Payment Gateway Licence
Speak to a financial expert today to learn how Payment Gateway Licence services can help your business succeed.
Startupfino is managing my accounts and its such a relaxed and smooth journey so far, I dont have to worry about timely execution of the work. They manage my invoicing, finances and compliances in a efficient way. I wish startupfino and team all the very best for the future of this startup....I dont have to worry about timely execution of the work. They manage my invoicing, finances and compliances in a efficient way. I wish startupfino and team all the very best for the future of this startup. Read more
Indian Cricketer
I have been working with Startupfino on a couple of our portfolio companies. I have found, this team highly responsive and they truly understand issues faced by startups. I would highly recommend them to startups for their accounting and compliance needs....this team highly responsive and they truly understand issues faced by startups. I would highly recommend them to startups for their accounting and compliance needs. Read more
CEO-PolicyBazaar
The term Payment Gateway denotes a financial service provided through an e-commerce application service provider.However, to initiate a Payment Gateway service in India, one must acquire a Payment Gateway Licence from the Reserve Bank of India.
In addition to facilitating shopping, this digital platform expedites the payment of bills and recharges. Over time, these transactions have transitioned to be online. It is noteworthy that whenever an individual engages in online shopping or settles a bill, upon selecting the 'Pay Now' option, they are directed to a distinct webpage. This webpage, termed the Payment Gateway Website, is instrumental in effecting payments for the acquired goods and services.
The Payment Gateway serves as an intermediary, facilitating communication between a transaction-enabled website and banks. Essentially, it gathers transaction information from the buyer's bank and transmits this data to the receiving bank. Subsequently, it records the transaction's status, indicating whether it has been approved or declined.
In the context of commencing a Payment Gateway business in India, the regulatory framework given in Section 4 of the Payment and Settlement System Act 2007 stipulates that exclusive authorisation is granted to the Reserve Bank of India for operating or initiating payment mechanisms. Should an individual or business entity wish to initiate such an enterprise, they are mandated to submit an application for authorisation to the apex bank, as specified by the provisions outlined in Section 5 of the PSS Act 2007.
The following laws govern payment gateway licence in India:
The Payment and Settlement System Act, 2007 was established with the primary objective of regulating and supervising payment systems and mechanisms in India. The Reserve Bank of India serves as the principal regulatory authority under this Act, overseeing all matters falling within its purview.
Under the framework of the PSS Act, the Reserve Bank of India has implemented the "Board for Regulation & Supervision of Payment & Settlements System Regulations 2008." This set of regulations focuses on the constitution and composition of the Board for Regulation & Supervision of the Payment and Settlement System. Additionally, it addresses the establishment of a committee within the RBI's Central Board of Directors, which plays a vital role in the oversight of payment and settlement systems.
The "Payment & Settlements System Regulations 2008" is another key component of the regulatory framework outlined in the PSS Act. These regulations include the application process for authorisation to initiate a payment system, the issuance of such authorisation, standards to be upheld in payment systems and the timely submission of relevant documents and financial information as well.
Obtaining a Payment Gateway Licence in India offers several advantages, enhancing security and convenience for users while reducing the risk of fraud. These benefits include:
Enhanced Security: Payment Gateway Licence ensures compliance with PCI – DSS Wallet standards, which prioritise the security of users' personal data stored in the portal or gateway. This protection is particularly important for recurring payments.
Safe User Experience: Users can securely save their bank account details on platforms like Amazon, knowing that the payment gateway safeguards their sensitive information against cyber threats.
Simplified Transactions: Some payment gateways enable customers to conduct digital transactions through mobile wallet applications. This trend simplifies financial operations by allowing users to manage various transactions from a single location.
Funds Transfer Convenience: Users can easily transfer funds from their bank accounts to their mobile wallet applications, using these funds for payments on other mobile applications or websites, enhancing flexibility and convenience.
