A Payment Aggregator is a service provider which simplifies payments using mobile platforms. This service enables merchants to accept card payments and bank transfers without needing to open a bank account with a bank. The essence of a merchant aggregator lies in offering an uncomplicated and cost-effective means of accepting payments, particularly beneficial for accelerating the launch of small businesses. The primary objective of a payment aggregator licence is to provide simple payment solution, not like the traditional payment methods.
What is a Payment Aggregator?
Payment aggregators are important in online transactions as they provide essential services related to online payment processing and offer various benefits to both parties involved.
Payment aggregators perform several key functions that facilitate smooth online transactions and enhance the overall payment process. These functions include:
1. Payment Transaction Facilitation:
Payment aggregators serve as technological facilitators, enabling the routing and processing of online payment transactions. Importantly, they carry out these tasks without directly handling the funds involved in the transaction. This function ensures secure and efficient payment processing for merchants and customers alike.
2. Acceptance of Various Payment Instruments:
One of the core responsibilities of payment aggregators is to support e-commerce websites and merchants in accepting a diverse range of payment instruments from their customers. This inclusivity allows customers to utilise their preferred payment methods, enhancing convenience in meeting their payment commitments to the merchants. Notably, merchants are relieved from the necessity of creating their own payment integration systems, resulting in significant time and resource savings.
Benefits of a Payment Aggregator Licence
Payment aggregators offer several advantages to both merchants and clients in online transactions. Some key benefits of a payment aggregator licence are:
- Intermediary Role:
Payment aggregators act as intermediaries as they help in bridging the gap between merchants and clients. This intermediary function simplifies the payment process and results in an improved user experience for both merchants and customers.
- Efficient Payment Processing:
Processing and completing payment transactions through a payment aggregator is typically straightforward and user-friendly. This ease of use ensures quick and efficient payment processing, reducing friction in online transactions.
- Ease of Establishment:
Setting up a payment aggregator is a relatively easy and straightforward process. This accessibility helps competition and provides clients with more options for making payments.
- Facilitates Settlement:
Payment aggregators facilitate the transfer of funds between clients and merchants. They play an important role in creating a smooth settlement process, ensuring that merchants receive their payments promptly.
- Low Initial Costs:
Payment aggregators often offer a suggestion for online transaction processing with minimal or no startup fees and fixed costs. This cost structure makes it attractive for businesses, especially small enterprises, to engage in online commerce without significant financial barriers.
- Simplified Application Process:
The application process for using a payment aggregator is straightforward and user-friendly. This simplicity benefits small businesses, enabling them to operate easily without the complexities associated with traditional payment systems.
- Cost-Effective for Small Transactions:
Payment aggregators excel at processing a high volume of smaller transactions efficiently. This cost-effective approach is particularly beneficial for businesses that deal with numerous small transactions, as it reduces transaction costs.
Risks Related to Payment Aggregation
Payment aggregation in the online transaction industry comes with its set of risks and challenges. These risks can impact the operations and reputation of payment aggregators. Some of the key risks associated with payment aggregation are:
- Inconsistent Restore Mechanisms:
The lack of a standardised restore mechanism and consistency in practices across different companies can be a significant concern. Inconsistent practices may lead to confusion and complications in handling payment-related issues, affecting customer satisfaction.
- Regulatory Oversight of E-commerce Marketplaces:
Some e-commerce marketplaces also offer payment aggregation services but may not fall directly under the regulatory influence of the Reserve Bank of India (RBI). This dual regulatory environment can create uncertainties and challenges for payment aggregators, potentially subjecting them to double regulation.
- Governance Practices:
Inadequate governance practices within organisations can pose a risk to the client experience and the technology-intensive nature of payment aggregation. Poor governance can influence customer trust and confidence, impacting the overall success of the business.
- Data Privacy and Security:
Payment aggregators handle sensitive customer data, including payment information. Ensuring proper supervision of data privacy and customer data protection is a significant challenge.
- Transaction Chargebacks and Fraud:
Payment aggregators are susceptible to transaction chargebacks and fraud connected with their sub-merchants. Dishonest sub-merchants or fraudulent activities can result in financial losses for the payment aggregator and erode trust with customers.
