What is a VPA?
VPA stands for Virtual Payment Address. It's the unique identifier used in the UPI (Unified Payments Interface) system to send and receive money. Think of it as an email address for money — just like you email someone at name@gmail.com, you can send money to name@bankname.
When you make a UPI payment, your bank records the recipient's VPA in the transaction description. This is why your bank statement has entries that look like UPI/ZOMATO@ICICI/Order123 or UPI/9876543210@PAYTM/Transfer instead of just "Zomato" or "Food Delivery."
The Anatomy of a VPA
Every VPA has two parts separated by the @ symbol:
[identifier]@[handle]
- Identifier (before @): This is the unique part — a username, phone number, or business name. Examples:
zomato,9876543210,rahul.kumar,merchant1234 - Handle (after @): This identifies which bank or payment app issued the VPA. Examples:
icici,paytm,okaxis,ybl,okhdfcbank
What Do the Common Bank Handles Mean?
The "@handle" part of a VPA tells you which bank or app processes the payment:
| Handle | Issued by |
|---|---|
| @paytm | Paytm Payments Bank |
| @ybl | Yes Bank (used by PhonePe) |
| @okaxis | Axis Bank (used by Google Pay) |
| @okhdfcbank | HDFC Bank (used by Google Pay) |
| @oksbi | SBI (used by Google Pay) |
| @icici | ICICI Bank |
| @axl | Axis Bank direct |
| @razorpay | Razorpay (payment gateway for businesses) |
| @hdfcbank | HDFC Bank direct |
How to Identify the Merchant from a VPA
Once you understand the VPA format, identifying merchants in your bank statement becomes easier:
zomato@icici→ Zomato (food delivery)swiggy@icici→ Swiggy (food delivery)9876543210@paytm→ A person-to-person transfer (the identifier is a 10-digit phone number)fastag@hdfcbank→ FASTag toll paymentnetflix@axisbank→ Netflix subscriptionairtel.dth@airtel→ Airtel DTH/rechargexyz123@razorpay→ A business that uses Razorpay as its payment processor (merchant unclear from VPA alone)
Why Some Transactions Are Hard to Identify
Three types of VPAs are genuinely opaque:
- Phone number VPAs like
9123456789@ybl— these are always person-to-person transfers. The name of the recipient is not in the VPA. - Gateway VPAs like
merchant_abc123@razorpay— the payment gateway (Razorpay, Cashfree, etc.) issues a merchant-specific ID that doesn't reveal the actual business name. - Local business VPAs like
rameshkirana@sbi— small shops and individuals create VPAs without using a branded app, so the identifier is whatever they registered with their bank. - UPI — instant payment using VPA (mobile-to-mobile, 24/7, up to ₹1 lakh per transaction for most banks)
- IMPS — instant payment using bank account + IFSC (also 24/7 but typically used for larger or bank-to-bank transfers)
- NEFT — batch settlement payment (not instant, business hours only, no upper limit)
UPI Audit handles the first two cases automatically: phone-number VPAs are classified as Transfers (P2P), and gateway VPAs are classified as Shopping. Truly local/unrecognized VPAs appear in the Others category with their full VPA shown so you can identify them yourself.
The Difference Between UPI, IMPS, and NEFT in Your Statement
Your bank statement may also show IMPS and NEFT transactions alongside UPI. Here's the difference:
UPI Audit analyzes UPI and IMPS transactions since these represent the daily spending behavior most relevant to budgeting. NEFT transfers (which are typically large one-time transactions like property payments or business transfers) are not included in the spending analysis.
Is It Safe to Share Your UPI VPA?
Yes — sharing your VPA is safe in the same way sharing your email address is safe. A VPA only lets someone send you money, never withdraw it. To receive a payment you simply share your VPA (for example yourname@oksbi) and the sender pushes money to it.
The risk is never the VPA itself — it is the collect request and your PIN. Fraudsters send a "collect money" request disguised as a payout ("accept to receive ₹5,000") and rely on you entering your UPI PIN. You never need to enter your UPI PIN to receive money — only to send it. If any screen asks for your PIN to "receive" a refund, cashback, or prize, it is a scam. See our UPI safety guide for the full list of red flags.
Reading the Reference Number in Your Statement
Alongside the VPA, every UPI entry carries a 12-digit UPI reference number (also called the RRN or UTR). It appears as something like UPI/DR/412345678901/.... This number is your proof of payment — if a transaction is disputed, or a merchant claims they never received the money, the RRN is what your bank and the merchant use to trace it. It is worth screenshotting the RRN for any large or contested payment.
Can You Have More Than One VPA?
Yes. A single bank account can be linked to several VPAs across different apps — you might have yourname@oksbi in Google Pay, 9876543210@ybl in PhonePe, and yourname@paytm in Paytm, all drawing from the same account. This is why a bank statement can show the same person paying you from different handles in different months: they simply switched apps. UPI Audit accounts for this by focusing on the identifier and the merchant behind it, not just the raw handle.