{"id":2483,"date":"2021-02-19T09:09:55","date_gmt":"2021-02-19T09:09:55","guid":{"rendered":"https:\/\/swaritadvisors.com\/blog\/?p=2483"},"modified":"2021-02-19T09:19:00","modified_gmt":"2021-02-19T09:19:00","slug":"requirements-for-payment-gateway-license","status":"publish","type":"post","link":"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/","title":{"rendered":"Requirements for Payment Gateway License: A Complete Guide"},"content":{"rendered":"\n<p class=\"has-drop-cap\">In India, the\npopularity of online shopping and e-commerce is continuously increasing at a\nsignificant rate. The reason behind the same is the ease and flexibility\noffered by Payment Gateways. It is mandatory for every online portal to obtain <strong><a href=\"https:\/\/swaritadvisors.com\/payment-gateway-license\" class=\"text-primary\">payment gateway\nlicense<\/a><\/strong> from RBI if it wants to deal in the payment of bills,\nrecharges, etc. In this blog, we will be discussing in detail about the concept\nand requirements for Payment Gateway License.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_65 counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a37e8ce5e50a\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a37e8ce5e50a\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Concept_of_Payment_Gateway\" title=\"Concept of Payment Gateway\">Concept of Payment Gateway<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Working_of_Payment_Gateway\" title=\"Working of Payment Gateway\">Working of Payment Gateway<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Encryption_of_Data\" title=\"Encryption of Data\">Encryption of Data<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Request_for_Authorisation\" title=\"Request for Authorisation\">Request for Authorisation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Filing_the_Order\" title=\"Filing the Order\">Filing the Order<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Additional_Services_Offered_by_Payment_Gateway_in_India\" title=\"Additional Services Offered by Payment Gateway in India\">Additional Services Offered by Payment Gateway in India<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Types_of_Payment_Gateway_License\" title=\"Types of Payment Gateway License\">Types of Payment Gateway License<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Second_Party_Providers\" title=\"Second Party Providers\">Second Party Providers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Third_Party_Providers\" title=\"Third Party Providers\">Third Party Providers<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Legal_Requirements_for_Payment_Gateway_License\" title=\"Legal Requirements for Payment Gateway License\">Legal Requirements for Payment Gateway License<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Basic_Requirements_for_Payment_Gateway_License\" title=\"Basic Requirements for Payment Gateway License\">Basic Requirements for Payment Gateway License<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Capital_Requirements_for_Payment_Gateway_License\" title=\"Capital Requirements for Payment Gateway License\">Capital Requirements for Payment Gateway License<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#IT_Requirements_for_Payment_Gateway_License\" title=\"IT Requirements for Payment Gateway License\">IT Requirements for Payment Gateway License<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Information_Security_Governance\" title=\"Information Security Governance\">Information Security Governance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Data_Security_Standards\" title=\"Data Security Standards\">Data Security Standards<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Security_Incident_Reporting\" title=\"Security Incident Reporting\">Security Incident Reporting<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Merchant_On-boarding\" title=\"Merchant On-boarding\">Merchant On-boarding<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Cyber_Security_Audit_and_Reports\" title=\"Cyber Security Audit and Reports\">Cyber Security Audit and Reports<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Staff_Competency\" title=\"Staff Competency\">Staff Competency<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Vendor_Risk_Assessment\" title=\"Vendor Risk Assessment\">Vendor Risk Assessment<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Cryptographic_Requirement_for_Payment_Gateway_License\" title=\"Cryptographic Requirement for Payment Gateway License\">Cryptographic Requirement for Payment Gateway License<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Maturity_and_Roadmap\" title=\"Maturity and Roadmap\">Maturity and Roadmap<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Data_Security_in_Outsourcing\" title=\"Data Security in Outsourcing\">Data Security in Outsourcing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Data_Sovereignty\" title=\"Data Sovereignty\">Data Sovereignty<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Payment_Application_Security\" title=\"Payment Application Security\">Payment Application Security<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Documents_Required_for_Payment_Gateway_License\" title=\"Documents Required for Payment Gateway License\">Documents Required for Payment Gateway License<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/swaritadvisors.com\/blog\/requirements-for-payment-gateway-license\/#Conclusion\" title=\"Conclusion\">Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Concept_of_Payment_Gateway\"><\/span>Concept of Payment Gateway<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The term Payment Gateway denotes a financial\nservice, which is provided by an e-commerce application service provider. It\nacts as an intermediary between the banks and the website that provides the\ncommunication of transaction or payment.