Payment Aggregator License

Need to simplify online payments for your customers? Ask Enterslice how a Payment Aggregator License can benefit your business today!

100000 + Happy Customer

100000 +

Happy Customer

50000 + CA & Lawyers

50000 +

CA & Lawyers

50 + Offices

50 +

Offices

Rated at 4.9 By 30000 + Customers Globally

Google Reviews

9,500+ Happy Reviews4.8/5 | 9,500+ Happy Reviews

REQUEST A CALL BACK

Rated at 4.8 Rated at 4.8/5 9,500+ Happy Reviews

Overview of Payment Aggregator License in India

The payment aggregator license in India is granted to facilitate online transactions among the customers and merchant legal entities registered under the Companies Act of 2013. The issue of payment aggregator licenses in India simplifies and transforms the payment structure of merchant businesses.

The issue of payment aggregator licenses in India is regulated under the RBI guidelines, which detail provisions for controlling the overall procedure, pre-requisites, charges, capital requirements, customer grievance cell, security, and fraud protection framework for obtaining payment aggregator licenses in India.

Who are Payment Aggregators?

Payment Aggregator, also known as Merchant Aggregator, is a service provider through which payments can be made using mobile devices and e-commerce merchants can process payment transactions. An aggregator permits a merchant to accept card payments and bank transfers without opening a bank account with a bank or a credit card association.

Merchant aggregators provide an easy and cheap way of accepting payments that can help a small business get off the ground quicker. One of the sole purposes of a payment aggregator is to provide a streamlined payment solution that is a shortcut to traditional payment methods. Payment aggregators include payment gateways, whereas payment gateways cannot include payment aggregators.

As per the recent report, the payment aggregator market in India, valued at 9.5 trillion INR, is projected to increase 2.4 times due to high-value transactions. It is anticipated that there will be a 19% compound annual growth rate over the next five years, leading to a total of 22.6 trillion INR by the financial year 2025.

Key Features of Payment Aggregators

The payment process plays a crucial role in buyers' online shopping experience. This turns a payment aggregator into a crucial tool for companies, allowing them to craft a smooth payment experience for their clients. Payment aggregators also allow customers to utilise various payment options and have a smooth checkout process. Let us discuss the key features in detail:

1. Onboarding, Integration & Merchant Account

In e-commerce, companies occasionally collaborate to offer services. Imagine a financial management platform accommodating multiple asset management firms (AMCs). For the end user to invest, the portal must offer the option to make payments to the AMCs.

By collaborating with a payment aggregator, you can include sub-merchants by inputting their name and email or providing them with a referral link from your dashboard. Partners have the option to bring on sub-merchants using APIs as well. Sub-merchants can finish the KYC process directly through the partner's dashboard.

2. Safe Payment Processing

Highly sensitive payment information must be handled with the utmost care. Compromising this information can lead to severe outcomes for your Company. To make sure about information security, payment aggregators:

  • Investment in the highest quality infrastructure;
  • Don’t store any sensitive info
  • Tokenise digital card numbers to prevent any leakage

3. Fraud Detection & Prevention

If a business or individual falls victim to sharing account information and passwords due to a scam, they risk losing their money. To address this issue, the payment aggregator guidelines provided below are adhered to:

  • Payment aggregators study the payment activities of clients as well as previously detected fraud activities.
  • They use machine learning to identify patterns in client transactions and detect common characteristics of fraudulent transactions.

4. Municipality of Payment Options

Limited payment options will obstruct a customer's payment process. You can integrate with a payment aggregator to receive payments through various methods, including credit cards, debit cards, pay-later options, and EMIs on cards.

5. Customer Support

Payment aggregators dedicate significant resources to customer support teams skilled at addressing different types of issues and obstacles faced by customers. Certain users may require monitoring the status of payments or revisiting historical payment records.