Risk Reduction: Payment gateways often offer Fraud Screening Tools to minimise the risk of data breaches and fraudulent transactions.
Comprehensive Verification: FST components such as CCV or Card Code Value, AVS or Address Verification Service and CVV or Card Verification Value help verify the legitimacy of transactions, ensuring a secure payment environment.
Preventing Fraud: These tools play an important role in confirming the absence of fraudulent activities during transactions, safeguarding users from potential financial losses.
A payment gateway licence serves as a testament to a business's credibility, signalling to clients that the business is reliable, trustworthy and reputable. This enhanced trust can elevate customer confidence, leading to an increase in sales and overall revenue.
By offering electronic payment options, businesses can attract a broader spectrum of clients from around the globe, thus expanding their customer base. This broader reach can result in increased potential sales and higher earnings.
Possession of a payment gateway licence empowers companies to swiftly, securely and efficiently process electronic payments. The automation of payment processing reduces processing times and minimises error rates by eliminating manual interventions.
The expeditious handling of electronic payments facilitated by a payment gateway licence enables businesses to access funds swiftly, subsequently enhancing cash flow and improving financial management.
Acquiring a payment gateway licence ensures that businesses adhere to all relevant rules and regulations, minimising the risk of penalties and other adverse consequences. This compliance is essential for maintaining a trustworthy business image.
A payment gateway licence also incorporates fraud prevention features, effectively mitigating the risk of unauthorised transactions and chargebacks.
There are 2 types of payment gateway in India, which are:
A Payment Gateway plays an important role in facilitating online transactions in India. The process of how a Payment Gateway operates is as given below:
Payment Gateways in India offer various additional facilities beyond quick payments to enhance security and efficiency in online transactions. These supplementary features include:
Payment Gateways often provide the capability to verify the delivery address provided by the customer. This ensures that the purchased goods or services are sent to the correct location, reducing the chances of delivery errors.
Advanced Visual System Checks involve additional validation methods, such as matching the visual elements of payment cards, like holograms and security features, to ensure the authenticity of the card being used for the transaction.
Payment Gateways may employ computer fingerprinting technology to recognise and authenticate the device used by the customer for the transaction. This helps detect and prevent fraudulent activities associated with device impersonation.
Velocity Pattern Analysis involves monitoring the speed and frequency of transactions. If a series of transactions occurs within a short period or shows unusual patterns, the Payment Gateway may trigger alerts or additional security checks to mitigate potential fraud.
Identity Morphing Detection is a security measure used to identify instances where one person attempts to use multiple identities or accounts for fraudulent purposes. Payment Gateways may employ algorithms and checks to detect such identity manipulation.
Some Payment Gateways can calculate and include tax amounts in the authorisation requests sent to the respective payment processors. This ensures that the correct tax amount is authorised and charged during the transaction.
A Payment Gateway comprises several key components that collectively facilitate secure online transactions. These major components include:
A Merchant Agreement is a contractual arrangement between the business and the payment service provider. It outlines the roles, responsibilities and rules governing online transactions.
The agreement specifies the terms related to payment acceptance, authorisation, processing and settlement, ensuring that both parties understand their obligations in the payment process.
Secured Electronic Transaction is a security protocol provided by major payment providers like Visa and MasterCard. SET technology helps protect customers by implementing advanced security measures in the payment process.
SET enhances the security of online transactions by allowing merchants to verify payment information without directly viewing sensitive card details. Payment card information is securely transmitted to the card issuer for verification, reducing the risk of data exposure during online transactions.
Obtaining a Payment Gateway Licence in India involves meeting specific eligibility criteria. The basic requirements for securing such a licence include:
The entity or company seeking the Licence must be incorporated in accordance with the provisions of either the Companies Act, 2013 or the Companies Act,1956.
The entity is mandated to have a minimum of two members, which may include shareholders or partners, depending on the company's legal structure.