<\/p>\n\n\n\n<p>Further, it collects details from the buyer\u2019s bank and supplies the same to the receiving bank and notes its response as to whether the said transaction or payment has been approved or not.<\/p>\n\n\n\n<p><strong>Also, Read:<\/strong> <mark style=\"background: #fffd03 !important;\"><a href=\"https:\/\/swaritadvisors.com\/learning\/meaning-and-process-of-online-payment-gateway-in-india-2020\/\">Meaning and Process of Online Payment Gateway in India 2020<\/a><\/mark><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Working_of_Payment_Gateway\"><\/span>Working of Payment Gateway<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Once a customer has placed an order from an online application or portal, a series of actions as given below will be taken by the Payment Gateway:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/swaritadvisors.com\/blog\/wp-content\/uploads\/2021\/02\/Encryption-of-Data-1-1024x269.png\" alt=\"Working of Payment Gateway\" class=\"wp-image-2489\" width=\"725\" height=\"190\" srcset=\"https:\/\/swaritadvisors.com\/blog\/wp-content\/uploads\/2021\/02\/Encryption-of-Data-1-1024x269.png 1024w, https:\/\/swaritadvisors.com\/blog\/wp-content\/uploads\/2021\/02\/Encryption-of-Data-1-300x79.png 300w, https:\/\/swaritadvisors.com\/blog\/wp-content\/uploads\/2021\/02\/Encryption-of-Data-1-768x202.png 768w, https:\/\/swaritadvisors.com\/blog\/wp-content\/uploads\/2021\/02\/Encryption-of-Data-1.png 1200w\" sizes=\"(max-width: 725px) 100vw, 725px\" \/><\/figure><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Encryption_of_Data\"><\/span>Encryption of Data<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>In this step, the browser used by the customer will\nencrypt the data which has to be sent to the vendor\u2019s server. After that, the\nsaid payment gateway then sends the transaction details to the payment\nprocessor.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Request_for_Authorisation\"><\/span>Request for Authorisation<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Once the data is received by the payment processor,\nit will transmit the same to the card association. After that, the bank that\nhas issued the card will check the transaction at this point to either agree or\ndeny it accordingly. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Filing_the_Order\"><\/span>Filing the Order<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Once the bank agrees to the transaction, the\nauthorisation concerning the merchant and customer will then be forwarded to\nthe payment gateway\u2019s processor. <\/p>\n\n\n\n<p>Further, after receiving the response from the\nprocessor, the details will be forwarded to the website for processing the\npayment. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Additional_Services_Offered_by_Payment_Gateway_in_India\"><\/span>Additional Services Offered by Payment Gateway in India<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The additional services offered by a payment gateway in India can be summarised as:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/swaritadvisors.com\/blog\/wp-content\/uploads\/2021\/02\/Delivery-Address-Verification-1-1024x310.png\" alt=\"Additional Services Offered by Payment Gateway in India\" class=\"wp-image-2487\" width=\"710\" height=\"214\" srcset=\"https:\/\/swaritadvisors.com\/blog\/wp-content\/uploads\/2021\/02\/Delivery-Address-Verification-1-1024x310.png 1024w, https:\/\/swaritadvisors.com\/blog\/wp-content\/uploads\/2021\/02\/Delivery-Address-Verification-1-300x91.png 300w, https:\/\/swaritadvisors.com\/blog\/wp-content\/uploads\/2021\/02\/Delivery-Address-Verification-1-768x232.png 768w, https:\/\/swaritadvisors.com\/blog\/wp-content\/uploads\/2021\/02\/Delivery-Address-Verification-1.png 1451w\" sizes=\"(max-width: 710px) 100vw, 710px\" \/><\/figure><\/div>\n\n\n\n<ul><li>Delivery Address\nVerification;<\/li><li>Computer Visual\nSystems Checks;<\/li><li>Advances Visual\nSystem Checks;<\/li><li>Velocity Pattern\nAnalysis;<\/li><li>Identify\nMorphing Detection;<\/li><li>Tax Calculation\nfor the Authorisation of Request transmitted to the Processor;<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Types_of_Payment_Gateway_License\"><\/span>Types of Payment Gateway License<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The different types of Payment Gateway License are as follows:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/swaritadvisors.com\/blog\/wp-content\/uploads\/2021\/02\/Second-Party-Providers-1.png\" alt=\"Types of Payment Gateway License\" class=\"wp-image-2488\" width=\"668\" height=\"121\" srcset=\"https:\/\/swaritadvisors.com\/blog\/wp-content\/uploads\/2021\/02\/Second-Party-Providers-1.png 931w, https:\/\/swaritadvisors.com\/blog\/wp-content\/uploads\/2021\/02\/Second-Party-Providers-1-300x54.png 300w, https:\/\/swaritadvisors.com\/blog\/wp-content\/uploads\/2021\/02\/Second-Party-Providers-1-768x139.png 768w\" sizes=\"(max-width: 668px) 100vw, 668px\" \/><\/figure><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Second_Party_Providers\"><\/span>Second Party Providers<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>This type of Payment Gateway License is very costly\nand expensive for small businesses and start-ups in the initial phase. Although\nthe TDR (Transaction Discount Rate) is less for specified providers, but the\nsetup cost is high.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Third_Party_Providers\"><\/span>Third Party Providers<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The term Third Party Providers means a type of\nprovider that charge both the annual and set up fee. In this case, the TDR will\nbe around 2% to 4%. <\/p>\n\n\n\n<p>Further, the examples of this type of provider are\nCC Avenue, PayU, and EBS.