India's No.1 PU & Degree With Integrated IAS & IPS(UPSC/PSC) Training College.
TIMELY REGULATIONS CONCERNING PAYMENT AGGREGATORS
Relevance: GS 3 – Indian Economy and issues relating to planning, mobilization, of resources, growth, development and employment.
Why in the News?
- The Reserve Bank of India (RBI) has initiated consultations on regulating payment aggregators conducting face-to-face transactions.
- Feedback and comments on these consultation papers are invited by the RBI until May 31.
About the Papers
- Two consultation papers have been issued by the RBI, one addressing the activities of offline payment aggregators and the other focusing on enhancing the safety of the ecosystem.
- The first paper aims to regulate the operations of offline payment aggregators facilitating proximity transactions.
- The second paper proposes measures to strengthen safety by expanding KYC requirements, conducting due diligence on merchants, and implementing operations in Escrow accounts.
What is a Payment Aggregator?
A payment aggregator is a third-party service facilitating customer payments to merchants. Through them, customers can use various methods like debit/credit cards, UPI, and bank transfers. Examples include Amazon Pay, Razorpay, Paytm, Cashfree, PhonePe, and GooglePay.
- According to the RBI, payment aggregators (PAs) are entities that onboard merchants and enable the aggregation of payments from customers to these merchants for the purchase of goods and services.
- This process occurs through one or more payment channels, encompassing both online and physical point-of-sale payment modes, utilizing a merchant’s interface, whether physical or virtual.
- Subsequently, the collected funds are settled to the respective merchants.
- Types: Two primary types of payment aggregators (PAs) are integral to the country’s payment ecosystem:
- PA-Online Point of Sale (PA-O) and
- PA-Physical Point of Sale (PA-P).
- The updated definition of PAs now encompasses physical point-of-sale payment providers, thereby subjecting companies like Innoviti Payments, Pine Labs, and MSwipe to regulatory oversight.
New Guidelines for Payment Aggregators
- Non-bank entities offering physical point-of-sale (PoS) services are required to inform the RBI of their intention to seek authorization within 60 days and submit their application for approval by 31 May 2025.
- Banks must close accounts used for PA activity of non-bank PA-Ps by 31 October 2025 unless evidence of authorization application is provided.
- Payment aggregators facilitating face-to-face transactions must maintain a minimum net worth of Rs 15 crore while applying for RBI authorization, increasing to Rs 25 crore by March 2028.
- KYC norms for merchants, particularly small and medium-sized merchants, have been outlined by the RBI.
- Funds collected by PAs must be kept in escrow accounts with scheduled commercial banks, which can now be used for both online and physical PoS activities, including payments collected upon delivery of goods.
- Stricter customer due diligence measures have been proposed for PAs to ensure only eligible merchants access digital payment services, with mandatory reporting of suspicious transactions to the financial intelligence unit (FIU).
- Starting from 01 Agust 2025, entities other than card issuers and card networks will be prohibited from storing card data for face-to-face/proximity transactions done through cards, with existing data to be deleted.
Compliance Requirements for Entities Currently Engaged in PoS Activities:
- Entities currently involved in PoS activities must ensure compliance with guidelines on:
- Merchant onboarding
- Customer grievance redressal and dispute management
- Baseline technology recommendations
- Security
- Fraud prevention
- Risk management framework
- Adherence to these guidelines within three months is mandated by the RBI.
Considerations for Fresh Registration:
- Entities seeking fresh registration should adhere to existing guidelines framed in 2020 for e-commerce transactions.
- Continued adherence to these guidelines will be viewed positively during the application processing by the RBI.
KYC Requirements in Proposed Regulations:
- Scope Expansion:
- The proposed regulations aim to prevent onboarded merchants from collecting and settling funds for services not offered on their platforms.
- While KYC is already mandatory, the regulations seek to extend its scope and introduce more nuanced provisions.
- Ongoing Compliance:
- PAs must ensure that transactions conducted by their merchants align with their business profiles.
- Assigning risk-based payments to merchants is required to promote sustainability.
- Merchants may be migrated to a higher level of due diligence based on their transaction patterns, following existing norms.
- Categorization of Merchants:
| Small Merchants: Physical merchants with an annual business turnover of less than ₹5 lakh, not registered under the Goods and Services Tax (GST) regime.
· PAs must conduct ‘contact point verification’ to establish the existence of the firm. · Verification of bank accounts where funds are settled is also required. |
Medium Merchants: Physical or online merchants with an annual business turnover of less than ₹40 lakhs, not registered under GST.
· Contact point verification is mandatory. · PAs must verify official documents of the proprietor, beneficial owner, or attorney holder, along with documents of the stated business. |
Proposed Storage of Card Data in Draft Regulations:
- Storage Restrictions:
- Starting from August 1, 2025, entities other than the card issuer and/or card network are prohibited from storing data for proximity/face-to-face payments.
- Entities are directed to purge previously stored data to comply with the regulation.
- Limited Data Storage:
- Entities are permitted to store limited data for tracking transactions and reconciliation purposes.
- The allowed data includes the last four digits of the card number and the issuer’s name.
- Compliance Responsibility: Card networks bear the responsibility for ensuring compliance with these regulations regarding data storage.
Benefits of the Norms
- Rohit Taneja, Founder & CEO of Decentro, views the proposed RBI regulations as pivotal and timely, reflecting the evolving dynamics of India’s payment landscape, especially with the increasing importance of offline payment aggregation for Payment Aggregators (PAs).
- The increased net worth requirements not only elevate industry standards but also ensure fairness and bolster consumer protection, according to Taneja.
- Ramesh Narasimhan, CEO of Worldline India, sees the draft guidelines as a crucial step towards a unified regulatory approach to merchant services, particularly with the explicit inclusion of physical merchants alongside online merchants.
- Narasimhan also notes that the amendments provide clarity on various aspects such as the role of third parties, marketplaces, merchant classification, and risk/due diligence requirements for all merchants.
- Ankit Ratan, Co-founder & CEO of Signzy, commends the RBI’s efforts in strengthening KYC and due diligence practices for PAs, emphasizing that regulatory clarity will enhance the PA ecosystem, bolster digital trust, and promote ethical practices.
- Ratan highlights the availability of AI-led technologies for 24X7 transaction monitoring, enabling PAs to strengthen merchant onboarding processes and comply with regulatory requirements while delivering an exceptional customer experience.
- Ashok Hariharan, CEO and Co-Founder of IDfy, and other experts emphasize the significance of RBI’s guidelines for PA-PGs in prioritizing compliant systems and fraud detection, thereby reinforcing digital trust in India’s payment landscape.
Mains question
Discuss the Reserve Bank of India’s proposed regulations for payment aggregators, and their implications on financial ecosystem integrity. (250 words)