At least two directors must be appointed to the company's board. These directors play a pivotal role in overseeing operational activities and ensuring compliance within the payment gateway.
Valid address proof for the business is a requirement, including documents like utility bills, lease agreements or property ownership documents. This verification validates the physical location of the company.
A detailed business plan outlining the company's objectives, strategies and financial projections for the coming five years is a vital requirement. This plan is important for regulators to evaluate the payment gateway's sustainability and viability.
The Permanent Account Number of the company is necessary for tax-related purposes and legal compliance.
Providing details of the company's current bank account is essential for conducting financial transactions and complying with monetary regulations.
A report from a certified software testing agency is required to ensure the reliability and security of the payment gateway's system flow and code. This report demonstrates that the gateway can handle transactions securely.
Compliance with the Payment Card Industry Data Security Standard is also essential to ensure the security of cardholder data and other important things.
Along with all the above details, a service tax registration no. wherever applicable is also needed.
The capital requirements for obtaining the Licence vary based on the type of entity and the nature of prepaid payment instruments. Given below are the capital requirements:
Non-Banking Financial Companies and scheduled banks who want to function as payment gateways in India have to mandatorily adhere to the Capital Adequacy Requirements established by the Reserve Bank of India. Only NBFCs and scheduled banks that meet the RBI's capital adequacy requirements will be permitted to issue prepaid payment instruments.
Entities authorised under the provisions of the Foreign Exchange Management Act, 1999, to issue foreign exchange Prepaid Payment Instruments, are exempt from the scope of RBI guidelines regarding capital requirements for payment gateways.
These foreign exchange PPIs are typically limited to permissible current account dealings and transactions, subject to the restrictions outlined in the Foreign Exchange Management Current Account Transactions Rules 2000. The use of these instruments is regulated by FEMA rules and compliance with FEMA guidelines is necessary for entities issuing foreign exchange PPIs.
When applying for a Payment Gateway Licence in India, you must provide specific documents, which include:
A copy of the CoI issued by RoC is required to verify the legal registration of the company.
Personal Account Number cards of all directors of the company need to be submitted as part of the application process.
Address proof documents, such as Aadhaar cards, passports or utility bills, for all directors are essential to verify their residential addresses.
Digital signatures of directors are necessary for digitally signing and submitting application documents electronically.
DINs of directors are required for identification and regulatory purposes.
Proof of the registered office's address, such as utility bills or rental agreements, is needed to establish the physical location of the company.
Detailed particulars regarding the company's current bank account, inclusive of bank statements and account specifications, are essential for financial verification and seamless transaction processing.
A comprehensive business plan of the company's goals, strategic approaches and financial forecasts for the subsequent five fiscal years is vital.
A report regarding the testing of the payment gateway's code by a certified software agency is essential to ensure the reliability and security of the system.
The process of obtaining payment gateway licence in India is as given below:
Initiate the authorisation process by submitting an application, utilising the prescribed Form A. as per section 5(1) of the Payment and Settlement System Act.
Address this application to the Chief General Manager of the Department of Payment & Settlement Systems, which is at the Central Offices of RBI in Mumbai or at other RBI offices specifically designated for this purpose.
The RBI, based on the discretionary powers granted by section 6 of the PSS Act, assesses and approves the application for authorisation.
RBI may conduct inquiries and verification processes to ensure the authenticity of the information provided by the applicant and the credentials of all involved participants.
Before issuing authorisation, the RBI considers various conditions, including:
If the RBI is satisfied that all requirements as per section 7(1) are met, it issues an Authorisation Certificate in Form 'B' to the applicant.
The authorisation then only takes effect from the date determined by the RBI and is subject to the conditions imposed by the RBI.
As given under section 4 of the PSS Act, the RBI has to process applications with maximum processing time of six months only from the date of application submission. This is an important step in the registration procedure as it ensures timely processing of applications.
