Guidelines on Regulation of Payment Aggregators

Guidelines on Regulation of Payment Aggregators and Payment Gateways- Notification dated March 31, 2021

We invite a reference to our circular DPSS.CO.PD.No.1810/02.14.008/2019-20 dated March 17, 2020 (as updated from time to time) and the clarification dated September 17, 2020 issued on the subject (Annex). Accordingly, neither the authorised Payment Aggregators (PAs) nor the merchants on-boarded by them can store customer card credentials within their database or server.

2. Based on the representations received from the industry seeking additional time for implementing the above instructions, it has been decided, as a one-time measure, to extend the timeline for non-bank PAs by six months, i.e., till December 31, 2021, to enable the payment system providers and participants to put in place workable solutions, such as tokenisation, within the framework set out in the circular dated March 17, 2020 cited above and our circular DPSS.CO.PD No.1463/02.14.003/2018-19 dated January 08, 2019 on “Tokenisation – Card transactions”. All other provisions of the circular dated March 17, 2020 referred to above, shall remain unchanged.

3. This directive is issued under Section 10 (2) read with Section 18 of Payment and Settlement Systems Act, 2007 (Act 51 of 2007).

Go To Annexure

Read More on Reserve Bank of India