- Operational Risks:
Payment aggregation involves complex operational processes. Operational risks can arise from technical glitches and can lead to service interruptions, financial losses and reputational damage.
- Compliance Risks:
Staying compliant with evolving regulatory requirements is important for payment aggregators. Failure to comply with regulations can result in penalties, etc. which can disrupt business operations.
- Market Competition:
The payment aggregation market is highly competitive. Payment aggregators face the risk of losing market share to competitors who offer more attractive terms, lower fees or better services.
Basic Requirements for Payment Aggregator Licence
To obtain a Payment Aggregator Licence, companies must meet specific basic requirements as mandated by regulatory authorities. These requirements serve as the foundation for ensuring the financial stability, security and legal compliance of payment aggregator operations. The fundamental requirements are:
- Address Proof of the Business:
Payment aggregator licence applicants must provide valid address proof for the business location. This documentation verifies the physical presence and legal address of the organisation.
- Minimum Net Worth:
New payment aggregators are required to maintain a minimum net worth of Rs. 15 crores during the application for authorisation. After obtaining the authorisation, they must ensure that this net worth remains at Rs. 25 crores at all times thereafter. This financial requirement is essential to demonstrate financial stability and solvency for Payment aggregator Licence.
- Certificate from Chartered Accountants:
Payment aggregators must submit a certificate from their Chartered Accountants (CAs) to provide evidence of compliance with the applicable net-worth requirement when submitting an application for authorisation. This certificate attests to the organisation's financial position and its ability to meet regulatory standards.
- Audited Financial Statements or Certificate for Newly Registered Entities:
Newly registered non-bank entities that do not have audited financial statements must submit a certificate from their CAs. This certificate should include information about the current net worth, along with a provisional balance sheet. This requirement ensures financial transparency for entities without a financial track record.
- Minimum Directors and Members:
Payment aggregator organisations must have a minimum of three directors and two members. These individuals play important roles in the governance and decision-making processes of the organisation.
Essential IT Requirements for Procuring a Payment Aggregator Licence
To obtain a Payment Aggregator Licence, companies must meet several IT security requirements to ensure the safe and secure processing of online payments. These essential IT requirements include:
- Data Security Standards:
Payment aggregators must adhere to industry-recognised data security standards such as PA-DSS (Payment Application Data Security Standard) and PCI-DSS (Payment Card Industry Data Security Standard). Implementing the latest encryption standards and Transport Channel Security is essential to safeguard sensitive payment data during transmission.
- Risk Assessment:
Conduct a comprehensive risk assessment to identify potential threats and vulnerabilities that could impact the privacy, integrity or availability of data and systems. This assessment should be carried out from a business, compliance and contractual standpoint.
- Staff Capability:
Ensure that IT personnel possess the necessary skills and expertise. Conduct periodic assessments of training needs and provide ongoing training to keep the IT team up to date with the latest security practices.
- Payment Application Security:
Develop payment applications in compliance with PA-DSS guidelines and adhere to specified guidelines. Regularly assess PCI-DSS compliance as part of the merchant onboarding process.
- Information Security Governance:
Implement a strong information security governance framework that includes security risk assessments for people, IT infrastructure and business processes. Identify and address risk exposures, document risk assessments and regularly report security incidents and compliance status to the board of the organisation.
- Access Control:
Document and approve access control processes for managing application systems. Apply the principle of least privilege and "need to know" to determine job responsibilities regarding access to the application.
- Cryptographic Requirements:
Use encryption algorithms endorsed by reputable cryptographic experts, security vendors or government agencies, adhering to international standards and best practices.
- Data Control:
Implement measures to ensure that data is collected and stored in a jurisdiction that is not subject to outside control. Suitable controls should be in place to prevent unauthorised access to data.
- Data Protection in Outsourcing:
When outsourcing services, establish agreements that include a right-to-audit clause, enabling Payment Aggregators or regulators to conduct security audits. Alternatively, require third-party providers to submit annual independent security review reports.
- Security Incident Reporting:
Establish a cybersecurity incident reporting process. Payment aggregators should promptly report cybersecurity incidents to regulators within specified timeframes, typically within 2 to 6 hours.