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Legal_Requirements_for_Payment_Gateway_License\"><\/span>Legal Requirements for Payment Gateway License<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Based on the provisions of section 4 of the Payments\nand Settlement System Act 2007, no one except the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Reserve_Bank_of_India\">RBI<\/a> has the\nauthority to start or operate a payment gateway mechanism in India. <\/p>\n\n\n\n<p>However, if in case an entity wants to start a\nPayment Gateway, then, in that case, it needs to obtain authorisation from RBI\nby filing an application for Payment Gateway License under section 5 of the\nPayments and Settlement System Act 2007.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Basic_Requirements_for_Payment_Gateway_License\"><\/span>Basic Requirements for Payment Gateway License<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The basic requirements for Payment Gateway License\nare as follows:<\/p>\n\n\n\n<ul><li>The applicant\nentity must be registered under the provisions of Companies Act 2013 or the\nCompanies Act 1956;<\/li><li>Needs a minimum\nof two members;<\/li><li>Needs a minimum\nof two directors;<\/li><li>Address Proof\nfor the Registered Office;<\/li><li>5 years Business\nPlan;<\/li><li>PAN Card details\nof the company;<\/li><li>Current Account\ndetails of the company;<\/li><li>System Flow and\nCode Testing Report by a Software Certifying Agency;<\/li><li>Compliance with\nPCI DSS;<\/li><li>Service Tax\nRegistration Number;<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Capital_Requirements_for_Payment_Gateway_License\"><\/span>Capital Requirements for Payment Gateway License<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The capital requirements for payment gateway license\nare as follows:<\/p>\n\n\n\n<ul><li>The banks and <strong><a href=\"https:\/\/swaritadvisors.com\/nbfc-registration\" class=\"text-primary\">NBFCs<\/a><\/strong> that abide by\nthe guidelines concerning CAR (Capital Adequacy Requirements), as specified by\nthe Apex Bank, will only be permitted to issue prepaid payment instruments;<\/li><li>All the other\nentities need to have at least Rs 10 lakhs as the NOF (Net Owned Funds);<\/li><li>The entities\nthat have authorisation under FEMA 1999 to issue Prepaid Payment Instruments\nare exempted from the RBI guidelines. Also, in this case, the usage of PPIs is\nlimited to the permissible current account transactions and are subject to\nrestrictions prescribed under the Foreign Exchange Management (Current Account\nTransactions) Rules 2000;<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IT_Requirements_for_Payment_Gateway_License\"><\/span>IT Requirements for Payment Gateway License<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The IT requirements for Payment Gateway License in\nIndia are as follows:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Information_Security_Governance\"><\/span>Information Security Governance<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>It is mandatory for all the businesses and entities\nto carry out a comprehensive security risk assessment of their respective\nclients. The reason behind the same is to timely determine the risk exposures,\nresidual risks and remedial measure.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Data_Security_Standards\"><\/span>Data Security Standards<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>It is advisable that all the businesses must employ\nbest practises regarding the data security standards, such as the PA DSS and\nPCI DSS. Also, it shall be significant to note that the latest encryption\nstandards must be implemented as well.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Security_Incident_Reporting\"><\/span>Security Incident Reporting<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>It is necessary for every business to report the\nincidents of security and cardholder breaches to the Reserve Bank of India\nwithin the time prescribed.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Merchant_On-boarding\"><\/span>Merchant On-boarding<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>All the businesses need to undergo a comprehensive\nsecurity assessment during the course of merchant on-boarding. Also, the main\naim behind the said process is to make sure that merchants are properly\nfollowing the minimal baseline security standards.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Cyber_Security_Audit_and_Reports\"><\/span>Cyber Security Audit and Reports<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>It is mandatory for all the businesses to carry out\nand furnish quarterly internal and external audit. There after they need to\nsubmit the same to the IT Committee.<\/p>\n\n\n\n<p>Further, the other reports required to be submitted\nare as follows:<\/p>\n\n\n\n<ul><li>Bi annual VAPT\n(Vulnerability Assessment or Penetration Test) Report;<\/li><li>ROC (Report of\nCompliance);<\/li><li>PCI \u2013 DSS\nincluding AOC (Attestation of Compliance);<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Staff_Competency\"><\/span>Staff Competency<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>It is necessary for every business that is holding a\npayment gateway license to have a clear understanding, training, and experience\nfor the IT Function.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Vendor_Risk_Assessment\"><\/span>Vendor Risk Assessment<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Service Level Agreements are necessary to support\nthe technology comprising of the Data Management and BCP DR. Also, an SLA must\ninclude the clauses that permit the regulatory access to these set ups.