Comments
The Reserve Bank of India (RBI) on Tuesday said it will regulate in entirety the activities of payment aggregators (PAs) and provide baseline technology-related recommendations to payment gateways (PGs) in view of the important functions of these intermediaries in the online payments space as also their role vis-à-vis handling funds.
PAs are entities that facilitate e-commerce sites and merchants to accept various payment instruments from customers for completion of their payment obligations without the need for merchants to create a separate payment integration system of their own.
PGs are entities that provide technology infrastructure to route and facilitate processing of an online payment transaction without any involvement in handling of funds.
As per RBI guidelines on Regulation of Payment Aggregators and Payment Gateways, non-bank PAs shall require authorisation from RBI under the Payment and Settlement Systems Act, 2007 (PSSA).
Banks provide PA services as part of their normal banking relationship and do not therefore require a separate authorisation from RBI.
A PA should be a company incorporated in India under the Companies Act, 1956 / 2013.
Existing non-bank entities offering PA services are required to apply for authorisation on or before June 30, 2021. They shall be allowed to continue their operations till they receive communication from RBI regarding the fate of their application.
Commercial marketplaces providing PA services shall not continue this activity beyond the deadline prescribed above. If they desire to pursue this activity, it should be separated from the marketplace business and they should apply for authorisation on or before June 30, 2021.
PGs will be considered as ‘technology providers’ or ‘outsourcing partners’ of banks or non-banks, as the case may be.
Capital requirements
Existing PAs have to achieve a net worth of ₹15 crore by March 31, 2021 and a net worth of ₹25 crore on or before March 31, 2023. The net worth of ₹25 crore has to be maintained at all times thereafter.
New PAs should have a minimum net worth of ₹15 crore at the time of application for authorisation and have to attain a net worth of ₹25 crore by the end of the third financial year of the grant of authorisation. The net worth of ₹25 crore has to be maintained at all times thereafter.
Related Stories
Combination of monetary, fiscal policy needed to address coronavirus impact: SBI report
Research report moots proactive liquidity regime, relief for people losing income due to shutdownThe RBI said agreements between PAs, merchants, acquiring banks, and all other stakeholders should clearly delineate the roles and responsibilities of the involved parties in sorting / handling complaints, refund / failed transactions, return policy, customer grievance redressal (including turnaround time for resolving queries), dispute resolution mechanism, and reconciliation, among others.
PAs need to disclose comprehensive information regarding merchant policies, customer grievances, privacy policy and other terms and conditions on the website and / or their mobile application.
Merchant on-boarding
As per the guidelines, PAs should have a Board-approved policy for merchant on-boarding. They need to undertake background and antecedent checks of the merchants to ensure that such merchants do not have any malafide intention of duping customers, and do not sell fake / counterfeit / prohibited products.
Merchant sites cannot save customer card and such related data. A security audit of the merchant may be carried out to check compliance, as and when required. Agreement with the merchant should have provision for security / privacy of customer data.
PAs should submit the list of merchants acquired by them to the bank where they are maintaining the escrow account and update the same from time to time. The bank needs to ensure that payments are made only to eligible merchants / purposes.
PAs are required to put in place a formal, publicly-disclosed customer grievance redressal and dispute management framework, including designating a nodal officer to handle customer complaints / grievances and the escalation matrix. The complaint facility, if made available on website / mobile, should be clearly and easily accessible.
The RBI said PAs have to put in place adequate information and data security infrastructure and systems for prevention and detection of frauds. They should establish a mechanism for monitoring, handling and follow-up of cyber security incidents and breaches.
PAs should ensure that the extant instructions with regard to Merchant Discount Rate (MDR) are followed. Information on other charges such as convenience fee, handling fee, etc., if any, being levied should also be displayed upfront by the PA.
PAs cannot place limits on transaction amount for a particular payment mode. They should not give an option for ATM PIN as a factor of authentication for card-not-present transactions
Baseline tech-related suggestions
Indicative baseline technology-related recommendations for adoption by PAs (mandatory) and PGs (recommended) include those related to Information Security Governance, Data Security Standards, Security Incident Reporting, Merchant Onboarding, Cyber Security Audit and Reports, Information Security, IT Governance, Risk Assessment, Access to Application, and Competency of Staff.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.