A service providing entities which plays the role of intermediate between banks and websites facilitating the communication of transaction information are known as payment gateway.
A service providing entities that play the role of intermediate between banks and websites facilitating the communication of transaction information is known as payment gateway. They conceive information from the payer bank and take the information to the receiving banks and take care of their input, i.e. whether the transaction is accepted or not
As per RBI guideline Payment gateway are entities that provide technology infrastructure to route and facilitate the processing of an online payment transaction without any involvement in the handling of funds
To operate as a TPAP in the UPI ecosystem, service providers must obtain a TPAP license from NPCI. This license signifies compliance with NPCI's rules and regulations, ensuring the security and integrity of the UPI platform. The TPAP license is essential for TPAPs to offer their services to end-users, banks, and merchants.
The issued guideline is applicable on all payment gateways may also adopt technology-related recommendation as follow:
In order to recognize risk exposures with remedial steps and residual risks, the entities shall carry out a comprehensive security risk assessment of their people, IT, business process environment, etc. This may be an internal security audit or an external security audit carried out by an independent security auditor or an impaneled auditor of CERT.
Data security standards and best practices, like PCI-DSS, PA-DSS, latest encryption standards, protection of transport channels, etc.
The entities shall report to RBI security incidents/cardholder data breaches within the specified timeframe. Monthly records of information security incidents shall be sent to RBI with root cause analysis and preventive measures undertaken.
The agencies conduct a thorough safety review during the merchant onboarding process to ensure that the merchants conform to these minimum baseline security controls.
The entities shall carry out and submit to the IT Committee quarterly internal and annual external audit reports; bi-annual Vulnerability Assessment / Penetration Test (VAPT) reports; PCI-DSS including Attestation of Compliance (AOC) and Report of Compliance (ROC) compliance report with observations noted if any including corrective/preventive actions planned with action closure date; inventory of applications which store or process or transmit customer sensitive data; PA-DSS compliance status of payment applications which stores or processes cardholder data.
Other recommendations
Existing Payment Aggregators shall achieve a net-worth of ₹15 crores by March 31, 2021, and a net-worth of ₹25 crores by the end of the third financial year, i.e., on or before March 31, 2023. All the time thereafter net-worth of ₹25 crores shall be maintained.
Entity (Non-Banking) | Application date/ Authorisation date | Due date of Achieving ₹ 15 Cr. Net-worth | Due date of Achieving ₹ 25 Cr. Net-worth |
---|---|---|---|
For Existing PAs | till 30/06/2021 | 31/03/2021 or application or date whichever is earlier | 31/03/2023 |
Existing Payment Aggregators shall achieve a net-worth of ₹15 crores by March 31, 2021, and a net-worth of ₹25 crores by the end of the third financial year, i.e., on or before March 31, 2023. All the time thereafter net-worth of ₹25 crores shall be maintained.
Net worth consists of paid-up equity capital, preferred securities that are compulsorily convertible to equity, free reserves, balance in the share premium account and capital reserves representing surplus arising from the selling of assets but not reserves generated by the revaluation of assets adjusted for accrued loss balance, the book value of intangible assets and deferred revenue expenditure if any. Compulsorily convertible preference shares can be either non-cumulative or cumulative and must be convertible into equity shares and the shareholder agreements will specifically prohibit any withdrawal of this preferential capital at any time.
Existing Payment Aggregators shall achieve a net-worth of ₹15 crores by March 31, 2021, and a net-worth of ₹25 crores by the end of the third financial year, i.e., on or before March 31, 2023. All the time thereafter net-worth of ₹25 crores shall be maintained.
The payment aggregator model aims to provide a boost for the processing of credit card & wallet payments, with a limited start-up or fixed costs. A variable merchant fee is applied to each successful transaction in place of start-up fees or fixed rates.
It's easy to submit and set up even better. You can start processing e-commerce payments directly after signing up, or just pop the quick swipe on your mobile phone and you're ready to make payments on the go.
In India payment gateway can be made within 3-7 working days. Easy to add on the website. Time is money, and the faster you begin processing; the faster profits begin to roll in.
Existing Payment Aggregators shall achieve a net-worth of ₹15 crores by March 31, 2021, and a net-worth of ₹25 crores by the end of the third financial year, i.e., on or before March 31, 2023. All the time thereafter net-worth of ₹25 crores shall be maintained.
Your consent is essential!
We share the detailed and reasonable estimated costs, documents and prerequisites for
the complete
process before starting the process to ensure transparency.
We ensure timelines are met!
Our team warrants hassle free documentation. We collect the necessary documents and
share the relevant
drafts to ensure a timely filing and delivery.
Precision is our speciality!
Upon collecting the necessary documents and information, we waste no time in preparation
and filing of
your application. development on your application is brought to your attention.
We provide customized and plug & play solutions that cater to your unique idea needs & product demands.
Copyright 2024 ©DGLYF INNOVATION PVT.LTD