NewKerala.com

Key Points

The RBI has introduced comprehensive regulations for payment aggregators and gateways to strengthen India's digital payment ecosystem. Non-bank payment aggregators must maintain a minimum net worth of Rs 25 crore and obtain RBI authorization. The guidelines mandate escrow accounts for customer funds and require robust IT security infrastructure with annual audits. These measures aim to enhance transparency, prevent fraud, and ensure customer protection in digital transactions.

Key Points: RBI Issues New Payment Aggregator Gateway Guidelines for Digital Payments

  • Minimum Rs 25 crore net worth requirement for non-bank payment aggregators
  • Mandatory escrow accounts for customer funds with scheduled banks
  • Annual security audits by CERT-In empanelled auditors required
  • Strict background checks for merchants to prevent fraud and counterfeit sales
3 min read

RBI issues detailed guidelines for Payment Aggregators, Gateways to boost digital payment ecosystem

RBI mandates Rs 25 crore net worth for payment aggregators, introduces strict security protocols and escrow account requirements to safeguard digital transactions.

"PAs handle funds and therefore require direct regulation, PGs will be treated as technology providers - Reserve Bank of India"

New Delhi September 16

The Reserve Bank of India (RBI) has rolled out detailed regulatory guidelines for Payment Aggregators (PAs) and recommended baseline technology standards for Payment Gateways (PGs), to ensure safety, transparency and resilience in the fast-growing digital payments ecosystem.

The central bank, in its notification titled "Guidelines on Regulation of Payment Aggregators and Payment Gateways", said that while PAs handle funds and therefore require direct regulation, PGs will be treated as technology providers and are encouraged to adhere to prescribed security recommendations.

According to the RBIs guidelines, non-bank PAs must seek RBI authorisation under the Payment and Settlement Systems Act, 2007. Such entities are required to be incorporated in India and maintain a minimum net-worth of Rs 15 crore at the time of application, which should be increased to Rs 25 crore by the end of the third financial year. This net-worth requirement must be maintained at all times thereafter.

Existing players were allowed to operate while banks offering PA services as part of their normal banking functions are exempted from separate authorisation.

The central bank has stressed that PAs should be professionally managed and adhere to a 'fit and proper' criteria for promoters and directors. Any acquisition or change in management must be reported to the central bank within 15 days.

Any agreement between PAs, merchants and acquiring banks must clearly define responsibilities, including dispute resolution, refund processes and customer grievance redressal mechanisms. PAs are required to appoint a nodal officer to oversee regulatory compliance and customer grievance handling.

To safeguard customer interests, the central bank guidelines make it mandatory for PAs to conduct background checks of merchants to prevent fraud, counterfeit sales or prohibited product listings. They must also ensure that merchants comply with Payment Card Industry Data Security Standards (PCI-DSS).

Funds collected by PAs from customers must be kept in an escrow account with a scheduled commercial bank. PA operations must remain distinct from other businesses, and all settlements must be routed through the escrow mechanism.

The central bank has also emphasised strong risk management systems to guard against fraud. PAs are required to put in place robust IT and data security infrastructure, with mandatory annual security audits by CERT-In empanelled auditors. They must also report cyber incidents immediately to RBI and CERT-In.

The guidelines reiterated that customer card credentials must not be stored by either PAs or merchants, and all refunds should be made to the original payment method unless explicitly agreed otherwise by the customer.

- ANI

Share this article:

Reader Comments

R
Rohit P
Finally some clarity! The ₹25 crore net worth requirement will separate serious players from fly-by-night operators. This will boost confidence in digital payments.
M
Michael C
As someone working in fintech, these guidelines are comprehensive but the compliance costs might be challenging for smaller startups. Hope RBI provides some transition support.
A
Ananya R
The mandatory background checks for merchants is excellent! I've faced issues with fake sellers on some platforms. This should reduce fraud significantly 🙏
S
Siddharth J
Good move by RBI. The nodal officer requirement and immediate reporting of cyber incidents will make the system more accountable. Digital India needs such strong foundations.
K
Kavya N
While the guidelines are good, I hope the implementation is practical. Sometimes regulations become so strict that they hinder innovation. Balance is key!
V
Vikram M
The prohibition on storing card data is crucial for security. Many international companies have faced data breaches. Glad RBI is being proactive about this.

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50