How to Start a Payment Aggregator License

registrtion process
service package

An Overview of Payment Aggregator License

Payment Aggregator is also recognised as Merchant Aggregator; basically, it is a service provider by which payments can be forged with the help of mobile and e-commerce merchants who can process payment transactions. A payment aggregator allows a merchant to accept bank transfer & payments through cards even without a bank account opening or a credit card association. Merchant aggregator delivers an inexpensive and more accessible way of making payments that can aid a small business get off the ground faster. One of the only purposes of a payment aggregator is to deliver an efficient payment solution that is a shortcut from established payment methods. Such payment aggregators consist of payment gateways, whereas payment gateways cannot consist of payment aggregators.

Payment aggregators perform as a mediator between the customers and merchants. It also refers to institutions:

  • Who offers technologies to facilitate and direct the processing of an online transaction of payment and perform other functions without truly handling the finds;
  • Who helps the merchants in linking with the acquirers. In this process, they receive payments from clients and transfers payments to the merchants after a period. Besides handling the funds, they also get the right to use or access customer data;
  • Who assists e-commerce sites and merchants in accepting different payments tools from the clients to finish their payment duties to the merchants. Here the merchants not require to create a separate payment integration system of their own.

Payment Gateway License

It is service software that permits e-commerce businesses to process transactions on their application/website. They allow payment acceptance via debit or credit cards, UPI, Net-Banking, and E-wallet.

What are the Benefits of a Payment Aggregator License?

Following are some significant benefits of an Aggregator:

  • It becomes an intermediary between the merchants and the clients;
  • The function of processing and completion of the payment transactions;
  • Establishing a payment aggregator is very easy and straightforward. All it takes is signing up for the procedure of an e-commerce payment. It creates chances for more talents to enter the market & offers clients more options to buy;
  • Creation of settlement on one end and merchants on the other end;
  • The payment aggregator tends to deliver a suggestion for online transaction processing, with least or no start-up fees and fixed costs;
  • The process of an application is straightforward, which aids small businesses to function effortlessly;
  • It is a proficient and cost-effective process for a massive volume of smaller transactions.

Risks Related to Payment Aggregation

The payment aggregator activities in the online transaction include risks, which are as follows:

  • Lack of proper restore mechanism and consistency in practice across the companies is also a matter of concern;
  • Services of payment aggregation are also delivered by some of the e-commerce market places, which doesn't come under the direct regulatory influence of the Reserve Bank of India, which can be a massive concern for the payment aggregators. Therefore, it can be altered under double regulation;
  • Organisations might be the source of risk in such a client experience and technology rigorous business if they have inadequate governance practices which may influence the client’s experience & confidence;
  • The aggregators also handle sensitive data of the customer. Supervision data privacy and data of customer can be a huge task for payment aggregators. If the payment aggregators are not able to regulate the data, it can harm the risk of data loss and violate privacy;
  • A payment aggregator is also in danger of some transaction chargeback or fraud connected with its sub-merchants.

What are the Essential IT Requirements to Procure Payment Aggregator License?

Following are some IT security measure that should be adopted by the aggregators to obtain a Payment Aggregator License:

  • Data Security Standards

    Data security standards such as PA-DSS, PCI-DSS also the latest encryption standards & Transport Channel Security, etc., will be put into practice.

  • Risk Assessment

    It should discover the threat or susceptibility combinations and the possibility of an impact on privacy, integrity or availability of that asset from a business, compliance & contractual standpoint.

  • Staff Capability

    The resources should be well-trained with IT skills, and a periodic assessment of training needs should be conducted for them.

  • Payment Application Security

    Such applications shall be developed accordingly to PA-DSS guidelines and should obey the précised guidelines. All the aggregators should examine the PCI-DSS compliance status as a part of their process of merchant onboarding.

  • Information Security Supremacy

    The organisations must implement a comprehensive study of security risk assessment of their people, Information Technology (IT), business process surroundings. It should recognise risk exposures with remedial measures and also enduring risks. Risk assessment reports, security compliances, security audit reports, and security incidents should be presented to the Board by the entities.

