In this article, Tushar Dey who is currently pursuing M.A. IN BUSINESS LAWS, from NUJS, Kolkata, discusses  Payment Gateway and the law in India.

INTRODUCTION

The world economy is becoming increasingly “electronic”, with more and more transactions occurring online and electronic payments increasing significantly to the extent that they are surpassing paper-based payment instruments. In addition, governments worldwide, particularly in India, are targeting electronic delivery of public services and banking activities. Also, the Internet is being tapped for servicing the rural populace due to significant cost benefits it provided and the reach that it affords. However, to facilitate increasing volumes, security and efficiency are essential and so is the required infrastructure and regulatory environment. An Internet E-Commerce Payment Gateway is thus a critical infrastructural component to ensure that such transactions occur without any hitches and in total security over electronic networks.

WHAT IS A PAYMENT GATEWAY

A payment gateway facilitates a payment transaction by the transfer of information between a payment portal (such as a website, mobile phone or interactive voice response service) and the front end processor or acquiring bank. A Payment Gateway is, therefore, provides an access point to the national banking network. All online transactions must pass through a Payment Gateway to be processed. In effect, Payment Gateways act as a bridge between the merchant’s website and the financial institutions that process the transaction. In other words, a payment gateway is a payment processing service provided by an service provider that authorizes credit card or direct payments processing for businesses whether online retailers or traditional brick and mortar businesses.

The payment gateway services can either be provided by the bank itself to its customers or can be provided by a specialized financial service provider as a separate service.

HOW DOES IT WORK

A Payment Gateway authenticates and routes payment in an highly secure environment between various parties and the concerned banks. The Payment Gateway functions in essence as an “encrypted” channel, which securely passes transaction details from the buyer’s computer or mobile phone to banks for authorization and approval. On acquiring the approval, the Payment Gateway sends back the information to the e-commerce website thereby completing the “order”, and providing verification. Whenever a customer wants to buy something from an e commerce portal, the Payment Gateway comes in the picture for the following functions:

• For Authorization – Verifying buyer’s credit or debit card details
• For Clearing Payment – Transferring the transaction to merchant’s bank
• For Reporting – Recording all transactions

Broadly speaking following Steps are involved in a Payment Gateway Transaction

1. The Consumer visits an e-commerce website and selects the goods or services and clicks on the “purchase” button. A message is then sent to the website regarding the consumer’s desire to buy and make payment.
2. The e-commerce website’s server, after receiving the message from the buyer’s computer, adds its digital certificate to identify the same. This message is now called a “Digital Order” and also includes the consumer’s Internet Protocol address and the transaction amount. The Digital Order is now sent to the Payment Gateway over a secured network. Security is ensured by data encryption.
3. Based on the Digital Certificate, the Payment Gateway authenticates the e-commerce website.
4. The Payment Gateway offers various payment options to the buyer.
5. Buyer chooses his desired payment option, which is transmitted via a secured link to the Payment Gateway.
6. The Payment Gateway sends the payment details to the acquiring bank (in case of card transactions) or seller’s bank (as termed for other instruments).
7. The acquiring bank sends the information to the buyer’s issuing bank (in case of card transactions) or buyer’s bank (as termed for other instruments) over a secure link.
8. Based on the credit limit and the payment instrument’s validity, the issuing bank either accepts or rejects the transaction. The confirmation/rejection message is transmitted to the Payment Gateway through the acquiring bank.
9. The Payment Gateway then transmits digital receipts to the e-commerce website as well as the buyer.
10. The web store then can ship the desired goods/services to the buyer.

ADVANTAGES OF PAYMENT GATEWAY

A Payment Gateway is immensely beneficial on account of the multiple advantages it offers including:

1. The 24 hrs a day, 365 days a year convenience
2. Real-time authorization of credit/debit cards
3. efficient transaction and rapid processing
4. payment options of buyer’s choosing
5. Secure flow of transaction details among buyers, sellers and financial institutions
6. Flexible real-time report generation
7. Multi-currency settlement, if the requirement is such
8. Refund Facility
9. Merchants get rid of extensive processing, large databases, and complex software
10. Certifying Authority authenticated secure servers
11. Collection data in bulk and in a cost-efficient manner, with the additional benefit of being checked for card validity
12. Access to credit/debit card “hot-list” to filter out fraudulent deals
13. Ability to provide value-added services to merchants, acquiring and issuing banks
14. Multiple host interfaces provisioning
15. Comprehensive and simplistic administrative controls
16. Strict security measures to enhance customer and merchant trust in the system.

