Offline payments aggregators can’t store your debit, credit card details now
Offline payment aggregators such as those entities aggregating offline credit and debit card payments e.g swipes at physical merchant stores, will now be subject to the same government rules as applicable to online payment aggregators. Offline payments means those payments where both merchant and customers are present to do the transactions. These transactions include payment done face to face, in-proximity using NFC etc.
This was announced by Reserve Bank of India (RBI) Governor today. As per the announcement made, “Payment Aggregators (PAs) play an important role in the payments ecosystem and hence were brought under regulations in March 2020 and designated as Payment System Operators (PSOs). The current regulations are, however, applicable to PAs processing online or e-commerce transactions. These regulations do not cover offline PAs who handle proximity/face-to-face transactions and play a significant role in the spread of digital payments. Keeping in view the similar nature of activities undertaken by online and offline PAs, it is proposed to apply the current regulations to offline PAs as well. This measure is expected to bring in synergy in regulation covering activities and operations of PAs apart from convergence on standards of data collection and storage. Detailed instructions will be issued separately.”
Adhil Shetty, CEO, BankBazaar.com says, “The framework for online PSOs require them to exercise due diligence, put in place sound and responsive risk management practices for effective oversight, and manage the risks arising from such outsourcing of activities. Keeping in mind the similar nature of activities undertaken by online and offline PAs, these guidelines are now being extended to offline PAs as well. While the detailed instructions are still awaited, the expectation is that a common framework will bring about a convergence on standards of data collection and storage between activities and operations of online and offline PAs.”
While detailed instructions are awaited, this implies that such offline aggregators would now have to comply with the following:
1. Payment Aggregators shall not store the customer card credentials within their database or the server accessed by the merchant. They shall comply with data storage requirements as applicable to Payment System Operators (PSOs).
2. Payment Aggregators shall ensure that the extant instructions with regard to Merchant Discount Rate (MDR) are followed. Information on other charges such as convenience fee, handling fee, etc., if any, being levied shall also be displayed upfront by the Payment Aggregators.
3. Payment Aggregators shall not place limits on transaction amount for a particular payment mode. The responsibility therefor shall lie with the issuing bank / entity; for instance, the card issuing bank shall be responsible for placing amount limits on cards issued by it based on the customer’s credit worthiness, spending nature, profile, etc.
4. Payment Aggregators shall not give an option for ATM PIN as a factor of authentication for card-not-present transactions.
5. All refunds shall be made to the original method of payment unless specifically agreed by the customer to credit to an alternate mode.
6. They will put in place a formal, publicly disclosed customer grievance redressal and dispute management framework, including designating a nodal officer to handle the customer complaints/grievances and the escalation matrix.
7. They shall appoint a Nodal Officer responsible for regulatory and customer grievance handling functions.
8. They shall have a dispute resolution mechanism binding on all the participants which shall contain transaction life cycle, detailed explanation of types of disputes, process of dealing with them, compliance, responsibilities of all the parties, documentation, reason codes, procedure for addressing the grievance, turn-around-time for each stage, etc.
Images are for reference only.Images and contents gathered automatic from google or 3rd party sources.All rights on the images and contents are with their legal original owners.