In terms of validity and renewal, the licence has a one-year duration. Failure to follow the regulations in the validity period may lead to fines or other legal repercussions. Therefore, timely renewal and strict adherence to regulatory requirements are essential for maintaining a valid licence.
Obtaining the Licence involves meeting specific IT requirements to ensure the security and reliability of the payment gateway system. Given below are the different IT requirements:
The Reserve Bank of India has issued several important security-related recommendations that licenced Payment Gateway Systems must adhere to in order to maintain the security and integrity of their operations. These recommendations include:
PGS should conduct comprehensive security risk assessments covering areas such as people, IT and business processes. This assessment helps identify risk exposures and defines remedial measures as well as residual risks.
Security checks can be carried out through internal security audits conducted annually by independent security auditors or by CERT-In impanelled auditors. Reports on risk assessment, security compliance, security audits and security incidents should be presented to the Board.
PGS should implement the best data security standards and practices, including compliance with standards like PCI-DSS i.e., Payment Card Industry Data Security Standard, PA-DSSand the use of the latest encryption standards and transport channel security.3. Security Incident Reporting:
PGS must promptly report any security incidents or cardholder data breaches to the RBI within the stipulated timeframe.
Monthly cybersecurity incident reports, along with root cause analysis and preventive actions taken, should be submitted to the RBI.
During the merchant onboarding process, PGS should conduct thorough security assessments to ensure that merchants comply with minimum baseline security controls.
PGS must conduct and submit the following reports to the IT Committee:
PGS should review the board-approved information security policy annually. This policy should cover various aspects, including objectives, scope, ownership, responsibilities, organisational structure, roles, asset inventory, data classification, authorisation, knowledge and skills, training, compliance review and penal measures for non-compliance.
Establish IT policies for the effective management of IT functions and ensure detailed documentation of procedures and guidelines is in place.
Also, review the strategic plan and policy annually.
The establishment of an efficient IT governance framework at the board level is important for the effective management and oversight of IT-related matters within a Payment Licence system. Given below are key components of a board-level IT governance framework:
The Board or top management of the Payment Licence system plays an important role by:
The Payment Licence system should form an IT Steering Committee comprising representatives from various business functions as appropriate.
This committee's role is to assist the Executive Management in implementing the IT strategy approved by the Board.
The Payment Licence system must establish and maintain an enterprise information model.
This model supports application development and decision-supporting activities consistent with the IT strategy approved by the Board.
The Payment Licence system should develop a comprehensive Cyber Crisis Management Plan that is approved by the IT strategy committee.
This plan should include components such as:
A Payment gateway licence in India operates by allowing secure transmission of encrypted customer transaction data to payment processors, banks and card associations. The process involves many layers of authentication and authorisation to ensure the security and integrity of online transactions, ultimately providing an efficient payment experience for both customers and merchants.
StartupFino is a company that specialises in offering complete services for Payment gateway Licence. We can help you with everything from providing advice in the initial phase to ensuring that you meet all the necessary requirements and compliances for your licence and registration.
StartupFino manages legal, financial & Compliance services through its team of professionals with the help our own technology.
Scan this QR Code...
We also help you market your products through an online marketplace.
Fill up contact form
Expert will call you
Make online payment
Get Services
Based on 500+ customer reviews.
Startupfino has been awarded as the Best Virtual CFO of 2023 held at Global Startup and Entrepreneurship Conclave 2023. It was decisive to get recognition as a startup in this competitive industry.
Startupfino is honoured to recognise as a Best Tax and Legal Compliance Management Agency in the India Stratup Summit and Startup Achievers Awards 2022.
Startupfino is honoured as a Best Financial Advisor Agency at the World Startup Convention 2023. This acknowledgment shows commitment towards delivering innovative solutions.
Startupfino is working with Startups since last 10 years with an unparalleled experience of helping fast growing startups. Our Success can be witnessed through the numbers given below.
StartupFino
Recently Purchased