Types of Payment Aggregators in India

The different types of payment aggregators are authorised to be registered under the regulations laid out by the Reserve Bank of India. Consider the following categories that fall under the ambit of payment aggregators in India:

1. Bank Payment Aggregators

Earlier, only banks used payment aggregators by employing diverse payment methods like Razorpay, PayU, Billdesk, etc. The banks hold the authority over bank payment aggregator licensing irrespective of the RBI’s authority.

2. Third-Party Payment Aggregators

Third-party payment aggregators are non-bank payment aggregators which require approval from the Reserve Bank of India. PayPal, Stripe, and GooglePay are some of the widely used third-party payment aggregators.

Business Eligible for Payment Aggregator License in India

The Reserve Bank of India regulates specific business entities to issue their payment aggregator license in India. E-commerce, small and medium-sized, mobile-wallet providers, subscription-based, non-profit, event, digital content-creating, online travel agencies, ticketing, software, and technology companies are some of the leading business enterprises eligible to apply for a payment aggregator license in India.

Documentation for Payment Aggregator License

There are certain essential documents needed for obtaining the payment aggregator license in India. Consider the following documents necessary for successfully registering and obtaining a payment aggregator license in India.

  • Certificate of incorporation of Company received from Registrar of Companies (ROC);
  • Company incorporation documents like memorandum and articles of association;
  • Copy of the formal board resolution authorizing the issue of payment aggregator license;
  • PAN Card or Address proof of the directors of the company;
  • DSC and DIN number of the directors of the company issuing payment aggregator license;
  • Address proof of the business location;
  • Details of the bank account of the company;
  • Preparation of KYC documents;
  • NBFC Business Plan
  • of the company for five years;
  • Code testing report by a software agency;
  • The detailed structure of the ownership and shareholding status of the company obtaining payment aggregator license;
  • Technology infrastructure details of the company;
  • Compliance and anti-money laundering policies;
  • Copy of the partnership agreement (if any).

Basic IT Requirements for Payment Aggregator License

The businesses are required to adhere to specific IT security measures before applying for the payment aggregator license in India. The ultimate need to comply with the security mandates is ensured through the establishment of a secured foundation for carrying out business activities. The following is the list of recommended IT security measures to be adopted by the Payment Aggregators are as follows:

1. Information Security Governance

The organizations shall carry out a comprehensive study of security risk assessment of their people, IT, and business process environment. It must also identify risk exposures with remedial measures and residual risks. Reports on the risk assessment, security audit reports, security compliance posture, and security incidents shall be presented to the Board by the entities.

2. Data Security Standards

Data security standards like PCI-DSS, PA-DSS also the latest encryption standards, and Transport Channel Security, etc. shall be put into practice for obtaining an aggregator payment license in India.

3. Merchant Onboarding

The organizations shall undertake detailed security assessments during the merchant onboarding process to ensure that these minimal baseline security controls are followed by the merchants.

4. Security Incident Reporting

The entities need to report security incidents or any type of breach in cardholders’ data within a time frame of 2-6 hours to RBI. Monthly reports related to cyber security incidents and also preventive actions are to be submitted to RBI.

5. Cyber Security Audit and Reports

Entities like banks and third-party aggregators must quarterly submit their internal annual and external audit reports to the IT Committee established for the purpose.

6. Risk Assessment

The risk assessment must identify the threat or vulnerability combinations and the likelihood of impact on the confidentiality, availability, or integrity of that asset from a business, compliance, and contractual perspective.

7. Access to Application

For administering an application system, the procedures shall be Documented which shall be approved by the application owner and must be kept up to date. The principle of least privilege and need to know will commensurately job responsibilities while accessing the application.

8. Competency of IT Staff

The resources must be trained with IT skills, and a periodic assessment of training requirements must be conducted for them.

9. Cryptographic Requirement

Merchant Aggregators shall select encryption algorithms as per the international standards and which have been subjected to rigorous examination by an international community of cryptographers or approved by authoritative professional bodies, reputable security vendors, or government agencies.

