What is a payment gateway license and how does it work?
An overview on payment gateway license:-
As we all are aware of the fact that popularity of online shopping in the world has increased immensely due to the benefits of ease and flexibility offered by this platform. The term Payment Gateway denotes a financial service that is provided by way of an e-commerce application service provider. However, to start a Payment Gateway service, one needs to obtain Payment Gateway License from the license authority.
Concept of payment gateway:-
The term Payment Gateway means an intermediary, which works between the website that facilitates communication concerning transaction and the banks. That means it generates information from the respective buyer bank and supplies the same transaction information to the receiving bank, after that it notes the feedback as to whether the said transaction has been duly approved or declined.
- Benefits of Obtaining Payment Gateway License:-
PCI – DSS Wallet
The PCI – DSS Wallet compliance provides security to the users of the application by securing their personal data in the portal or gateway for recurring payments.For example, an individual who is a regular customer on the Amazon Application can save his/ her bank account details on it or on its official website, and the gateway safeguards the same from every sort of cyber security threat.
- White Label Wallet
It shall be noted that some of the payment gateways permit customers to make digital transactions from the mobile wallet applications. It is the latest trend, as it allows the users to carry all their operations and transactions from one place.Further, one can easily transfer the amount from the bank account to his/ her mobile wallet application, and can then use the same for making payments on other mobile applications or websites.
- Fraud Screening Tools
Some of the payment gateways gives their customer the benefit of FST (Fraud Screening Tools) for the purpose of reducing the risk of losing personal data.The term Fraud Screening Tools comprises of the CCV (Card Code Value), AVS (Address Verification Service), and CVV (Card Verification Value).Further, it shall be noted that the primary objective of these tools is to confirm that there is no fraudulent transaction going on.
Also, another significant benefit of a payment gateway is that it permits transactions and dealings from multiple users that, too at the same time. This itself makes the same feasible for a customer to buy or sell goods & services whenever he or she wants.
How Does a Payment Gateway Operate:-
Once a customer has placed his/ her order from an online website, then, there are a series of operations that are carried out by the Payment Gateway which are explained as follows:
In the first step, the browser used by the user encrypts the information that has to be sent to the respective vendor’s server. After that, the payment gateway then transmits the transaction data to the specified payment processor.
- Request For Authorisation
Once the data is successfully received by the payment processor, it then transmits the same to the respective card association.
Further, the Bank that has issued the payment card checks the transaction at this point and then denies or agrees it, accordingly.
- Filing Of The Order
If the respective bank agrees to the transaction made, then, the authorization concerning to the customer and the merchant is further forwarded to the main processor of the Payment Gateway.
Once the response from the main processor is duly received, the same is further transmitted to the portal for the processing of the payment.
In this way the information and data is interpreted and the payment is made. The entire procedure of making payment takes around a time of a few seconds.
Additional Facilities Offered by Payment Gateways
Besides providing the facility of quick payments, the additional facilities offered by Payment Gateways are as follows:
- Delivery Address Verification;
- Advanced Visual System Checks;
- Computer Finger Printing Technology;
- Velocity Pattern Analysis;
- Identity Morphing Detection;
- Calculation of the Tax for Authorization of Request forwarded to the respective Processor;
Major Components of Payment Gateway
The major components of a Payment Gateway are as follows:
- Merchant Agreement
The term Merchant Agreement denotes a contract between the business and the respective payment service provider. Further, each of the party that is engaged in the online transactions is directed by the prescribed roles, responsibilities and the rules that have been specified under this agreement, in relation to the acceptance of payment, authorisation, processing & settlement.
- Secured Electronic Transaction
The Secured Electronic Transactions (SET) are provided by the main payment providers of the electronic transactions, such as Visa and MasterCard.
Further, the customers that are protected through SET, as the same allows the merchants to cross check the payment information, that, too, without actually seeing it. Also, the information and details mentioned on the card is straightaway received by the card issuer for the purpose of verification.