- Forensic Readiness:
Implement a comprehensive forensic readiness program to collect, investigate and analyse security events across all IT infrastructure components. This includes middleware, applications, servers, endpoint authentication, databases, log files, web services and cryptographic events.
- Cybersecurity Review and Reporting:
Submit quarterly internal and annual external examination reports to the IT Committee. These reports help assess and verify the effectiveness of cybersecurity measures and compliance with security standards and regulations.
Documents Required for Procuring a Payment Aggregator Licence
Obtaining a Payment Aggregator Licence involves submitting a set of vital documents to the relevant regulatory authorities. These documents play a critical role in the application process and help ensure compliance with regulatory requirements. The essential documents required for Payment Aggregator Licence are:
- Certificate of Incorporation:
A CoI issued by the Registrar or relevant governmental authority is an important part of the needed documents. It establishes the legal existence of the company and is important for initiating the licencing process.
- Director Identification Number and Director Signature Certificate:
Provide DIN and DSC for all proposed directors of the company. These documents authenticate the identity and digital signature of the directors, ensuring their eligibility to hold such positions.
- Company's Bank Account Details:
Furnish details of the company's bank account. This includes information about the bank where the company holds its accounts, which is essential for financial transactions and regulatory compliance.
- Address Proof of Directors:
Submit address proof in the form of PAN cards for all directors. This verifies the residential address of the directors and is a standard requirement in the application process.
- Business Plan (Next Five Years):
Prepare a comprehensive business plan outlining the company's strategies and financial projections for next coming five years.
- Business Place Address Proof:
Submit proof of the business location's address. This can include documents such as rental agreements, utility bills or property ownership documents. It confirms the physical presence of the business.
- Code Testing Information:
Provide information related to code testing by a recognised software agency. This demonstrates that the payment aggregation software has undergone rigorous testing for functionality, security and compliance with industry standards.
- Audited Balance Sheet (Last 2 Years):
Include audited balance sheets for the last two years or since the business was incorporated. These financial statements offer insights into the company's financial health and its performance.
Process of Obtaining a Payment Aggregator Licence
Obtaining a Payment Aggregator licence involves the following steps:
Step 1: Incorporation under the Companies Act, 2013
Companies intending to operate as payment aggregators must first be incorporated under the Companies Act, 2013. This legal step establishes the foundation for their business operations.
Step 2: Authorisation from the Reserve Bank of India under PSS Act
To operate as a payment aggregator, companies must seek authorisation from RBI under the Payment and Settlement Systems Act. This authorisation is a fundamental requirement to engage in payment aggregation activities.
Step 3: Capital Requirement
Companies seeking a Payment Aggregator Licence are required to meet a minimum capital requirement of Rs. 15 crores. It is essential to note that this capital requirement must be increased to Rs. 25 crores within three years of commencing operations. Adequate financial stability is important for the sustainability and reliability of payment aggregation services.
Step 4: Anti-Money Laundering Mechanism
Companies must establish a strong mechanism to combat money laundering activities. This includes implementing effective policies and procedures to detect and prevent money laundering within their payment aggregation operations.
Step 5: Appointment of Nodal Officer
Payment aggregators are required to appoint a designated nodal officer responsible for client complaint redressal and dispute management framework. This individual plays a key role in addressing customer concerns and ensuring efficient dispute resolution.
Step 6: Bank Authorisation (If Applicable)
If the company seeking a Payment Aggregator Licence is a bank, it must also obtain authorisation under the Payment and Settlement Systems Act. This additional authorisation is necessary to engage in payment aggregation activities as a financial institution.
Step 7: Compliance with Penalties and Guidelines
Under the PSS Act, individuals or entities acting as payment aggregators without the necessary authorisation from the Reserve Bank of India can face penalties. So, it becomes absolutely essential to follow these guidelines of the RBI.
Penalties for Payment Aggregators under PSS Act, 2007
Under the Payment and Settlement Systems Act, 2007, several penalties and offenses are outlined to regulate the conduct of payment aggregators in India. Given below are the acts that can lead to penalties under the PSS Act:
- Functioning Without Permission:
Operating a payment aggregator system without the necessary authorisation or permission from the regulatory authorities is a violation of the PSS Act. Such unauthorised operation can lead to penalties.