THE LAW GOVERNING PAYMENT GATEWAYS

The Paramount law governing and regulating Payment Gateways in India is the Payment and Settlement Systems Act of 2007 which sets out the objective of ensuring that all the payment and settlement systems operating in the country are safe, properly secured, sound, efficient, accessible and authorized.

1. Payment and Settlement Systems Act, 2007

The Payment and Settlement Systems Act, 2007 (“PSS Act”) empowers the Reserve Bank of India to regulate and oversee all payment and settlement systems in the country and also to provide settlement finality and a sound legal basis for the same. The Act came into effect on 12 August 2008 vide a notification to that effect. The PSS Act specifies that no person, other than the RBI, can operate a payment system except with due authorization issued by the RBI (unless specifically exempted by the terms of the PSS Act itself.). The Act provides for netting and settlement finality and gives formal oversight powers over all payment and settlement systems with the RBI. In the brief, the Act:

1. Anoints the RBI as the authority that regulates payment and settlement systems;
2. Makes it compulsory to obtain RBI authorization to operate a payment system;
3. Warrants the RBI to regulate and supervise payment systems by determining standards and calling for information, regular reports, documents etc;
4. Warrants the RBI to audit and conduct on- and off-site inspections of the payment systems;
5. Warrants the RBI to issue directives; and
6. Provides for netting and settlement to be final and irrevocable.

Mandatory Authorization by RBI

As per the Payment and Settlement Act, 2007 (“Act”), Payment Gateways service provider will fall under the definition of ‘system provider’ which means a person who operates an authorized payment system. The Act, under its Section 5(1) mandates authorization by RBI for commencing or carrying on a payment system. An authorization from RBI for this purpose shall— (a) specify the date on which it takes effect; (b) specify the conditions subject to which the authorization shall be in force; (c) state the payment of fees, if any, to be paid for the authorization to be in force.

Process for making Application for Authorization

Regulation 3 of Payment and Settlement Systems Regulations, 2008 (“Regulation”), provides that the application for authorization can be made under sub-section (1) of Section 5 of the Act to the Bank for grant of authorization under sub-section (1) of section 7 of the Act. Such an application has to be furnished in Form-A prescribed under the Regulation and addressed to the Chief General Manager of Department of Payment and Settlement Systems at Central Office of the RBI at Mumbai, or to such other office or officer of the Bank as may be specified by it in this behalf.

RBI Approval is Discretionary

Under Section 6 of this Act, before an authorization is issued under this Act, the Reserve Bank can make such inquiries as it may consider necessary for the purpose of satisfying itself about the genuineness of the particulars submitted by the applicant and also to check the credentials of the participants.

Factors which shall be taken into account before issuing Authorization

Under Section 7, if reserve bank of India is satisfied after the inquiry that the application is complete in all respects and it conforms to provisions of the Act, it may issue authorization for operating the payment system having regard to the following below mentioned considerations, namely:

1. The need for proposal payment system or the services proposed to be undertaken by it;
2. The technical standards for the payment system, or the design of the proposed payment system;
3. The terms and conditions of operation of the proposed payment system including any security procedure if any;
4. The manner in which transfer of funds may be effected within the payment system;
5. The procedure for netting of payment instructions effecting the payment obligations under the payment system;
6. The financial status experience of management and integrity of the applicant;
7. Interests of consumer, including the terms and conditions governing their relationship with payment providers, and
8. Monetary and credit policies.
9. Timeline for Authorization

Time Bound Authorization

Under section 4 of the Act, RBI is required to process the application for authorization as early as possible and maximum within six months from the date of filing of such application. However, please note that this is not a mandatory period and RBI may process the application in a shorter duration.

Grant of Authorization

If the Bank is satisfied that the requirements of imposed by sub-section (1) of Section 7 of the Act are fulfilled, it may issue an Authorization Certificate in the Form ‘B’ (as annexed with the Regulations) to the applicant to commence or carry on a payment system and specify the date on which such authorization shall take effect, subject to fulfillment of conditions as may be imposed by RBI for grant of the authorization.

