RBI PAYMENT AGGREGATORS & PAYMENT GATEWAY AUDIT
What is a Payment Gateway Audit and RBI Payment Aggregators?
All currently operating non-bank payment aggregators must get RBI authorisation by June 30, 2021, beginning in March 2020. To guarantee the security of all online transactions, the RBI will henceforth oversee Payment Aggregators and Payment Gateways.
The following is a description of the key elements that RBI will cover in its recommendations.
- Non-Banks By the conclusion of the fiscal year, Payment Aggregators will have a minimum net value of Rs 15 crore, with a range of up to INR 25 crore.
- Baseline technology, such as the deployment of Data Security standards, cybersecurity audits, incident reporting, and the drafting of IT policies, was needed by the Payment Aggregators.
- Payment Aggregators adhere to the guidelines established by the Prevention of Money Laundering Act of 2002 and have clear rules about onboarding new merchants, privacy, customer complaints, etc.
- E-commerce businesses that operate Payment Aggregators must get the required licence and split Payment Aggregators into a distinct corporation.
- A non-bank payment aggregator must be a full-fledged business that was formed in accordance with the organization's Act, with the PA activity constituting a party.
- Aggregators are required to notify the Chief General Manager of RBI within 15 days of any takeover, acquisition of control, or change in top management of non-bank Payment.
- A format for preserving the information of transactions handled by Payment Aggregators each month is also provided by the RBI. This format contains a net-worth certificate, a director's undertaking, an auditor's certificate, and an auditor certificate while maintaining the balance on an escrow account.
Key Advantages
The several advantages offered by RBI Payment Aggregators & Payment Gateway Audit are listed below.
-
1. Counterattack Vulnerabilities
- When conducting online transactions, the actions taken by payment
aggregators and payment gateways are vital since they will close any existing
vulnerabilities.
-
2. A New Security Approach
- Since the current regulations for payment aggregators and payment
gateways are insufficient and no significant complaints have been reported
for more than ten years, RBI initiated this action to guarantee consumer
security and privacy.
- Payment Aggregators and Payment Gateways' main lines of business are not
covered by RBI regulation. Therefore, it is necessary to separate these
organisations while preserving the correct rules.
- The consumer may not have full access to the merchants and banks, as well
as the payment aggregators and payment gateways. Additionally, this will
put an end to it and provide a suitable settlement.
- Roles and responsibilities between merchants and customers must be clearly
defined, and as a result, Payment Aggregators and Payment Gateways are
required to manage consumer data in a more secure manner.
- The current technology for Payment Aggregators and Payment Gateways
helps the consumers and improves their experience. Technology may differ
from entities and architecture.
To guarantee the security of all online transactions, the RBI will henceforth oversee Payment Aggregators and Payment Gateways. The following are the guidelines' main components:
Baseline technology, such as the deployment of Data Security standards, cybersecurity audits, incident reporting, and the drafting of IT policies, was needed by the Payment Aggregators.
Baseline technology, such as the deployment of Data Security standards, cybersecurity audits, incident reporting, and the drafting of IT policies, was needed by the Payment Aggregators.
Payment Aggregators adhere to the rules outlined by the Prevention of Money Laundering Act of 2002 and have clear policies about onboarding new merchants, privacy, customer complaints, etc.
E-commerce businesses that operate Payment Aggregators must get the required licence and split Payment Aggregators into its own corporation.
A non-bank payment aggregater has to be a full-fledged business that was formed in accordance with the organization's Act, with the PA activity constituting a party.
Aggregators are required to notify the Chief General Manager of RBI within 15 days of any takeover, acquisition of control, or change in top management of non-bank Payment.
The RBI also provides a format for authorization that includes a net worth certificate, a director's undertaking, an auditor's certificate while maintaining the balance on an escrow account, and a format for keeping track of the information about the transactions handled by Payment Aggregators each month.
By the conclusion of the fiscal year, Non-Bank Payment Aggregators must have a minimum net value of Rs 15 crore, with a range of up to INR 25 crore.