10. Forensic Readiness

All security events from Payment Aggregator’s infrastructure including application, servers, middleware, network, endpoint authentication events, web services, database, cryptographic events, and log files shall be collected, investigated, and analyzed for the proactive identification of security alerts.

11. Data Sovereignty

The Payment Aggregators shall take preventive measures to ensure storing data in an infrastructure that does not belong to external jurisdictions. Appropriate controls shall be considered to prevent unauthorized access to the data.

12. Data Security in Outsourcing

An outsourcing agreement shall be prepared to provide the ‘right to audit’ clause to enable Payment Aggregators or their appointed agencies and regulators to conduct Security audits. Alternatively, the third party needs to submit an annual independent security audit report to the Payment Aggregators.

13. Payment Application Security

Payment applications will be developed as per PA-DSS guidelines and must comply with the specified guidelines. Payment Aggregators must review the PCI-DSS compliance status as part of their merchant onboarding process.

14. Security Incident Reporting

Cyber Security incidents shall be reported by the Payment Aggregators to the regulator within 2-6 hours duration. Payment Aggregators must have an agreement with the merchants on security incident reporting.

Process for Obtaining Payment Aggregator License in India

The process of obtaining a payment aggregator license involves extensive research, compliance preparation, submission of documents, undergoing regulatory review, demonstrating ongoing compliance, and ultimately obtaining the license with the help of legal experts and following changing regulations for a successful result.

There are certain processes for obtaining a payment aggregator license mentioned below for your better understanding:

1. Setting up under the Companies Act, 2013

If your company is willing to operate as a payment aggregator must be incorporated under the provision of this Act. It is considered to be the first legal step to structuring your organization.

2. Authorisation from RBI under the PSS Act

If your organization is looking to work as payment aggregators then you need to obtain permission from the RBI under the Payment & Settlement Systems Act. This authorization is a basic necessity to participate in payment aggregator activities.

3. Capital Adequacy

Organizations looking to obtain a payment aggregator license must fulfill a minimum capital requirement of Rs. 15 crores. It is important to mention that the minimum capital needed must be raised to Rs. 25 crores within three years of starting operations. Sufficient financial stability is crucial for ensuring the long-term viability and dependability of payment aggregator services

4. Mechanism for Anti-Money Laundering

Your organization also needs to establish a strong mechanism to fight against money laundering activities and other cyber frauds. It will also cover effective policies and procedures to prevent and detect money laundering

Simply, the payment aggregators are necessarily required to duly register for the KYC and AML to avoid money laundering fraud in the payment structure of the business.

5. Nomination of Nodal Officers

Payment aggregators need to nominate a nodal officer held responsible for client redressal and framework for dispute management. The officer plays a major role in addressing customer issues and making sure of efficient dispute resolution mechanisms.

Post-Licensing Compliances

Payment Aggregators must submit reports on an annual, monthly, or quarterly basis which is explained below:

1. Annual Report

The audited annual report must be attached with a CA certificate on Networth by the due date of 30th September. The Audit Report and Cyber Security Audit Report are noted with observations, including corrective or preventive action planned, and must be audited externally by the due date of 31st May, along with the Networth Certificate as of 30th September for an unaudited self-declaration basis.

2. Quarterly Report

The Auditors’ Certificate on Escrow Balance must be reported by the due date of the 15th of the month following the quarter's end and the Bankers’ Certificate on Escrow Account Debits and Credits must be internally audited by the due date of the 15th of the month following the quarter end. For marketplaces, the auditor's certificate on nodal accounts must be issued by the 15th of the month following quarter-end and the Customer Grievances Report needs to be filed by the 15th of the month following the quarter-end. Lastly, the Cyber Security Audit Report which is internally audited must be filed by the 15th of the month following the quarter-end.

3. Monthly Report

The monthly reports comprise the statistics of the transactions by the due date of the 7th of next month and a report of fraud to be filed by the due date of the 7th of next month. Also, the Cyber Security Incident Reports, with complete root cause analysis must be filed by the due date of the 7th of next month.