  • Access to Application

    For managing an application system, the process shall be documented, which will be approved by the owner of the application and should be kept updated. The principle of least benefit and require to know will proportionate job responsibilities while accessing the application.

  • Requirement of Cryptographic

    Merchant aggregators shall opt for encryption algorithms according to the international community of cryptographers to accept by trustworthy professional bodies, highly regarded security vendors or government agencies.

  • Data Control

    The payment aggregators shall take some anticipatory measures to make sure collecting data in an infrastructure that doesn't belong to outside jurisdictions. Suitable controls will be considered to prevent unauthorised access to the data.

  • Data Protection in Outsourcing

    An agreement of outsourcing shall be arranged offering the right to audit clause to enable Payment Aggregators or their appointed agencies and regulators to conduct security audits. Alternatively, the third party requires submitting an annual sovereign security review report to the payment aggregators.

  • Security Incident Coverage

    Cybersecurity incidents shall be reported by the aggregators to the regulator within 2 to 6 hours duration. Payment Aggregators should have an agreement with the merchants on security incident coverage.

  • Forensic Readiness

    All security events from the infrastructure of aggregators consist of middleware, application, servers, endpoint authentication, database, log files, web services, and cryptographic events shall be collected, investigated and examined for the positive recognition of security alerts.

  • Cyber Security Review and Reports

    The companies submit to the IT Committee quarterly internal and annual external examine reports.

What are the Vital Documents required for Procuring a Payment Aggregator License?

Following are some vital documents required for procuring a Payment Aggregator License:

  • Submit a Certificate of Registration of the Company issued by the ROC or Registrar of Companies;
  • DIN (Director Identification Number) and DSC (Director Signature Certificate) of all the proposed directors;
  • Details of the company’s bank account;
  • Address proof or PAN Card of the directors;
  • Next five years of the business plan of the company;
  • Submit any address proof of the business place;
  • Code testing information by a software agency.

Procedure of Getting Payment Aggregator License

Companies willing to carry out payment aggregator license should undertake the following steps:

  • Step 1

    Companies should be incorporated under the Companies Act, 2013.

  • Step 2

    Authorisation should be obtained from the Reserve Bank of India under PSS Act.

  • Step 3

    Capital requirement of Rs. 15 crores (Net-worth), which requires to be increased to Rs. 25 crores within three years of its operation.

  • Step 4

    An appropriate mechanism should be prepared against money laundering.

  • Step 5

    Should appoint a nodal officer for client complaint redressed framework or dispute management framework.

  • Step 6

    In case the company is a bank, authorisation should be attained under PSS Act.

  • Step 7

    This Act has established guidelines to penalise defaulters for not attaining authorisation from the Reserve Bank of India.

List of all the Compliances that should be followed by Payment Aggregators after Procuring Payment Aggregator License

Payment Aggregators should submit the report on a monthly, quarterly, or annual basis, which is explained below:

Monthly Report

Topics

Last Date

Transactions Statistics

7th of the next month

Frauds Report

7th of the next month

Cyber Security Incident Reports with full root cause study

7th of the next month

Quarterly Report

Aspects

Last Date

Certificate of Auditors on Escrow Balance

15th of the month next quarter-end

Certificate of Bankers on Escrow Account Credits and Debits, which should be within audited

15th of the month next quarter-end

For marketplaces certificate of the auditor on nodal accounts

15th of the month next quarter-end

Customers Complaints Report by 15th of the month of the following the quarter-end

15th of the month next quarter-end

Cyber Security Audit Report

15th of the month next quarter-end

Annual Report

Topic

Last Date

Audited yearly report attached with a Chartered Accountant Certificate on Net-worth

30th September

Cyber Security Audit and IS Audit Report renowned with observations consisting of corrective or preventive action planned and should be audited outwardly.

31st May

Net-worth Certificate

31st December

Non-Periodic Reports

  • In case there is any alter in BODs (Board of Directions);
  • A one-time technical audit or review; also whenever a foremost alter is about to be made.

