PAYMENT GATEWAY LICENSE
A Payment Gateway License is an RBI-issued certification that allows the applicant to establish and run a payment gateway. A Payment Gateway, in simple terms, is a gate through which electronic transactions occur. It establishes a secure line between the customer and the seller. And then, it provides a confidential path through which the customer can enter their details and complete the transaction. Throughout this process, the payment gateway securely connects the customer’s digital payment wallets or bank accounts to the seller’s bank accounts, allowing the transaction to occur only then. Once the transaction is complete, the gateway takes its appropriate payment gateway charges in India.
How does the Payment Gateway work?
The payment gateway process takes place in three stages:
- Encryptionoccurs when the user enters his details at the payment gateway portal. That data is encrypted to protect it from prying eyes.
- Authorization: The encrypted data is then forwarded to the bank, which decrypts it with its private key to determine the correct details.
- Finalization:The payment gateway initiates the transaction process if the details are correct.
Components of Payment Gateway System
There are two components of an Online Payment Gateway:
- Merchant Agreement: Those with the Payment Gateway license RBI first get into an agreement with the merchant that uses the gateway.
- Secure Electronic Transactions: It’s a security system that verifies user information without peeking into it. In doing so, it authenticates the information without compromising the user’s Credit card/ debit card/ net banking information.
What is a Payment Gateway License?
This license is a registration certificate given by the RBI to propose Payment Gateway companies in India so that they can create and run a payment gateway. RBI promotes this license to:
- Promote secure online transactions
- Ensure that the payment gateway doesn’t compromise the personal data of the customers or the sellers
- Ensure that no data is vulnerable
- Ensure that no extra payment gateway charges in India are levied on the users
Types of Payment Gateway Providers in India
Following are the payment gateway providers for whom it’s mandatory to get the payment gateway license
- Second-party providers:The system setup cost to become a second-party provider is high, but the TDR (part of payment gateway charges) or Transaction Discount Rate is low, making it more lucrative.
- Third-party providers:The system setup cost to become a third-party provider is low, but the TDR is 2 to 4 percent.
Eligibility Criteria for Payment Gateway License in India
The following are the eligibility criteria to get the payment gateway license:
- The applicant must either be a private or a public limited company. Establishing a Payment Gateway without Company registration is not possible.
- The Company must have a PCI DSS certification.
- The net worth of the Company should be at least 15 Crore.
- The net worth should increase to INR 25 Crores within 3 years of operation.
- If the applicants are NBFCs or banks, then only those who adhere to the capital requirements specified by RBI are eligible for the payment gateway license.
- For entities with FEMA authorization, there is no minimum capital requirement for issuing foreign exchange PPIs. However, they would be limited to current permissible transactions.
Documents Required for Payment Gateway License in India
The following are the documents required for Payment Gateway registration:
- Certificate of Incorporation
- Pan card of all the Directors of the Company
- Digital Signature Certificate of the Directors of the Company
- Address proof of the Registered Address
- Details of the Bank Accounts of the Company
- Your Company’s business plan for the next 5 years
GST registration certificate: The software code of the payment gateway system and its testing report must be certified software testing agency. If you’re worried about the high Payment Gateway Registration fees, don’t be. If you’re opting to start a complex business encompassing such a wide demographic, you’d already be in capable hands with us.
Licensing Cost of a Payment Gateway License: At BRITSI, it’s our motto to minimize the extra professional payment gateway license RBI cost and maximize the input required for online payment gateway registration. So, if you want to start a payment gateway for India without worry, contact our experts. We make payment gateway registration in India easy.
Process of obtaining the Payment Gateway License in India
How to get a Payment Gateway license in India? Well, to make it easy to get a payment gateway license, India has formulated the following steps for the payment gateway registration process:
Step 1: Application Filing: Apply for a Payment Gateway license. File the payment gateway application via FORM-An addressed to the Chief Manager of the Department of PSS.
Step 2: Pay the Registration Fee: Don’t forget to pay the payment gateway registration cost along with the application.
Step 3: Application Assessment: Once you file a Payment Gateway license application, RBI will start its assessment. It will check the details you’ve mentioned in your applications.
