Payment Aggregator License

Introduction to Payment Aggregator License

Service providers through which e-commerce merchants can process their payment transactions are known as payment aggregators, they are also known as merchant aggregators. Aggregators allow merchants to accept credit cards and bank transfers without having to set up a merchant account with a bank.

As per the RBI guidelines Payment Aggregators are entities that facilitate e-commerce sites and merchants to accept various payment instruments from the customers for completion of their payment obligations without the need for merchants to create a separate payment integration system of their own. PAs facilitate merchants to connect with acquirers. In the process, they receive payments from customers, pool and transfer them on to the merchants after a time period.

RBI Guidelines also define the following in reference to obtainment of Payment Aggregator License:

1. Overall Procedure for Application of Payment Wallet License and Payment Aggregator License;

2. Prerequisites for Payment Aggregator License;

3. Fees and other Charges for Payment Aggregator License;

4. Net Worth and Capital Requirements for Payment Aggregator Licence and Payment Gateway;

5. Guidelines for Governance of Payment Aggregators and Payment Gateways;

6. Standards to be Followed against Money Laundering (KYC / AML / CFT) Provisions;

7. Merchant Onboarding Guidelines

8. Guidelines for Settlement and Escrow Account Management

9. Customer Grievance Redressal and Dispute Management Framework

10. Security, Fraud Prevention and Risk Management Framework

11. Security Related Recomendations t Aggregators and Payment Gateways 

12. Meaning and definition of Payment Aggregator;

13. Periodic reports to be submitted by Authorised Payment Aggregators

Applicability

Issued guideline is applicable on all payment aggregators and aggregators shall also adopt technology-related recommendation as follow:

Security-related recommendation:

a. Information Security Governance: In order to recognize risk exposures with remedial steps and residual risks, the entities shall carry out a comprehensive security risk assessment of their people, IT, business process environment, etc. This may be an internal security audit or an external security audit carried out by an independent security auditor or an impaneled auditor of CERT.

b. Data security standards: Data security standards and best practices, like PCI-DSS, PA-DSS, latest encryption standards, protection of transport channels, etc.

c. Reporting of security incidents: The entities shall report to RBI security incidents/cardholder data breaches within the specified timeframe. Monthly records of information security incidents shall be sent to RBI with root cause analysis and preventive measures undertaken.

d. Merchant Onboarding: The agencies conduct a thorough safety review during the merchant onboarding process to ensure that the merchants conform to these minimum baseline security controls.

e. Cyber Security Audit and Reports: The entities shall carry out and submit to the IT Committee quarterly internal and annual external audit reports; bi-annual Vulnerability Assessment / Penetration Test (VAPT) reports; PCI-DSS including Attestation of Compliance (AOC) and Report of Compliance (ROC) compliance report with observations noted if any including corrective/preventive actions planned with action closure date; inventory of applications which store or process or transmit customer sensitive data; PA-DSS compliance status of payment applications which stores or processes cardholder data.

Others provided in annexure 2 of guidelines

Other recommendations

a. The credentials of the customer card shall not be kept in the merchant's database or server.

b. No choice shall be given for ATM PIN as an authentication factor for card transactions that are not present.

c. Instructions concerning the handling of payment system data shall apply as applicable to PSOs.

d. All refunds shall be made to the original payment system unless the consumer has expressly agreed to reimburse an alternate mode.

Capital Requirement

Existing Payment Aggregators shall achieve a net-worth of ₹15 crores by March 31, 2021, and a net-worth of ₹25 crores by the end of the third financial year, i.e., on or before March 31, 2023. All the time thereafter net-worth of ₹25 crores shall be maintained.

Entity

(Non-Banking)

Application date/

Authorisation date

Due date of Achieving

₹ 15 Cr. Net-worth

Due date of Achieving

₹ 25 Cr. Net-worth

For Existing PGs

the license shall

be obtained

by 30/06/2021

31/03/2021 or 

application date

whichever is earlier

31/03/2023

       
       

Net worth consists of paid-up equity capital, preferred securities that are compulsorily convertible to equity, free reserves, balance in the share premium account and capital reserves representing surplus arising from the selling of assets but not reserves generated by the revaluation of assets adjusted for accrued loss balance, the book value of intangible assets and deferred revenue expenditure if any. Compulsorily convertible preferential shares can be either non-cumulative or cumulative and must be convertible into equity shares and the shareholder agreements will specifically prohibit any withdrawal of this preferential capital at any time.

Benefits of Aggregator

Cost effective for a small transaction

The payment aggregator model aims to provide a boost for the processing of credit card & wallet payments, with a limited start-up or fixed costs. A variable merchant fee is applied to each successful transaction in place of start-up fees or fixed rates.

Easy Access payment, on spot

It's easy to submit and set up even better. You can start processing e-commerce payments directly after signing up, or just pop the quick swipe on your mobile phone and you're ready to make payments on the go.

Quick approvals

In India payment gateway can be made within 3-7 working days. Easy to add on the website. Time is money, and the faster you begin processing; the faster profits begin to roll in.

Providing options of payment method

Prerequisites for Payment Aggregator License and Documents required

Basic requirements for registration;

1. Minimum two directors and two member

2. Minimum capital requirement net-worth of 15 crores, which should be increased in 3 years to 25 crore

3. Business address proof

4. Detailed 5 year business plan

5. System flow and code testing report by software certifying agency

6. Payment aggregator organization should have complied with PCI DSS compliances

Documents required:

1. Company COI (certificate of incorporation)

2. MOA & AOA (Memorandum and article of association)

3. Business address proof

4. Detailed 5 Years Business plan

5. PCI DSS certificate

6. Proof of net worth

7. Canceled cheque

8. Bank statement of the last 12 months

9. Last Audited Balance sheet of last 2 year (or since the business has been incorporated)

Stages to obtain Payment Aggregator License

Stage 1

SPEAK WITH OUR TEAM

We are just a call or message away!

Call or WhatsApp us on +91-99991-39391 to free consultation about this service with our team of professional. You can also email us on reach@corpzo.com.

Stage 2

FILING OF THE APPLICATION

Precision is our speciality!

Upon completion of the documentation we waste no time in preparation and filing of your application. Once filed we will share the acknowledgement with you.

Stage 3

DEDICATED PROFESSIONAL

We understand your business needs!

We align a professional to ensure you have you to discuss in detail the compliance requirements of your business and through assistance throughout the process.

Stage 4

SHARE YOUR DOCUMENTS

Accuracy ensures timelines!

Our team warrants hassle free documentation. We collect the necessary documents and share the relevant drafts to ensure a timely filing and delivery.

Stage 5

SYSTEMATIC INFORMATION

Keeping you informed is our responsibility!

We thrive to keep you apprised about the status of your application until its completion. Every development on your application is brought to your attention.

Stage 6

SUCCESSFUL COMPLETION

We deliver what we commit!

Email Us At

reach@corpzo.com

Call Us

+91 9999 139 391