Term of the Authorization

An authorization, so granted shall remain to be in force till the authorization is revoked.

Mechanisms for settlement of disputes, penalties, and punishments

The Act lays down a fairly detailed mechanism for settlement of disputes between system participants in a payment system, between system participant and system provider and between system providers. The Act requires the system provider to make provision in its rules or regulations for creation of a panel to decide disputes between system participants. Where any system participant is dissatisfied with the decision of the panel, or where disputes arises between system participant and system provider or between system providers, such disputes are required to be referred to the Reserve Bank for adjudication, whose decision shall be final and binding on the parties. In cases where the Reserve Bank, in its capacity either as a system participant or system provider, is itself a party to the dispute, then there is a provision for referring such cases to the Central Government for adjudication. (Section 24 of Act)

Under the PSS Act, 2007, dishonor of an electronic fund transfer instruction due to insufficiency of funds in the account etc., is an offence punishable with imprisonment or with fine or both, similar to the dishonor of a cheque under the Negotiable Instruments Act 1881. Subject to complying with the procedures laid down under the PSS Act, 2007, criminal prosecution of defaulter can be initiated in such cases. This provision was introduced to discourage dishonor of electronic payment instructions. (Section 25 of the Act)

As per the Act, operating a payment system without authorization, failure to comply with the terms of authorization, failure to produce statements, returns information or documents or providing false statement or information, disclosing prohibited information, non-compliance of directions of Reserve Bank violations of any of the provisions of the Act, Regulations, order, directions etc., are offences punishable for which Reserve Bank can initiate criminal prosecution. Reserve Bank is also empowered to impose fine for certain contraventions under the Act. (Sections 26 and 30 of the PSS Act, 2007)

RBI CIRCULAR ON PROCESSING AND SETTLEMENT OF IMPORT AND EXPORT RELATED PAYMENTS FACILITATED BY ONLINE PAYMENT GATEWAY SERVICE PROVIDERS

To facilitate e-commerce, RBI vide its circular dated September 24, 2015 permitted Authorized Dealer Category- l Banks (AD Category-l banks as notified)  to offer the facility of payment for imports by entering into standing arrangements with the Online Payment Gateway Service Providers (“OPGSPs”).

The consolidated guidelines on such imports and exports as issued under the abovementioned circular were as under:

1. The Authorized Dealer Category-I banks desirous of entering into such an arrangement/s should report the details of each such arrangement as and when entered into to the Foreign Exchange Department, Central Office, Reserve Bank of India, Mumbai.
2. For bringing into effect such arrangements, the Authorized Dealer Category-I banks shall:

• carry out the due diligence of the ONLINE PAYMENT GATEWAY SERVICE PROVIDER;
• maintain separate Export and Import Collection accounts in India for each ONLINE PAYMENT GATEWAY SERVICE PROVIDER;
• satisfy themselves as to the bonafides of the transactions and ensure that the related purpose codes reported to the Reserve Bank are appropriate;
• submit all the relevant information relating to any transaction under such arrangements to the Reserve Bank, as and when advised to do so; and
• Conduct the reconciliation and audit of the collection accounts on a quarterly basis.

3. The Foreign entities, desirous of operating as ONLINE PAYMENT GATEWAY SERVICE PROVIDER, will have to open a liaison office in India with the approval of the Reserve Bank before operationalising the arrangement with any Authorized Dealer category-I bank. It would be incumbent upon the ONLINE PAYMENT GATEWAY SERVICE PROVIDER to:

1. ensure adherence to the Information Technology Act, 2000 and all other relevant laws/regulations in force;
2. put in place a mechanism for resolution of disputes and redressal of complaints;
3. create a Reserve Fund appropriate to its return and refund policy and
4. on-board sellers, Indian as well as foreign, following appropriate due diligence procedure.
5. Resolution of all payment related complaints in India shall remain the responsibility of the ONLINE PAYMENT GATEWAY SERVICE PROVIDER concerned.

The domestic entities functioning as intermediaries for electronic payment transactions in terms of the guidelines stipulated by RBI’s Department of Payment and Settlement Systems and intending to undertake cross-border transactions shall maintain separate accounts for domestic and cross-border transactions.

