Payment gateway License

Payment gateway License


A service providing entities that play the role of intermediate between banks and websites facilitating the communication of transaction information is known as payment gateway.  They conceive information from the payer bank and take the information to the receiving banks and take care of their input, i.e. whether the transaction is accepted or not

As per RBI guideline Payment gateway are entities that provide technology infrastructure to route and facilitate the processing of an online payment transaction without any involvement in the handling of funds


Applicability of guideline

The issued guideline is applicable on all payment gateways may also adopt technology-related recommendation as follow:

          Security-related recommendation:

  1.  Information Security Governance: In order to recognize risk exposures with remedial steps and residual risks, the entities shall carry out a comprehensive security risk assessment of their people, IT, business process environment, etc. This may be an internal security audit or an external security audit carried out by an independent security auditor or an impaneled auditor of CERT.
  2. Data security standards: Data security standards and best practices, like PCI-DSS, PA-DSS, latest encryption standards, protection of transport channels, etc.
  3. Reporting of security incidents: The entities shall report to RBI security incidents/cardholder data breaches within the specified timeframe. Monthly records of information security incidents shall be sent to RBI with root cause analysis and preventive measures undertaken.
  4. Merchant Onboarding: The agencies conduct a thorough safety review during the merchant onboarding process to ensure that the merchants conform to these minimum baseline security controls.
  5.  Cyber Security Audit and Reports: The entities shall carry out and submit to the IT Committee quarterly internal and annual external audit reports; bi-annual Vulnerability Assessment / Penetration Test (VAPT) reports; PCI-DSS including Attestation of Compliance (AOC) and Report of Compliance (ROC) compliance report with observations noted if any including corrective/preventive actions planned with action closure date; inventory of applications which store or process or transmit customer sensitive data; PA-DSS compliance status of payment applications which stores or processes cardholder data.

Others provided in annexure 2 of guideline

Other recommendations

  1. The credentials of the customer card shall not be kept in the merchant's database or server.
  2.  No choice shall be given for ATM PIN as an authentication factor for card transactions that are not present.
  3. Instructions concerning the handling of payment system data shall apply as applicable to PSOs.
  4. All refunds shall be made to the original payment system unless the consumer has expressly agreed to reimburse an alternate mode.

Capital Requirement

Capital Requirement

Existing Payment Aggregators shall achieve a net-worth of ₹15 crores by March 31, 2021, and a net-worth of ₹25 crores by the end of the third financial year, i.e., on or before March 31, 2023. All the time thereafter net-worth of ₹25 crores shall be maintained.




date/ Authorisation date

Due date

of Achieving

₹ 15 Cr. Net-worth

Due date

of Achieving

 â‚¹ 25 Cr. Net-worth

For Existing PAs

till 30/06/2021

31/03/2021 or  application  date whichever is earlier


Net worth consists of paid-up equity capital, preferred securities that are compulsorily convertible to equity, free reserves, balance in the share premium account and capital reserves representing surplus arising from the selling of assets but not reserves generated by the revaluation of assets adjusted for accrued loss balance, the book value of intangible assets and deferred revenue expenditure if any. Compulsorily convertible preferential shares can be either non-cumulative or cumulative and must be convertible into equity shares and the shareholder agreements will specifically prohibit any withdrawal of this preferential capital at any time.

Documents required for registration

Basic requirements for registration;

  1. Minimum two directors and two member
  2. Minimum capital requirement net-worth of 15 crores, which should be increased in 3 years to 25 crore
  3. Business address proof
  4. Detailed 5-year business plan
  5. System flow and code testing report by software certifying agency
  6. Payment aggregator organization should comply with PCI DSS compliances

Documents required:

  1. Company COI (certificate of incorporation)
  2. MOA & AOA (Memorandum and article of association)
  3. Business address proof
  4. Detailed 5 Years business plan
  5. PCI DSS certificate
  6. Proof of net worth
  7. Canceled cheque
  8. Bank statement of the last 12 months
  9. Last Audited Balance sheet of last 2 year (or since the business has been incorporated)
Author's Score
Up Votes
Down Votes
Voted on
1 articles

Comments on Payment gateway License, Fastest Growing Classifieds Marketplace, #1 Free Classifieds Marketplace
Payment gateway License, Payment gateway License,

Recent Articles

Expand your Apple Device’s Memory Capacity Today!Want to download more apps on your...
Why Safety Product is Our Top Priority?   Any type of packaging material or rolls of packaging that are...
The human body is largely comprised of water, and yet the quality of our drinking water is often not up to par...
If you are responsible for hiring the right talent for your organization, prioritize the need for the social media...
NUTRIFY MEALS makes macro-customisable and nutritious meals to help you reach your health and fitness goals. We...
Backpage EscortsEscorts Canada, TorontoEscorts VancouverEscorts CalgaryEscorts Ottawa

Copyrights © 2022 Voticle. All Rights Reserved.