Payment gateway act as an intermediary between merchants and consumers. It helps in facilitating transactions made in the online space. The online payment gateways and payment aggregators play a crucial role in enhancing the overall online experience.
Some of the online payment channels offer white label services, which allow payment service providers, eCommerce platforms, ISOs, resellers, or acquiring banks to fully brand the payment gateway’s technology as their own.
This means payment service providers or other third parties can own the end-to-end user experience without bringing payments operations and additional risk management and compliance responsibility
Process of payment gateway
In essence, the Payment Gateway acts as an “encrypted” channel that securely transfers transaction information to banks for authorization and approval from the buyer’s personal computer (PC). The Payment Channel sends the information back to the merchant upon receiving approval, thereby finishing the “order” and providing verification.
Examples of online payment gateways in India
- Transecute Pvt. Ltd.
- PaySeal (ICICI)
- Eliteral Payment Gateway
- Team VII Payment Gateway
Functions of Payment gateway
Payment channel are ascribed with the following functions:
- Provide infrastructure related to technology for routing and/or facilitating the processing of an online payment transaction and performing other tasks without the funds being directly managed.
- Enabling eCommerce sites and merchants to accept different payment instruments from consumers in order to meet their payment obligations to merchants without requiring merchants to establish their own separate payment integration scheme.
- Online payment enables merchants to engage with aquifers. In the process, after a time lag, they collect payments from clients, pool them, and transfer them over to the merchants. They also get access to customer information, apart from managing funds.
Payment channel service is deemed to be utilized by various entities that range from:
- Merchants (non-bank aggregator)
- eCommerce market place
- Service provider of technology
In November 2009, RBI issued regulations in reference to this area wherein it was mandated that banks keep the intermediaries’ nodal account with permissible credits and debits as well as the merchants’ credit settlement period. The nodal account had to be in the form of the bank’s ‘internal account’.
Indian scenario pertaining to online payment providers
There exists two types of online payment service providers in Indian market which are:
Essentials for registering as payment aggregator
- The requirement of at least 2 members and directors
- The requirement of Rs 15 crore as net worth must reach Rs 25 crore within a time period of 3 years.
- Business’s address proof
- Plan pertaining to Business for a period of 5 years
Details with respect to the current account of the company
License or authorization from RBI Payment gateway license from RBI involves authorization under PSSA. Entities conducting the operations of Payment Aggregation and Payment Gateway need to be constituted as a company incorporated in India under the Companies Act, 2013.
One financial year (from the date of issuance of the guidelines) shall be provided in order to comply with the entry-level and other technology, storage, security, etc. requirements issued in this respect. The proposed operation of operating as a payment channel and payment aggregator must be included in the applicant’s entity Memorandum of Association (MoA).
Further, Payment Gateways and Payment Aggregators would indulge in a deal with only those merchants who propose to have a physical presence in the country. Online Payment Gateways and Payment Aggregators shall be penalized in compliance with the provisions of the PSSA if they are found to be operating without obtaining authorization from the RBI.
Rules with respect to Risk management and fraud prevention
- Sufficient information and data protection infrastructure and mechanisms for the prevention and detection of fraud must be put in place by payment channels and payment aggregators.
- Online Payment Gateways and Payment Aggregators shall put in place a Board-approved Information Security Policy for the security and protection of the payment systems run by them and shall enforce security measures to minimize identified risk in compliance with this Policy.
- Payment Gateways and Payment Aggregators shall create a system for the reporting, handling, and monitoring of incidents and breaches of cybersecurity.
- Customer card credentials must not be stored by payment services and payment aggregators in their databases or servers which are accessed by merchants.
- Payment Gateways and Payment Aggregators must submit to the respective Regional Office of DPSS, RBI, a System Audit Report, including a cybersecurity audit performed by CERT-Empaneled Auditors, within two months of the end of their financial year.
General Instructions required to be followed by payment gateways
- Payment Gateways and Payment Aggregators are required to make sure that neither the onboard merchants transmit MDR (Merchant Discount Rate) charges to customers during the acceptance of debit card payments nor charge customers separately on debit cards in lieu of MDR.
- Online Payment Gateways and Payment Aggregators shall not impose limitations on transaction amounting to a specific payment mode. Issuing bank or issuing entity would be responsible for placing such transaction amount limit.
- Invoking of the ATM pin as a factor of authentication must be complied with by Payment Gateways and Payment Aggregators.
- For the authorized Payment Gateways and Payment Aggregators, the guidelines for storing payment system data as applicable to PSOs will apply.
In the nutshell, it can be concluded that it takes a great deal of time to set up Indian online payment gateways, including lots of documentation and bureaucratic interference.
449 total views, 7 views today