RBI regulation of the Indian payments ecosystem www.deekpay.com

In order to achieve a more standardised and regulated payments ecosystem.Reserve Bank of India (RBI) on 17th March, 2020, issued thepayment aggregatorrespond in singingPayment GatewayRegulatory Guidance (the "Guidance"). The Guidelines are a step towards making the rapidly changing payments ecosystem more secure.

Payment aggregators and payment gateways are intermediaries that play an important role in facilitating theonline paymentplays an important role in that the volume and value of transactions made through cards has grown exponentially over the years. Therefore, in order to enhance user convenience and improve the security of card transactions, the Reserve Bank of India has introduced these guidelines.

For the purposes of the above guidelines.RBI Provides (a) guidelines for regulating the activities of payment aggregators (PAs); and (b) basic technical recommendations for payment gateways (PGs).

Recommended Reading:Reserve Bank of India RBI

Applicability of the new guidelines

New guidelines released by RBI are applicable:

PA, for example PayU, andRazorpay Companies such as, PG, for examplePaytm, andMobikwikPayPal.

PA-assisted payments for domestic exports and imports in India may also be subject to these regulations. Please note that it does not apply to Cash on Delivery (CoD) mode of e-commerce.

Guidelines Definitions of Payment Aggregator and Payment Gateway

The guidelines define "payment aggregator" and "payment gateway" as follows:

Payment aggregators are entities that assist e-commerce websites and merchants in accepting various payment instruments from their customers. They receive payments from customers, pool them and transfer them to merchants after a period of time.

Payment gateways, on the other hand, are entities that provide the technological infrastructure to route and facilitate the processing of online payment transactions without having to be involved in the processing of funds.

Recommended Reading:What is a payment gateway?

Main provisions of the Guide

The guide focuses on definitions, applicability, authorisation, capital requirements, governance, merchant onboarding, and customer complaint handling.

The Reserve Bank of India has asked payment aggregators to adopt the technology-related recommendations provided in the guidelines. The guidelines require all existing non-banking entities offering PA services to seek authorisation from the Reserve Bank of India. E-commerce marketplaces offering payment aggregation services have been asked to discontinue this activity. If such entities wish to carry out PA services, they can do so only through a separate business from the marketplace business and should seek authorisation from the Reserve Bank of India on or before 30 June 2021 through a separate business. The guidelines prescribe a net worth criterion and in case of non-compliance of the same, the concerned entities will be asked to wind up their payment aggregation operations. The guidelines provide a comprehensive governance framework for payment aggregators.

Subsequent Provisions in the Indian Payments Ecosystem

The guidelines are primarily for businesses to follow, but there is one provision in the guidelines that customers must be aware of when receiving services from merchants. The provision is set out below:

7.4. The merchant's website must not store customer cards and related data. Where necessary, a security audit of the Merchant may be carried out to check compliance.

Understandably, online merchants, payment aggregators and e-commerce sites will not be allowed to store payment card numbers in the future.

Next steps for businesses: e-commerce companies and financial institutions involved in credit card transactions may have changed their operations in the back-end infrastructure associated with card storage to comply with compliance.

Alternative mechanism proposed by the Reserve Bank of India

In order to reduce fraud and protect end-user/customer data in online transactions, the Reserve Bank of India has come up with an alternative solution called Card on File Tokenisation Framework (CoFT) for processing card-based online payment transactions.

Tokenisation is a globally recognised process, used in nearly 130 countries, that provides users with additional security by converting sensitive card information (such as card number, expiry date, CVV and card name) into a randomly generated set of numbers known as 'tags'. Globally, tokenisation has reduced the impact of fraud on online merchants by an average of 26%.

Atpay - we are a professional provider of payment solutions and have been deeply involved for many years inIndia PaymentsWe have successfully provided payment functions for countless customers at home and abroad. We are fully confident in payment integration and high-risk payment processing, and welcome inquiries and exchanges.