Process of Online Payment Gateway in India

Narendra Kumar

25 Jun, 2024

How to Get Online Payment Gateway in India?

Online Payment gateway enables online transfer of money by aligning with different entities. They have become an indispensable part of the online platform.

It is like a business solution in software terms to the website or e-commerce platform organizers in order to receive online payments from anywhere in the world. It needs to be secured as well in its working as stakeholders sensitive data is stored in it for transactional purposes.

Technically a Payment Gateway facilitates the transfer of information between a payment portal & the front end payment processor / acquiring bank.

Example: CC Avenue, Paypal, PayU, Razor pay etc.

How Does It Work?

• The cardholder goes to a merchant, buys a product or service and pays using a credit card on POS system enabled with them. From swiping of the card to approval it takes roughly three seconds and a payment gateway does all the work here. It sends instructions to deduct that particular amount from the swipe machine (in case of a physical store) to the merchant’s bank, then to the card company and finally to the issuing bank aligned with the card. The issuing bank then checks the credit limit of the cardholder and accordingly accepts or declines and sends the instructions back to the card company, then to the merchant bank and finally the merchant.
• All this happens incredibly in just three seconds, thanks to the payment gateway. All the transactions are settled into merchant’s bank account at the end of the day and at the end of the month, the cardholder gets a bill or account statement.
• In totality it involves around 5 parties when a transaction happens:

1. Credit Cardholder
2. Issuing Bank I.e. Bank that issued a credit card
3. Credit Card Brands
4. Merchant Bank
5. Merchant’s shop or vendor or E-commerce website

What Is The Safeguard Mechanism?

PCI – DSS guidelines help in the protection of card details and another relevant information whilst the transaction happens.

The Payment Card Industry Data Security Standard is a collection of security criteria aimed at protecting card information throughout and beyond financial transactions. Most companies into Merchant banking or crypto or card issuance, compliance do get PCI ready for ensuring uber level security in all the dealings. It ensures high-security environment. PCI DSS is managed by the Payment Card Industry Security Standard Council. It is an independent association that was created by major card brands. For E.g.: VISA, MASTERCARD, AMEX, JCB etc. The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006, to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with a core focus on improving payment account security throughout the transaction process and safeguarding the consumer interest.

There are more than 900 payment providers all over the world.

What is the process of Payment Gateway Registration?

• One needs to start a Private or Public Company or an LLP with other requirement engulfing in i.e. PAN, TAN, and GST etc.
• An Online Payment Gateway business act as a service provider for the merchants so its charge GST from the merchants to providing the services. In order to charge these, we need GST number as well.
• PCI – DSS Compliance is of utmost importance in order to go for a Payment Gateway as the authoritative head in this regard.
• Application as a Merchant Service provider / Payment facilitator with major banks as a tie-up for smooth transitioning.
• Banks will approve the application, depending upon the credibility & standing of the Gateway applicant. The application must be fulfilled in all manners.
• Once it is permitted, the next step is to figure out whether to go for a

1. Internet Banking provisioning & acceptance i.e. it is rather difficult as here one needs to convince individual banks for assigning a relationship manager in this behalf & thereby act an aggregator.
2. VISA/MASTERCARD acceptance i.e. in this one needs to get aligned with the card issuing companies and these companies have a direct arrangement with banks.

• Preparation of Website & other social media mediums in order to go live with the working along with the operational feasibility of the gateway put forth.

Indian Scenario

In India only a bank can become an Online Payment Gateway practically, all others can just operate as Payment aggregators like Pay TM. This is RBI’s mandate in this regard. These are regulated by Payment & Settlement’s Act, 2007 & Payment & Settlement’s System Regulations, 2008.

• In order to operate an Online payment gateway, an application is required to be made under the Payment and Settlement Systems Regulations, 2008 in the form prescribed therein, along with the prescribed fees mentioned. The form should be accompanied by all relevant information about the applicant, systems, and technology, financial solvency etc.
• RBI has authorized payment system operators of pre-paid payment instruments, card schemes, cross-border in-bound money transfers, Automated Teller Machine (ATM) networks and centralized clearing arrangements.

RBI stipulates that non-bank persons issuing payment instruments are required to maintain their outstanding balance in an escrow account with any scheduled commercial bank. The permitted debits and credits that can be affected in and from the said escrow account are also specifically mentioned in the guidelines, as reproduced below:

Credits:

1. Payments received towards sale / reload of PPIs, including at agent locations
2. Refunds received for failed / disputed / returned / cancelled transactions.

Debits:

1. Payments to various merchant’s/service providers towards reimbursement of claims received from them
2. Payment to sponsor bank for processing funds transfer instructions received from PPI holders as permitted by RBI from time to time.
3. Payment towards applicable Government taxes (received along with PPI sale/reload amount from the buyers)
4. Refunds towards cancellation of transactions in a PPI in case of PPIs loaded/reloaded erroneously or through fraudulent means (on the establishment of erroneous transfer /fraud). The funds have to be credited back to the same source from where these were received. These funds are not to be forfeited till the disposal of the case.
5. Any other payment due to the PPI issuer in the normal course of operating the PPI business (for instance, service charges, forfeited amount, commissions)
6. Any other debt as directed by the regulator/ courts/law enforcement agencies.

Thus, Online Payment Gateways in a simple layman language can include all entities that collect monies received from customers for payment to merchants using any electronic/online payment mode, for goods and services availed by them and subsequently facilitate the transfer of these monies to the merchants in final settlement of the obligations of the paying customers.

Conclusively one needs to acquire PCI-DSS VPAT (Vulnerability Penetration Acceptance Test) Certificate