenance of our systems. It also comes down to having a very good team, preferably talented people dealing with large-scale distribution systems. One of the things that we had the luxury of – this was our third startup – we built a network of amazing talent during our first startup and our journey with Flipkart. Some of the best engineers and architects are with us. We designed a system that would actually complete 10 million transactions on the first day. This was our goal on the first day. We made a lot of decisions early on that helped us. We also chose something that actually runs on-premises, so payment operations don't run in the public cloud. This gives us the ability to maximize hardware utilization and design many systems for performance that exceeds regulatory requirements such as data localization. We certainly use the public cloud for other operations.

UPI-related scams and cyber threats are on the rise. How does PhonePe prepare for them?

Many of our investments are in risk and fraud detection platforms. This is one of our platforms that we have built as Guardian, and now we want to see if we can open it up to the ecosystem and other players. Whether it's device fingerprinting to make sure there's no device cloning, or a platform where we can run our own machine learning models and rule sets at scale… we also do a lot of anti-aliasing. Pattern matching to check whether the transaction being made matches the user's pattern. Whether through social engineering or any other malicious takeover attempt, we strive to block such transactions.

Cybersecurity has a multi-faceted approach. We have two different functions, one team looks from the outside and is more like ethical hackers, and the other team, information security, looks from an internal perspective, updating regularly, etc.

As UPI increases, more efforts should be put into mitigating it (cyber threat). This is crucial because the next 300 million users who join will require more hand-holding and education on how not to be scammed.

This debate is about using more software or systems made in India than multinational corporations. What is your view?

We build our systems entirely based on open source software. We have been able to leverage the best of what has been achieved around the world to build population scaled systems at the lowest cost, without having to be tied to a proprietary solution. We provide all three of our solutions on an open source basis. PhonePe Github is now a public repository. Our complete container orchestration solutions are developed in-house and open source. We've also open sourced our security framework… and hope to give more to the community. I believe that since we have used so much from open source, we should give it back to the community as well.