Payment aggregators now have more time to apply for licence

Companies, whose applications were rejected over failure to meet the minimum net worth criteria, can now reapply to the RBI by September 30, 2022.

The Reserve Bank of India (RBI) has announced the reopening of the window for payment aggregators (PAs) whose licence applications were returned after they failed to meet the eligibility criteria.  

The aspirants whose licence applications were returned can continue their operations until they receive word from the RBI.

About 180 firms, including PhonePe, Cred, Razorpay, Pine Labs, BillDesk, Paytm, and Juspay, had applied for payment aggregator licences last year. The RBI had rejected some as they did not comply with one of the critical criteria of having a minimum net worth of Rs 15 crore by March 31, 2021. This implied that they would have to discontinue their operations within a period of six months from the date of return of the application. 

“Though they have the option to apply afresh, on meeting the prescribed criteria, ceasing operations may lead to disruption in payment systems. It is also possible that some PAs had not applied to RBI due to non-fulfilment of eligibility criteria,” the regulator observed. 

Hence, keeping in view the “disruption caused by the COVID-19 pandemic and to ensure smooth functioning of the payments ecosystem,” it has been decided to allow another window to all such PAs to apply to the RBI by September 30, 2022 and they must have a net worth of Rs 15 crore as on March 31, 2022. 

“They shall be permitted to continue their operations till they receive communication from RBI regarding the fate of their application. The timeline of March 31, 2023 for achieving the net worth of Rs 25 crore shall, however, remain,” the regulator said in a statement. 

According to a source, the licence of Mobikwik’s payment gateway Zaakpay was denied, while Razorpay, Stripe, Pine Labs and 1Pay have received the approval. More announcement are to be made in the near future. 

Multiple online payment gateways seeking licence came under the intense scrutiny of the central bank for know-your-customer (KYC) related issues, past dealings with cryptocurrency exchanges and gaming apps, and for not complying with the net worth criteria.

The Economic Times had reported that payment aggregator Cashfree Payments too had been questioned regarding its KYC standards and business modules. 

“We would like to state that Cashfree Payments has not come under any scanner by RBI. Our interaction with the regulator has been positive. Cashfree Payments has zero exposure or relations with crypto exchanges,” the company had clarified.  

Payment aggregators are entities that enable merchants/ecommerce sites to accept various payment instruments from customers, without the need for the former to create a separate integration system of their own.

In 2020, the RBI had issued guidelines that said only firms approved by the regulator can acquire and offer payment services to the merchants. The initial deadline to apply for the licence was June 2021, which was later extended to September 2021. 

Card storage rules relaxed

The central bank has also revised its card storage norms that disallowed non-banks from storing card information. New rules now allow merchants or payment aggregators to save card data for a maximum period of four days from the transaction data or till the settlement date, whichever is earlier.

The data shall be used only for settlement of such transactions and must be purged thereafter.

“For ease of transition to an alternate system in respect of transactions where cardholders decide to enter the card details manually at the time of undertaking the transaction (commonly referred to as 'guest checkout transactions'), the following are being permitted as an interim measure,” said the RBI.

While tokenisation is a solution for customers, ecommerce websites will have to temporarily store numbers for customers who decide to enter card details manually during checkout. Last month, the central bank had extended the card tokenisation and card storage deadline to September 30, 2022.

Besides merchants and payment aggregators, acquiring banks can continue to store card-on-file data until January 31, 2023, for handling other post-transaction activities.

“Appropriate penal action, including imposition of business restrictions, shall be considered by the RBI in case of any non-compliance," said the RBI.

However, the central bank stuck to its previous order, directing all stakeholders, except card issuers and card networks, to purge all card-on-file data by October 1, 2022.