Penalties Arranged under PSS Act, 2007 for Payment Aggregators

As per the PSS Act, 2007, the following acts will be penalised:

  • Functioning of a payment aggregator system without permission;
  • The Reserve Bank of India (RBI) can also be charged a fine for a certain violation under the PSS Act;
  • When the merchant aggregator didn’t produce statements;
  • Infringing any rules, orders, guidelines, regulations, etc. approved by the Reserve Bank of India are offences punishable for which RBI can begin criminal hearing;
  • Where the payment aggregator delivers any wrong information or statement;
  • In case of any letdown by the aggregator to obey the terms of license authorisation;
  • Discover any forbidden information or non-compliance of directions arranged by the Reserve Bank of India or infringing any of the Act's provisions.

What is the Difference Between Payment Aggregator and Payment Gateway?

The solutions of payment differ on different grounds, as mentioned below:

Points

Payment Gateway

Payment Aggregator

Role

Mediator

Interface

Ownership

This is owned by Private and Public Banks, Vendors, Merchants, and Aggregators.

Owned by Fintech Players.

Payment Options

Particular or limited Payment Options.

Various multiple payment options.

Permissions

Authorisation of RBI under the Payment and Settlement Systems Act, 2007 (PSSA).

They need the necessary certification as per the Payment Card Industry-Data Security Code (PCI-DSS).

Small Businesses

Fees of transaction offered by the Payment Gateways are too difficult and high.

Payment Gateways use Payment Aggregators to able to deliver services to small businesses.

Success rate of payment

As much as the gateway can manage.

Considerably higher payment success rate.

Touchpoints Digitised

Online touchpoints are consisting of app or website.

Online & Offline touchpoints.

Frequently Asked Questions

In banking, an aggregator plays as a third party, a mediator between the merchants and the clients.

  • Cashfree.
  • Paytm,
  • CC Avenue.
  • Mobikwik.
  • Instamojo.

Payment Aggregator is also recognised as Merchant Aggregator; basically, it is a service provider by which payments can be made successfully with the help of mobile and e-commerce merchants who can process payment transactions. A payment aggregator allows a merchant to accept bank transfer & payments through cards even without a bank account opening or a credit card association.

Yes, it is a Payment Aggregator.

Paytm is a Payment Gateway assists business accepts online payments from customers.

To become a Payment Aggregator, both non-bank and bank providers require to have an authorisation of the Reserve Bank of India; it should be a company registered in India and have to contain payments data, having a net capital of worth Rs. 15 crores.

Aggregators are owned by Fintech entities, whereas Payment Gateway can be owned by the banks, vendors, merchants, etc.

Why Swarit Advisor?

Why Swarit Advisor

What Our Clients Says

TESTIMONIALS

Latest Articles

Payment Aggregator and Payment Gateway – Know the Differences
Karan Singh
| Date: 30 Aug, 2021 | Category: Payment Gateway System

Payment Aggregator and Payment Gateway – Know the Differences

If anyone wants to start a new online business, then it is vital to set up the best payment transaction modes. Payments Gateways and Payment Aggregators are the two best...

Read More
Procedure for Payment Gateway License: A Simplified Guide
Karan Singh
| Date: 23 Feb, 2021 | Category: Payment Gateway System, RBI Advisory

Procedure for Payment Gateway License: A Simplified Guide

After the demonetization, people in India have experienced the flexibility and ease of online shopping. Payment Gateway is a financial service, and it is provided through an e-commerce application. Apart...

Read More
Requirements for Payment Gateway License: A Complete Guide
Shivani Jain
| Date: 19 Feb, 2021 | Category: Payment Gateway System, RBI Advisory

Requirements for Payment Gateway License: A Complete Guide

In India, the popularity of online shopping and e-commerce is continuously increasing at a significant rate. The reason behind the same is the ease and flexibility offered by Payment Gateways....

Read More

ARTICLES

Hi! My name is Akanksha! Let's talk.