Step 4: Application Scrutiny: Once RBI finds that you’ve provided the correct application, they start scrutinizing the application based on the following points:
- What technical standards are implemented in developing the proposed payment system?
- What security systems are implemented to conduct electronic transactions through your payment system?
- What is the method of transfer used in your payment system?
- What is the method of dispensing the payment instructions to the user, and how does it affect their payment obligations?
- How financially stable is the applicant?
- What are the terms and conditions to govern the relationship between the payment providers and the customers?
- What are the monetary and credit policies you’ve implemented?
- How long after the authorization can the applicant start conducting the payment gateway business?
Step 5: Grant of Certification: Once the RBI authorizes your application, it will send you the payment gateway certification for conducting payment gateway business in FORM B. Once the application is filed, the RBI will take 6 months to grant the payment gateway certificate unless there are issues with the application form.
Security-related Recommendations for the Payment Gateway License
The RBI has issued some important Security-related recommendations for the licensed Payment Gateway Systems that they must adhere to. Some of these recommendations are discussed in this article in the following subheadings.
Information Security Governance: The Payment Gateway Licensed System (PGS) must conduct a comprehensive security risk assessment of its people, IT, business process environment, etc. This assessment must be done to identify risk exposures with remedial measures and residual risks.
These security checks can be one of the following:
- Internal security audit:An annual security audit by an independent security auditor
- CERT-In impaneled auditor:The PGS must submit the reports on risk assessment, security compliance posture, security audit reports, and security incidents presented to the Board.
- Data Security Standards: The Payment Gateway Licensed System must implement the best data security standards and practices, such as:
- PCI-DSS
- PA-DSS
- Latest encryption standards
- Transport channel security
- Security Incident Reporting
The PGS must report security incidents or cardholder data breaches to the RBI within the stipulated timeframe. The PGS must also submit monthly cyber security incident reports with root cause analysis and preventive actions undertaken to the RBI.
Merchant Onboarding: The Payment License System must undertake a comprehensive security assessment during the merchant onboarding process to ensure the merchants adhere to these minimal baseline security controls.
Cyber Security Audit and Reports: The Payment Gateway Licensed System must carry out and submit the following to the IT Committee:
- Quarterly internal and annual external audit reports
- Bi-annual Vulnerability Assessment / Penetration Test (VAPT) reports
- PCI-DSS, including Attestation of Compliance (AOC)
- Report of Compliance (ROC) compliance report
- Along with the observations noted, if any, including corrective or preventive actions planned with an action closure date
Information Security: The Payment Gateway system must review the Board-approved information security policy annually. The security policy must consider aspects the following aspects:
- Objectives, scope, ownership, and responsibility for the policy
- Information security organizational structure
- Information security roles and responsibilities
- Maintenance of asset inventory and registers
- Data classification
- Authorization
- Exception
- Knowledge and skill sets required
- Periodic training and continuous professional education
- Compliance review and penal measures for non-compliance with policies
- IT Governance
The Payment License System must frame an IT policy for regular management of IT functions and ensure detailed documentation of procedures and guidelines is implemented. In addition, the strategic plan and policy must be reviewed annually.
Board-level IT Governance framework
Involvement of Board
The major role of the Board or the Top Management of the Payment License system must involve the following:
- Approving information security policies
- Establishing necessary organizational processes or functions for information security
- Providing necessary resources
IT Steering Committee
The Payment License system must create an IT Steering Committee with representations from various business functions as appropriate.
The Committee then must assist the Executive Management in implementing the IT strategy approved by the Board. Lastly, It must have well-defined objectives and actions.
Enterprise Information Model
The Payment License system must establish and maintain an enterprise information model to enable application development as well as decision-supporting activities consistent with the Board-approved IT strategy.
The model shall facilitate the optimal creation, use, and sharing of information by a business in a way that maintains integrity and is flexible, functional, timely, secure, and resilient to failure.
