RBI PAYMENT AGGREGATORS & PAYMENT GATEWAY AUDIT |

RBI PAYMENT AGGREGATORS & PAYMENT GATEWAY AUDIT

On March 17, 2020, the Reserve Bank of India published new regulations on the regulation of payment aggregators and payment gateways. These regulations require payment aggregators and payment gateways to receive RBI authorisation by settling payments to merchants at certain transaction times. For Payment Aggregators and Payment Gateways, the rules include specific technical and operational requirements that cover merchant onboarding, customer data access, audit requirements, and data sovereignty. RBI made the decision to regulate the operations of payment aggregators via these guidelines and to aid them by offering standard payment gateway technology.

What is a Payment Gateway Audit and RBI Payment Aggregators?

All currently operating non-bank payment aggregators must get RBI authorisation by June 30, 2021, beginning in March 2020. To guarantee the security of all online transactions, the RBI will henceforth oversee Payment Aggregators and Payment Gateways.

The following is a description of the key elements that RBI will cover in its recommendations.

Non-Banks By the conclusion of the fiscal year, Payment Aggregators will have a minimum net value of Rs 15 crore, with a range of up to INR 25 crore.

Baseline technology, such as the deployment of Data Security standards, cybersecurity audits, incident reporting, and the drafting of IT policies, was needed by the Payment Aggregators.

Payment Aggregators adhere to the guidelines established by the Prevention of Money Laundering Act of 2002 and have clear rules about onboarding new merchants, privacy, customer complaints, etc.

E-commerce businesses that operate Payment Aggregators must get the required licence and split Payment Aggregators into a distinct corporation.

A non-bank payment aggregator must be a full-fledged business that was formed in accordance with the organization's Act, with the PA activity constituting a party.

Aggregators are required to notify the Chief General Manager of RBI within 15 days of any takeover, acquisition of control, or change in top management of non-bank Payment.

A format for preserving the information of transactions handled by Payment Aggregators each month is also provided by the RBI. This format contains a net-worth certificate, a director's undertaking, an auditor's certificate, and an auditor certificate while maintaining the balance on an escrow account.

Key Advantages

The several advantages offered by RBI Payment Aggregators & Payment Gateway Audit are listed below.

1. Counterattack Vulnerabilities
When conducting online transactions, the actions taken by payment aggregators and payment gateways are vital since they will close any existing vulnerabilities.

2. A New Security Approach
Since the current regulations for payment aggregators and payment gateways are insufficient and no significant complaints have been reported for more than ten years, RBI initiated this action to guarantee consumer security and privacy.
3. RBI's direction
Payment Aggregators and Payment Gateways' main lines of business are not covered by RBI regulation. Therefore, it is necessary to separate these organisations while preserving the correct rules.
4. Obtain Full Access
The consumer may not have full access to the merchants and banks, as well as the payment aggregators and payment gateways. Additionally, this will put an end to it and provide a suitable settlement.
5. Roles & Responsibilities in Detail
Roles and responsibilities between merchants and customers must be clearly defined, and as a result, Payment Aggregators and Payment Gateways are required to manage consumer data in a more secure manner.
6. Use modernised technology
The current technology for Payment Aggregators and Payment Gateways helps the consumers and improves their experience. Technology may differ from entities and architecture.

To guarantee the security of all online transactions, the RBI will henceforth oversee Payment Aggregators and Payment Gateways. The following are the guidelines' main components:

Baseline technology, such as the deployment of Data Security standards, cybersecurity audits, incident reporting, and the drafting of IT policies, was needed by the Payment Aggregators.

Baseline technology, such as the deployment of Data Security standards, cybersecurity audits, incident reporting, and the drafting of IT policies, was needed by the Payment Aggregators.

Payment Aggregators adhere to the rules outlined by the Prevention of Money Laundering Act of 2002 and have clear policies about onboarding new merchants, privacy, customer complaints, etc.

E-commerce businesses that operate Payment Aggregators must get the required licence and split Payment Aggregators into its own corporation.

A non-bank payment aggregater has to be a full-fledged business that was formed in accordance with the organization's Act, with the PA activity constituting a party.

Aggregators are required to notify the Chief General Manager of RBI within 15 days of any takeover, acquisition of control, or change in top management of non-bank Payment.

The RBI also provides a format for authorization that includes a net worth certificate, a director's undertaking, an auditor's certificate while maintaining the balance on an escrow account, and a format for keeping track of the information about the transactions handled by Payment Aggregators each month.

By the conclusion of the fiscal year, Non-Bank Payment Aggregators must have a minimum net value of Rs 15 crore, with a range of up to INR 25 crore.

Our Blog

What is a Payment Gateway Audit and RBI Payment Aggregators?Key AdvantagesBlog