RBI rolls out comprehensive framework for PAs & PGs to boost digital payment ecosystem

September 16, 2025

In September 2025, the Reserve Bank of India (RBI) had issued ‘Reserve Bank of India (Regulation of Payment Aggregators) Directions, 2025’, providing detailed regulatory guidelines for Payment Aggregators (PAs) and recommended baseline technology standards for Payment Gateways (PGs).

The guidelines were issued after a consultation period, with draft directions initially circulated in April 2024.

Exam Hints:

What? Rules for PAs & PGs
Issued by: RBI
Applies To: All bank & non-bank entities
Capital: Rs. 15 cr at application, Rs. 25 cr by 3rd FY
Classification: PA-P (Physical), PA-CB (Cross-border), PA-O (Online).
Governance: Nodal officer, dispute resolution mechanism, report management changes in 15 days.
Security: PCI-DSS & PA-DSS compliance, annual CERT-In audit, escrow accounts for merchant funds.
PGs: Technology providers; follow recommended security standards.

Key Provisions:

Applicability: These Directions shall apply to all bank and non-bank entities undertaking the business of PA.

It also applies to Authorised Dealer (AD) banks as well as Scheduled Commercial Banks (SCBs) which engage with entities undertaking PA business.

Authorization: As per the guidelines, non-bank PAs must obtain RBI authorization under the Payment and Settlement Systems Act, 2007.

Existing players can continue operations, and banks providing PA services as part of regular banking activities are exempt from separate authorization.

Capital Requirements: The entities interested in carrying PA business must be incorporated in India and maintain a minimum net-worth of Rs.15 crore (cr) at the time of application, which should be increased to Rs.25 cr by the end of the third Financial Year(FY).

This minimum net-worth requirement must be maintained continuously at all times.

Governance: The RBI has stressed that PAs should be professionally managed and adhere to a ‘fit and proper’ criteria for promoters and directors.

Any acquisition or change in management must be reported to the RBI within 15 days.

Compliance Oversight: PAs must appoint a nodal officer to manage regulatory compliance and customer grievance redressal.

Dispute Management: The PA shall have a dispute resolution mechanism to handle payment related disputes in transactions facilitated by it.

The mechanism should also include timelines for processing refunds, etc.

Security: PA shall ensure that infrastructure of the merchants is compliant with security standards like PCI-DSS (Payment Card Industry Data Security Standard) and PA-DSS (Payment Application Data Security Standard).

Also, the PAs must conduct an annual system and cyber security audit through the Indian Computer Emergency Response Team (CERT-In) empanelled auditors and submit the report to the respective Regional Offices.

Escrow Accounts: A non-bank PA shall maintain the funds collected on behalf of its merchants in a separate escrow account with any SCBs in India.

Such escrow accounts shall only be utilised for authorised PA business and not for any other business.

Credential Storage: The guidelines mandate that card details must not be stored and refunds should return to the original payment method unless the customer agrees otherwise.

Payment Gateway Standards: While PAs are directly regulated by RBI, PGs function as technology providers. The RBI urges PGs to follow recommended security standards to strengthen the overall digital payment infrastructure.

Important Terms:

Payment Aggregator(PA): An entity that facilitates aggregation of payments made by customers to the merchants through one or more payment channels through the merchant’s interface (physical / virtual) for purchase of goods, services or investment products, and subsequently settles the collected funds to such merchants.

Categories of PA:

PA-P (Physical): Handles transactions with device and payment instrument physically present.
PA-CB (Cross-Border): Manages cross-border payments; sub-categorized into inward and outward transactions.
PA-O (Online): Facilitates transactions where device and payment instrument are not physically present.

Payment Gateway (PG): An entity that provides technology infrastructure to route and facilitate processing of a payment transaction without any involvement in handling of funds.

Types of Payment Gateways (PGs):
Hosted PG: Third-party hosted system integrated into websites/apps.
API PG: Processes payments via Application Programme Interface(API), keeping customers on the merchant site.
Self-Hosted PG: Merchants manage payments directly within their own infrastructure.
Local Bank Integration PG: Connects with local banks for seamless, region-specific payments.

Escrow Account: An escrow account is a temporary, neutral account managed by a third-party escrow agent who holds funds or assets on behalf of two parties in a transaction, ensuring that all contractual conditions are met before funds are released

AffairsCloud Recommends Oliveboard Mock Test

AffairsCloud Ebook - Support Us to Grow

Govt Jobs by Category

Bank Jobs 2025 - Various Vacancies

Government Jobs 2025 - Various Vacancies

Railway Jobs 2025 - Various Vacancies

SSC Recruitment 2025 - Various Vacancies

Sarkari Result 2025

Bank Jobs Notification

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Exam Hints:

RELATED ARTICLESMORE FROM AUTHOR

National Engineer’s Day 2025 – September 15

Overview of PM Narendra Modi’s Visit to Assam from September 13 to 14, 2025

India’s 7 More Sites Included in Tentative List of UNESCO’s World Heritage Sites 2025, Total Increases to 69

RELATED ARTICLES MORE FROM AUTHOR