Cyber Crisis Management Plan
The Payment License system must also prepare a comprehensive Cyber Crisis Management Plan approved by the IT strategy committee. It must include components such as the following:
- Detection
- Containment
- Response
- Recovery
Our Assistance in getting the Payment Gateway License in India
We provide end-to-end Assistance for services related to Payment Gateway License:
- We file your application
- We accumulate your documents
- We conduct a thorough follow up
- We ensure that you get a Payment Gateway license on time
So, do you want to start a payment gateway in India? Get legally ready by obtaining a Payment Gateway license with our help.
FAQs about Payment Gateway License
What is a Payment Gateway License in India?
A Payment Gateway License is an RBI-issued certification that allows the applicant to establish and run a payment gateway.
What is a Payment Gateway in India?
A Payment Gateway, in simple terms, is a gate through which electronic transactions take place. It establishes a secure line between the customer and the seller.
How does a Payment Gateway work?
A Payment Gateway provides a confidential path through which the customer can enter their details and complete the transaction. Throughout this process, the payment gateway securely connects the customer’s digital payment wallets or bank accounts to the seller’s bank accounts, and only then it allow the transaction to take place.
Is there a payment gateway charge in India to be paid for using it?
The gateway takes its appropriate payment gateway charges in India once the transaction is complete.
Explain the working of a Payment Gateway system.
The payment gateway process takes place in three stages:
Encryption occurs when the user enters his details at the payment gateway portal. That data is encrypted to protect it from prying eyes.
Authorization: The encrypted data is then forwarded to the bank, which then decrypts it with their private key to find out whether the details are correct.
Finalization: If the details are correct, the payment gateway initiates the transaction process.
What are the components of a Payment Gateway System?
There are two components of an Online Payment Gateway:
Merchant Agreement: Those with the Payment Gateway license RBI first get into an agreement with the merchant that uses the gateway.
Secure Electronic Transactions: It’s a security system that verifies user information without peeking into it.
What are the objectives of a Payment Gateway system?
A Payment Gateway license is the registration certificate given by the Reserve Bank of India to companies that want to create and run a payment gateway. RBI promotes this license to:
- Promote secure online transactions
- Ensure that the payment gateway doesn’t compromise the personal data of the customers or the sellers
- Ensure that no data is vulnerable
- Ensure that no extra payment gateway charges in India are levied on the users
What are the kinds of Payment Gateway providers that require this license?
The following are the payment gateway providers for whom it’s mandatory to get the payment gateway license:
Second-party providers: The system setup cost to become a second-party provider is high, but the TDR (part of payment gateway charges) or Transaction Discount Rate is low, making it more lucrative.
Third-party providers: The system setup cost to become a third-party provider is low, but the TDR lies between 2 to 4 percent.
What makes one eligible for getting a Payment Gateway License in India?
Following are the eligibility criteria to get the payment gateway license:
- Must be a private or public limited company
- Must have a PCI DSS certification
- Net worth of at least 15 Crore
- Net worth requirement of INR 25 Crores within 3 years of operation
- Capital requirements specified by RBI for NBFCs or banks
- Limited to current permissible transactions for entities under FEMA
What must attachments with the license application for Payment Gateway be submitted to the RBI?
The following are the documents required for Payment Gateway registration:
- Certificate of Incorporation
- Pan Card of the directors
- Digital Signature Certificate of the directors
- Address proof
- Details of the bank accounts
- Business plan for the next 5 years
- GST registration certificate
- Software code of the gateway system
- Testing report by a testing agency
How to become a Payment Gateway service provider in India?
How to start a Payment Gateway business in India? In the effort to make it easy to get a payment gateway license, India has formulated the following steps for the payment gateway registration process:
- Application filing
- Paying the registration fee
- Application assessment
- Application Scrutiny: Once RBI finds that you’ve provided the correct application, they start scrutinizing it.
- Grant of Certification
How can BRITSI help you in getting the Payment Gateway License in India?
We provide end-to-end assistance for services related to Payment Gateway License:
- We file your application
- We accumulate your documents
- We conduct a thorough follow up
- We ensure that you get a Payment Gateway license on time.
What are payment gateway charges?
Payment Gateway charge or Payment Gateway price is the additional charge levied on the purchaser for using the gateway while he is transferring money to the online merchant for making a purchase.