A service providing entities which plays role of intermediate between banks and websites facilitating the communication of transaction information are known as payment gateway.
A service providing entities that play the role of intermediate between banks and websites facilitating the communication of transaction information is known as payment gateway. They conceive information from the payer bank and take the information to the receiving banks and take care of their input, i.e. whether the transaction is accepted or not
As per RBI guideline Payment gateway are entities that provide technology infrastructure to route and facilitate the processing of an online payment transaction without any involvement in the handling of funds
Applicability
Applicability of guideline
The issued guideline is applicable on all payment gateways may also adopt technology-related recommendation as follow:
Security-related recommendation:
Information Security Governance: In order to recognize risk exposures with remedial steps and residual risks, the entities shall carry out a comprehensive security risk assessment of their people, IT, business process environment, etc. This may be an internal security audit or an external security audit carried out by an independent security auditor or an impaneled auditor of CERT.
Data security standards: Data security standards and best practices, like PCI-DSS, PA-DSS, latest encryption standards, protection of transport channels, etc.
Reporting of security incidents: The entities shall report to RBI security incidents/cardholder data breaches within the specified timeframe. Monthly records of information security incidents shall be sent to RBI with root cause analysis and preventive measures undertaken.
Merchant Onboarding: The agencies conduct a thorough safety review during the merchant onboarding process to ensure that the merchants conform to these minimum baseline security controls.
Cyber Security Audit and Reports: The entities shall carry out and submit to the IT Committee quarterly internal and annual external audit reports; bi-annual Vulnerability Assessment / Penetration Test (VAPT) reports; PCI-DSS including Attestation of Compliance (AOC) and Report of Compliance (ROC) compliance report with observations noted if any including corrective/preventive actions planned with action closure date; inventory of applications which store or process or transmit customer sensitive data; PA-DSS compliance status of payment applications which stores or processes cardholder data.
Others provided in annexure 2 of guideline
Other recommendations
The credentials of the customer card shall not be kept in the merchant's database or server.
No choice shall be given for ATM PIN as an authentication factor for card transactions that are not present.
Instructions concerning the handling of payment system data shall apply as applicable to PSOs.
All refunds shall be made to the original payment system unless the consumer has expressly agreed to reimburse an alternate mode.
Existing Payment Aggregators shall achieve a net-worth of ₹15 crores by March 31, 2021, and a net-worth of ₹25 crores by the end of the third financial year, i.e., on or before March 31, 2023. All the time thereafter net-worth of ₹25 crores shall be maintained.
Entity
(Non-Banking)
Application
date/ Authorisation date
Due date
of Achieving
₹ 15 Cr. Net-worth
Due date
of Achieving
₹ 25 Cr. Net-worth
For Existing PAs
till 30/06/2021
31/03/2021 or application date whichever is earlier
31/03/2023
Net worth consists of paid-up equity capital, preferred securities that are compulsorily convertible to equity, free reserves, balance in the share premium account and capital reserves representing surplus arising from the selling of assets but not reserves generated by the revaluation of assets adjusted for accrued loss balance, the book value of intangible assets and deferred revenue expenditure if any. Compulsorily convertible preferential shares can be either non-cumulative or cumulative and must be convertible into equity shares and the shareholder agreements will specifically prohibit any withdrawal of this preferential capital at any time.
Documents required for registration
Basic requirements for registration;
Minimum two directors and two member
Minimum capital requirement net-worth of 15 crores, which should be increased in 3 years to 25 crore
Business address proof
Detailed 5-year business plan
System flow and code testing report by software certifying agency
Payment aggregator organization should comply with PCI DSS compliances
Documents required:
Company COI (certificate of incorporation)
MOA & AOA (Memorandum and article of association)
Business address proof
Detailed 5 Years business plan
PCI DSS certificate
Proof of net worth
Canceled cheque
Bank statement of the last 12 months
Last Audited Balance sheet of last 2 year (or since the business has been incorporated)
The payment aggregator model aims to provide a boost for the processing of credit card & wallet payments, with a limited start-up or fixed costs. A variable merchant fee is applied to each successful transaction in place of start-up fees or fixed rates.
Easy Access payment, on spot
It's easy to submit and set up even better. You can start processing e-commerce payments directly after signing up, or just pop the quick swipe on your mobile phone and you're ready to make payments on the go.
Quick approvals
In India payment gateway can be made within 3-7 working days. Easy to add on the website. Time is money, and the faster you begin processing; the faster profits begin to roll in.
STAGE 1
CONNECT WITH US
We are just a call or message away!
Call or WhatsApp us on +91-99991-39391 for free consultation from our team of experts. You can also email us on [email protected].
STAGE 2
PROCESS AND DOCUMENTATION
Your consent is essential!
We share the detailed and reasonable estimated costs, documents and prerequisites for the complete process before starting the process to ensure transparency.
STAGE 3
SHARE YOUR DOCUMENTS
We ensure timelines are met!
Our team warrants hassle free documentation. We collect the necessary documents and share the relevant drafts to ensure a timely filing and delivery.
STAGE 4
PROCESSING AND UPDATE
Precision is our speciality!
Upon collecting the necessary documents and information, we waste no time in preparation and filing of your application. development on your application is brought to your attention.
STAGE 5
SUCCESSFUL COMPLETION
We deliver what we commit!
On successful completion of the case we share all the relevant documents electronically and physically along with an assurance to pay you back if something is wrong.
At Corpzo, our clients’ success stories speak volumes. Discover how businesses across various industries have leveraged our expertise to achieve their goals. Read firsthand accounts of our commitment to excellence and the impact we've made in supporting their growth and compliance needs.
Working with Corpzo for our Alternative Investment Fund registration was a remarkable experience. Their deep understanding of regulatory requirements and meticulous attention to detail ensured a smooth and efficient process. The team was always available to address our queries and provided invaluable support at every step. With Corpzo's expertise, we successfully registered our AIF without any hurdles. Highly recommended for anyone navigating the complexities of AIF registration!
At Corpzo, we are dedicated to empowering our clients with valuable knowledge and insights. Our team of experts regularly shares in-depth articles, comprehensive guides, and industry updates on Knowledge Varsity. Whether you're looking for the latest trends in alternative investment funds or need expert advice on navigating the complexities of drug licensing, our resources are designed to keep you informed and ahead of the curve. We believe that informed clients make better decisions, and our goal is to provide you with the expertise you need to succeed.