- Penalties for RBI:
The Reserve Bank of India itself can be charged a fine if it is found to be in violation of certain provisions of the PSS Act.
- Non-Provision of Statements:
Payment aggregators are required to provide statements and reports as per regulatory requirements. Failure to produce these statements can result in penalties.
- Violation of Rules and Guidelines:
Any breach of rules, orders, guidelines, regulations or directives set forth by the Reserve Bank of India is deemed an offense punishable under the PSS Act. Such violations can initiate criminal proceedings instituted by the RBI.
- False Information or Statements:
In the event that a payment aggregator furnishes incorrect or misleading information or statements to regulatory authorities, it may face penalties and regulatory actions.
- Non-Compliance with Licence Terms:
Payment aggregators are obligated to comply with the terms as well as conditions of their licence authorisation.
- Discovery of Forbidden Information:
The utilisation of prohibited information or failure to adhere to directives issued by the Reserve Bank of India or the violation of any provisions stated in the PSS Act, can lead to penalties and regulatory repercussions.
Post Compliances for Payment Aggregator Licence
Payment Aggregators are required to submit reports on a regular basis after obtaining a Payment Aggregator Licence. The detailed compliances have been mentioned below:
Monthly Report
The monthly report compliance includes:
|
Topics
|
Last Date
|
|
Transactions Statistics
|
7th of the next month
|
|
Frauds Report
|
7th of the next month
|
|
Cyber Security Incident Reports (with full root cause study)
|
7th of the next month
|
Quarterly Report
The quarterly report compliance includes:
|
Aspects
|
Last Date
|
|
Certificate of Auditors on Escrow Balance
|
15th of the month next quarter- end
|
|
Certificate of Bankers on Escrow Account Credits and Debits
|
15th of the month next quarter- end
|
|
For marketplaces certificate of the auditor on nodal accounts
|
15th of the month next quarter- end
|
|
Customers Complaints Report
|
15th of the month of the following the quarter-end
|
|
Cyber Security Audit Report
|
15th of the month next quarter-end
|
Annual Report
The annual report compliance includes:
|
Topic
|
Last Date
|
|
Audited yearly report attached with a Chartered Accountant Certificate on Net-worth
|
30th September
|
|
Cyber Security Audit and IS Audit Report are renowned with observations consisting of corrective or preventive action planned and should be audited outwardly.
|
31st May
|
|
Net-worth Certificate
|
31st December
|
Non-Periodic Reports
- In case of any alter in BODs (Board of Directions).
- A one-time technical audit or review, also if a foremost alter is going to be made.
Differences between Payment Gateway and Payment Aggregator
Given below are the key differences between Payment Gateway and Payment Aggregator:
|
Points
|
Payment Gateway
|
Payment Aggregator
|
|
Role
|
Mediator
|
Interface
|
|
Ownership
|
Private and Public Banks, Vendors, Merchants, Aggregators
|
Fintech Players
|
|
Payment Options
|
Particular or limited Payment Options
|
Various multiple payment options
|
|
Permissions
|
Authorisation of RBI under Payment and Settlement Systems Act, 2007 (PSSA)
|
Necessary certification as per Payment Card Industry-Data Security Code (PCI-DSS)
|
|
Small Businesses
|
Fees for transactions offered by Payment Gateways are usually high and may not be suitable for small businesses
|
Payment Aggregators enable small businesses to access payment services more easily
|
|
Payment Success Rate
|
Depends on the capabilities of the gateway
|
Considerably higher payment success rate
|
|
Touchpoints Digitised
|
Online touch points include apps or websites
|
Online & Offline touchpoints
|
Why Choose StartupFino for Payment Aggregator Licence in India?
Payment aggregators play an indispensable role as intermediaries in the domain of online transactions. Their services are manifold and are very important, ranging from facilitating payment transactions to establishing a connection between merchants and acquirers and also prioritising the security of sensitive customer data. This commitment to compliance is fundamental in building trust and promoting an efficient digital payment system.
StartupFino is a company that specialises in offering complete services for Payment aggregator Licence. We can help you with everything from providing advice in the initial phase to ensuring that you meet all the necessary requirements and compliances for your Payment aggregator Licence and registration.