4. Non-periodic Reports

The non-periodic reports including one-time technical audits are necessarily required to be filed to record any major changes about to be made in the existence of the Board of Directors of the Company.

5. Security Incident Reporting

The payment aggregators in India hold a strong security mechanism for analyzing and reporting security incidents, breaches, or unauthorized access to secure timely actions.

6. Penalty for Non-Compliance

Under the provision of the PSS Act, businesses or individuals acting as a payment aggregator without any necessary approval from RBI will attract penalties. It can be rightly to say that the guidelines of RBI need to be followed.

What are the Benefits of Obtaining a Payment Aggregator License?

Obtaining a payment aggregator license simplifies online transactions by combining different payment methods into a single platform, providing fast setup, improved security, and a variety of payment choices.

They simplify processes, lower expenses, and enhance customer satisfaction, enabling business growth and offering important data analysis. These are the benefits mentioned below for a better insight enjoyed through obtaining a payment aggregator license in India:

  • It becomes a bridge between the consumers on one end and merchants on the other end.
  • Generation of settlement on one end and merchants on the other end.
  • Role of processing and completion of the payment transactions.
  • It is a cost-effective and efficient approach for a large volume of smaller transactions.
  • The application process is very simple, which helps small businesses to function easily.
  • Setting up a payment aggregator is a quick and easy process. All it takes is signing up to process an e-Commerce payment. It creates opportunities for more talents to enter the market and also gives consumers more options to buy.
  • The payment aggregator tends to provide a proposal for online transaction processing, with minimal or no startup fees and fixed costs.

What are the Risks Associated with Payment Aggregation?

The activities of payment aggregators in online transactions consist of risks, which are as follows:

  • Organizations may be a source of risk in such a technology and customer-experience-intensive business if they have insufficient governance practices which may affect the customer confidence and experience.
  • The lack of proper redress mechanisms and uniformity in practice across the entities is also a matter of concern.
  • An aggregator is also at risk of some transaction fraud or chargeback which is associated with its sub-merchants
  • Some e-commerce marketplaces offer payment aggregation services, which do not come under the direct regulatory ambit of RBI, which can be a huge concern for the aggregators. Hence, it can be charged under double regulation.
  • The payment aggregators also handle sensitive customer data. Managing data privacy and customer data can be a big task for aggregators. If the aggregators cannot manage the data, it can cause a risk of data loss and breach of privacy.

Comparison between Payment Aggregator and Payment Gateway

A payment aggregator simplifies the process of accepting payments for merchants by combining multiple merchant accounts and payment methods into one setup, removing businesses' need to maintain separate setups for payment acceptance.

Whereas a payment gateway is a system that gathers, authenticates, and conducts fraud checks on customer's credit card details before transmitting them to the payment processor. There are some differences between payment gateway & payment aggregator based on certain pointers mentioned below:

1. Payment Options

Payment aggregator allows multiple payment options whereas the payment gateway allows specific payment options or even restricts them.

2. Small Business

Payment gateways can use payment aggregators to be able to provide services to small businesses whereas payment gateway levy transaction fees are too high & complex.

3. Based on Role

Payment aggregators act as interface whereas the payment gateway acts as an intermediary

4. Touchpoint Digitised

Payment aggregator provides offline and online touchpoints whereas the payment gateway provides online touch points including apps or websites.

5. Payment Success Rate

Payment aggregators have significantly higher payment success rates whereas payment gateway can manage any.

6. Ownership

Payment aggregators are owned by the fintech companies whereas the payment gateway can be owned by private & public bank merchants, vendors & payment aggregators.

7. Permissions

Payment aggregators require and requisite certification as per the payment card industry data security standard (PCI-DSS) whereas payment gateway requires RBI authorization under the Payment & Settlement Systems Act, 2007 (PSSA).

Why Choose Enterslice Services?

Enterslice is a consultancy company that focuses on business formation, meeting regulatory requirements, and offering financial advice. One of their areas of specialization involves helping businesses acquire different financial licenses, such as Payment Aggregator Licenses in India.