Basic Requirements of Payment Gateway License
The basic requirements of Payment Gateway License:-
- The said entity or company must be incorporated under the provisions of the Companies Act 2013 or the Companies Act 1956;
- A Minimum of 2 Members;
- A Minimum of 2 Directors;
- Address Proof of the Business;
- 5 years Business Plan;
- PAN of the Company;
- Current Bank Account details of the Company;
- System Flow & Code Testing Report by the Software Certifying Agency;
- Service Tax Registration Number;
- Compliance with the PCI DSS;
Capital Requirements of Payment Gateway License
The capital requirements of Payment Gateway License in India are as follows:
- It shall be noted that only the Non Banking Financial Companies (NBFCs) and the schedule banks need to comply with the Capital Adequacy Requirements prescribed by the Reserve Bank of India. Also, only these will be permitted to issue the prepaid payment instruments;
- All the entities that are authorized under the provisions of the Foreign Exchange Management Act 1999 (FEMA) to issue the foreign exchange PPI (Prepaid Payment Instrument) are relieved from the scope of RBI guidelines. Further, the use of such instruments will be restricted to the permissible current account dealing and transactions, and are subject to the prescribed restrictions under the provisions of the Foreign Exchange Management (Current Account Transactions) Rules 2000, as amended from time to time;
Documents Needed for Payment Gateway License:-
The documents needed for obtaining Payment Gateway License in India are as follows:
- A copy of the issued Certificate of Incorporation (COI) to the Company by the Registrar of Companies (ROC);
- Details of PAN Card of the Directors;
- Address Proof of the Directors;
- Digital Signature Certificate (DSC) of the Directors;
- Director Identification Number (DIN) of the Directors;
- Registered Office’s Address Proof;
- Comprehensive Details of the Company’s Current Bank Account;
- Business Plan of the Company for the Next Five Financial Years;
- Report regarding the Testing Code by a Software Agency;
Registration Procedure for Obtaining Payment Gateway License :-
The steps involved in the Registration Procedure for obtaining Payment Gateway License in India are as follows:
- File Application For Registration
In the first step, the applicant needs to file an application for authorisation in the prescribed Form A. The same is done based on the provisions of section 5(1) of the PSS Act.
Further, the said application will be made to the “Chief General Manager” of the “Department of Payment & Settlement Systems” at the Central Offices of the Reserve Bank of India at Mumbai, or at other offices of the RBI, as may be prescribed by it from time to time.
- Compliance Of Conditions For Authorization
The Reserve Bank of India will take the conditions as follows into the account prior to issuing the authorization:
a) The necessity for the proposal payment mechanism or the services that have been declared to be undertaken by it;
b) All the technical standards that have been decided for the payment mechanism or the structure of the decided payment system;
c) The terms and conditions, inclusive of the security procedure, for the operation of the proposed payment system;
d) The method in which the assignment is done in the provided payment system;
e) The manner or the way for getting of payment instructions that will affect the payment conditions under the payment system;
f) The overall management’s financial status, experience, and the integrity of the applicant;
g) The terms & conditions that govern and regulate the relationship of the customers with the respective payment providers;
h) The credit & monetary policies;
i) Time frame for authorization;
- Issuance Of Authorization Certificate
If the Reserve Bank of India (RBI) is satisfied that all the requirements laid down in section 7(1) are duly fulfilled, it may issue the Authorization Certificate in Form ‘B’ for commencing and carrying on a payment system to the applicant. Further, the authorization will take effect from the date as mentioned by the RBI and as per the conditions that have been imposed by the RBI.
- Authorization Within 6 Months
Based on the provision of section 4 of the Payment and Settlement System Act 2007, the Reserve Bank of India is needed to process the application filed for authorization at the earliest, with a maximum time frame of six months, starting from the date on which the said application for the authorization has been filed.
IT Requirements for Obtaining Payment Gateway License:-
The different IT Requirements for obtaining Payment Gateway License in India are as follows:
- Information Security Governance;
- Data Security Standards;
- Security Incident Reporting;
- Merchant On-boarding;
- Cyber Security Audit & Reports;
- Staff Competency;
- Vendor Risk Assessment;
- Maturity & Roadmap;
- Cryptographic Requirement;
- Data Sovereignty;
- Data Security in Outsourcing;
- Payment Application Security;