 Import transactions

1. The facility shall only be available for import of goods and software (as permitted in the prevalent Foreign Trade Policy) of value not exceeding USD 2,000 (US Dollar Two Thousand) only.
2. The balances held in the Import Collection account shall be remitted to the respective overseas exporter’s account immediately on receipt of funds from the importer and, in no case, later than two days from the date of credit to the collection account.
3. The Authorized Dealer Category –I bank will obtain a copy of invoice and airway bill from the ONLINE PAYMENT GATEWAY SERVICE PROVIDER containing the name and address of the beneficiary as evidence of import and report the transaction in R-Return under the foreign currency payment head.
4. The permitted credits in the ONLINE PAYMENT GATEWAY SERVICE PROVIDER Import Collection account will be collection from Indian importers for online purchases from overseas exporters electronically through credit card, debit card, and net banking and charge back from the overseas exporters.
5. The permitted debts in the ONLINE PAYMENT GATEWAY SERVICE PROVIDER Import Collection account will be

• payment to overseas exporters in permitted foreign currency;
• payment to Indian importers for returns and refunds;
• payment of commission at rates/frequencies as defined under the contract to the current account of the ONLINE PAYMENT GATEWAY SERVICE PROVIDER; and
• bank charges

Export transactions

 (i) the facility shall only be available for export of goods and services (as permitted in the prevalent Foreign Trade Policy) of value not exceeding USD 10,000 (US Dollar ten thousand) per transaction.

(ii) Authorized Dealer Category-I banks providing such facilities shall open a NOSTRO collection account for receipt of the export-related payments facilitated through such arrangements. Where the exporters availing of this facility are required to open notional accounts with the ONLINE PAYMENT GATEWAY SERVICE PROVIDER, it shall be ensured that no funds are allowed to be retained in such accounts and all receipts should be automatically swept and pooled into the NOSTRO collection account opened by the Authorized Dealer Category-I bank.

(iii) The balances held in the NOSTRO collection account shall be repatriated to the Export Collection account in India and then credited to the respective exporter’s account with a bank in India immediately on receipt of the confirmation from the importer and, in no case, later than seven days from the date of credit to the NOSTRO collection account.

(iv) The permitted debits to the ONLINE PAYMENT GATEWAY SERVICE PROVIDER Export Collection account maintained in India will be:

• payment to the respective Indian exporters’ accounts;
• payment of commission at rates/frequencies as defined under the contract to the current account of the ONLINE PAYMENT GATEWAY SERVICE PROVIDER; and
• charge back to the overseas importer where the Indian exporter has failed in discharging his obligations under the sale contract.

(v) The only credit permitted in the same ONLINE PAYMENT GATEWAY SERVICE PROVIDER Export Collection account will be repatriation from the NOSTRO collection accounts electronically.

The AD Category-I banks may bring the contents of this circular to the notice of their constituents and customers concerned.

CONCLUSION

With high growth predicted for e-commerce, the financial sector has to remain prepared and equipped to handle various kinds of payment instruments. Further, globally speaking, payment systems are increasingly becoming web-based and web-enabled with a strong drive towards paperless transactions. If Indian industry wants to be in the worldwide reckoning then it has to adopt electronic transactions and build the requisite infrastructure. Both buyers and sellers may have accounts with different banks, and there has to be a sound mechanism to manage such transactions. In addition, with transactions in India being more of “volume-based” rather than “value based”, there has to be a mechanism that can address both micro as well as macro payments. Since it is a time consuming and extremely expensive task for each and every bank to build its own Payment Gateway, a better option or an alternative would be to build a secure National-level Payment Gateway, which will be shared by various banks and which can handle different type of payment instruments. With all this in foreground, it can be safely concluded that the Internet E-Commerce Payment Gateway is a critical infrastructural component to ensure that such transactions occur without any hitches and in total security over e-networks. However along with designing a system which is has sound infrastructure, it becomes also very important that it must have a sound legal and regulatory framework under which it can function smoothly. The Payment and Settlement Act, 2007 (“Act”) in that context seems an effective regulation, which along with relevant RBI circulars has successfully met the challenge.