Our services are dedicated to securing the Payment Aggregator and Payment Gateway Compliances. Here is a detailed outline of how Enterslice can assist a company in acquiring a Payment Aggregator License mentioned below:

1. Comprehend Requirement

We will initially assist the business in comprehending the guidelines established by the Reserve Bank of India for acquiring a payment aggregator license. This involves knowing the requirements for eligibility, essential infrastructure, and compliance requirements.

2. Document Preparation

We will help with compiling and organizing all necessary paperwork. This entails the business strategy, system guidelines, leadership biographies, technology structure, and any other paperwork needed by the RBI.

3. Filing the Application

We will help complete the application form and make sure all information is accurately and thoroughly included. Also, we will make sure that all necessary documents are properly included.

4. Compliance & Laison with RBI

After submission, we may serve as an intermediary between the RBI and the business, managing inquiries and any further information or documentation requests from the RBI.

5. Operational Setup

After the approval of the payment aggregator license, we could assist in establishing operations following RBI regulations. This could involve helping with technology implementation, configuring payment gateways, and linking with banks and financial institutions.

Frequently Asked Questions

To become a payment aggregator both bank and non-bank providers need to have RBI’s authorization, it must be a company registered in India and will have to localize payment data, having a net worth capital of Rs. 15 crores.

A payment aggregator is a service provider through which mobile payments and e-commerce merchants can process payment transactions. An aggregator allows a merchant to accept card payments and bank transfers without opening a merchant account in the bank or credit card association.

Payment aggregators keep an entity’s money just like a bank account. The money in the account can be used for business purposes like purchasing or selling and deduction/addition is made like a general ledger. Some aggregators also provide withdrawal facilities from the ATMs.

Aggregators permit merchants to accept credit card and bank transfers. Payment Aggregator provides the means for facilitating payment from the consumer through credit cards. An aggregator works as a third party in processing the credit card payments.

Yes, PayPal is a payment aggregator.

In banking, aggregator acts as a third party, in transactions between customers and merchants.

Different types of payment gateways are CC Avenue, CashFree, PayUbiz, PayUMoney, Instamojo, Paytm, and Mobikwik.

First of all, a payment gateway business has to register its business in India. Apply for the Merchant Service Provider or Payment Facilitator. Follow compliance set by PCI DSS.

A payment gateway works for the consumer or merchant in the following ways through Customer Redirect on the payment gateway checkout. Pay the specific amount and enter the credential details. The amount gets credited into the payment gateway merchant database. The payment gateway automatically releases the payment within some business days or according to policies.

Payment aggregator is a blessing for small businesses: Payment gateways can quickly access small businesses once they incorporate with payment aggregators. Merchant aggregators are cost-effective for micro-transactions.

If you are a merchant and want to expand your business by using all modes of online payments and credit card payments with minimal hassle and within a short period, then a payment aggregator is the best choice.

Related Services

Our Awards Our Awards

Top 100 Companies in Asia - Red Herring
Top 100 Companies in Asia - Red Herring

Red Herring Top 100 Asia enlists outstanding entrepreneurs and promising companies. It selects the award winners from approximately 2000 privately financed companies each year in the Asia. Since 1996, Red Herring has kept tabs on these up-and-comers. Red Herring editors were among the first to recognize that companies such as Google, Facebook, Kakao, Alibaba, Twitter, Rakuten, Salesforce.com, Xiaomi and YouTube would change the way we live and work.

Top 25 in India - Consultants Review

Researchers have found out that organization using new technologies in their accounting and tax have better productivity as compared to those using the traditional methods. Complying with the recent technological trends in the accounting industry, Enterslice was formed to focus on the emerging start up companies and bring innovation in their traditional Chartered Accountants & Legal profession services, disrupt traditional Chartered Accountants practice mechanism & Lawyers.

Top 25 in India - Consultants Review

We partner with more than 100+ companies

-- Testimonials

Don't take our word for it

In the news

Get Started Live Chat