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Cryptographic_Requirement_for_Payment_Gateway_License\"><\/span>Cryptographic Requirement for Payment Gateway License<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>It is necessary for every business entity to choose\nEncryption Algorithm as a well formulated International Standard. However, it\nshall be significant to state that the said standards will be subject to\ninspection by the International Community of Cryptographers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Maturity_and_Roadmap\"><\/span>Maturity and Roadmap<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>All the business entities must regularly assess and\ncheck their IT Maturity Level based on the International Standards. Also, they can\ndesign a comprehensive action plan and can execute the plan accordingly to\nachieve the target maturity level.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Data_Security_in_Outsourcing\"><\/span>Data Security in Outsourcing<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>All the businesses must have an agreement concerning\noutsourcing. Further, the said agreement need to have a clause named \u201cright to audit\u201d\nto authorise the entities and their appointed agencies and regulators for\ncarrying out security audits.\nOn the other hand, third parties\nare required to furnish the annual independent security audit reports to the\nbusinesses.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Data_Sovereignty\"><\/span>Data Sovereignty<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>All the business entities need to implement\npreventive measures to confirm that the data stored in infrastructure does not\nbelong to any external jurisdiction.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Payment_Application_Security\"><\/span>Payment Application Security<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>All the entities need to draft the application for\npayment gateway license based on the PA DSS guidelines and requisite requirements.\nFurther, they need to review the PCI DSS compliance status as a part of the\nmerchant on-boarding process.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Documents_Required_for_Payment_Gateway_License\"><\/span>Documents Required for Payment Gateway License<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The documents required for Payment Gateway License\nare as follows:<\/p>\n\n\n\n<ul><li>A copy of the\nCertificate of Registration;<\/li><li>PAN Card Details\nof the Applicant Company;<\/li><li>Digital Signature\nCertificates for Directors;<\/li><li>Director\nIdentification Number for Directors;<\/li><li>Address for the\nplace being used as Registered Office;<\/li><li>Current Bank\nAccount details form the respective bank;<\/li><li><strong><a href=\"https:\/\/swaritadvisors.com\/business-plan\" class=\"text-primary\">Business\nPlan<\/a><\/strong> of the Company for the\nnext five years;<\/li><li>System Flow and\nCode Testing Report by a Software Certifying Agency;<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>In a nutshell, Payment Gateway means an intermediary between the bank and the website providing transaction facility. Further, except the Reserve Bank of India, no one has the authority to start a payment gateway in India, until the same has filed an application for the license under section 5 of the Payments and Settlement System Act 2007 with the apex bank.<\/p>\n\n\n\n<p>However, an applicant who wishes to obtain the license for the RBI needs to first comply with the Requirements for Payment Gateway License. Further, the term Requirements for Payment Gateway License are divided on the basis of Basic, Legal, Capital, and Information and Technology Requirements.<\/p>\n\n\n\n<p><strong>Also, Read:<\/strong> <mark style=\"background: #fffd03 !important;\"><a href=\"https:\/\/swaritadvisors.com\/learning\/top-5-best-payment-gateway-systems-in-india\/\">Top 5 Best Payment Gateway Systems in India<\/a><\/mark><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In India, the popularity of online shopping and e-commerce is continuously increasing at a significant rate. The reason behind the same is the ease and flexibility offered by Payment Gateways. It is mandatory for every online portal to obtain payment gateway license from RBI if it wants to deal in the payment of bills, recharges, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2486,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[60,56],"tags":[406],"acf":[],"_links":{"self":[{"href":"https:\/\/swaritadvisors.com\/blog\/wp-json\/wp\/v2\/posts\/2483"}],"collection":[{"href":"https:\/\/swaritadvisors.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/swaritadvisors.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/swaritadvisors.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/swaritadvisors.com\/blog\/wp-json\/wp\/v2\/comments?post=2483"}],"version-history":[{"count":9,"href":"https:\/\/swaritadvisors.com\/blog\/wp-json\/wp\/v2\/posts\/2483\/revisions"}],"predecessor-version":[{"id":2498,"href":"https:\/\/swaritadvisors.com\/blog\/wp-json\/wp\/v2\/posts\/2483\/revisions\/2498"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swaritadvisors.com\/blog\/wp-json\/wp\/v2\/media\/2486"}],"wp:attachment":[{"href":"https:\/\/swaritadvisors.com\/blog\/wp-json\/wp\/v2\/media?parent=2483"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/swaritadvisors.com\/blog\/wp-json\/wp\/v2\/categories?post=2483"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swaritadvisors.com\/blog\/wp-json\/wp\/v2\/tags?post=2483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}