The Dialogue conducted a webinar on ‘The Payment Aggregators and Payment Gateways (PAPG) guidelines’ on March 30, 2021, to spur discussion and progressive discourse around the issues surrounding the PAPG guidelines put forward by the RBI, and evaluate the optimal policy measures that can be put in place to address these challenges in the Indian context. The panel comprised industry experts including Mr. Avimukt Dar, Co-founder IndusLaw, Dr. Aruna Sharma, Former RBI Digitisation Committee Member, Mr. Ram Rastogi, DigitalPayments Expert, and moderated by Mr. Kazim Rizvi, Founding Director, The Dialogue. On March 31, RBI issued notification to extend the timeline for processing of recurring payments and implementation of the said guidelines. The same was emphasised by the speakers and RBI accepted the industry’s proposal of tokenisation as part of the framework.
At the webinar, the panelists spoke about the PAPG Guidelines put forward by the RBI which states that a “Merchant site shall not save customer cards and such related data. A security audit of the merchant may be carried out to check compliance, as and when required.” They highlighted that this not only creates challenges for payment aggregators and payment gateways but also banks and a wide-range of merchants and small business owners. The data security and privacy concerns raised from such a mechanism has reinforced the point of view on security standards such as PCI-DSS (Payment Card Industry Data Security Standard) and PA-DSS (Payment Application Data Security Standard) which they feel are not robust enough, and the implementation of these standards has not stopped data breaches of card data in the past. The panel also opined how this lack of trust in these security standards is counterintuitive to Rule 7.3 which states that at the time of onboarding, payment aggregators must ensure that merchants are PCI-DSS and PA-DSS compliant.
Initially, RBI issued Circular dated 21st Aug 2019 which allowed recurring payments on all types of cards – debit, credit and Prepaid Payment Instruments (PPIs), including wallets with a maximum limit of INR 2000 per transaction. Subsequently, on 4th December, 2020, RBI issued the 2nd circular which increased the per transaction limit to INR 5000. It also stated that existing recurring transactions under arrangements which are not compliant with the above-mentioned circulars shall not be continued beyond March 31, 2021. The industry understands that security and customer convenience of payments is the cornerstone of the digital economy and is critical to enhancing customer confidence in online payments. However, as we move towards compliance with the E-Mandate Circulars, the significant scale of infrastructure development required to be built by various stakeholders shouldn’t be underestimated.
While the economy recovers from the aftermath of the COVID-19 pandemic, the guidelines have created additional burden on industry players, other relevant stakeholders, and final consumers. The primary challenges of compliance, requirement of digital infrastructure by several stakeholders to revamp such integration is massive and extends to technology system changes, data-interchange process changes, changes to underlying business contracts, intimation to customers, and a need for significant time and resources might hinder the remarkable progress being made in the financial ecosystem of the country. The guidelines might also potentially cause frequent occurrence of fraudulent activities, reduce consumer choice and portability, hamper user experience and customer satisfaction, and limit product innovation.
With respect to the apprehensions raised by various stakeholders, the RBI claimed to address this via their e-mandate guidelines that help businesses and their customers to easily manage all the recurring payments like insurance premiums, SIPs, loan installment collections, etc. However, this move has come with its fair share of drawbacks as the e-mandate only addresses a small portion of the merchant community.
Dr. Aruna Sharma, RBI Digitisation Committee Member said, “As per industry data, 30% of transactions are abandoned when the consumer faces friction during payments. The greater the friction introduced, the steeper the decline in willingness to transact online and the higher the likelihood of digital exclusion. RBI has also put down discussion for debate along with meetings to hold consultations but the problem is that many of the suggestions made did not get addressed or harmonised. The harmonisation of all policies is very important to prevent dichotomy while consistency and credibility of policies are essential for FDI. A consultative approach should be adopted to provide immediate extension till June to banks to comply by the guidelines. The process should be inclusive of dialogue and suggestions to result in smooth and involved transaction. ”
Mr. Avimukt Dar, Co-founder IndusLaw was of the opinion “RBI’s stance not to extend the e-mandate timeline is likely to derail the vision of Digital Bharat and significantly disrupt the services to the consumer. India’s journey towards emerging as a $ 5 trillion digital economy will be hit hard during the next couple of weeks and the consumers will again bear the brunt
of micro regulatory approach of policymakers. This will impact the industry and cashless transactions which has been a huge push by the current govt and is largely enabled by the digital payments industry.”
“With the added complexities driven by the present pandemic, which has increased the dependency of customers on e-commerce and digital payments, the impact of this move is likely to be unprecedented. As we move towards compliance with the E-Mandate Circulars, the significant scale of infrastructure development required to be built by various stakeholders cannot be undermined. Ultimately, this will impact the continued growth of the digital economy and dissuade cashless transactions. RBI should work with the industry and adopt a more consultative approach and extend the e-mandate timeline as the industry needs a few more months to upgrade their systems to comply with the e-mandate framework. It’s important to invite consultation and participation from stakeholders to find out the security measures adopted by the digital payment portals rather than regulating the whole ecosystem,” said Mr. Ram Rastogi, Digital Payments Expert .
As India gradually progresses in the direction of digitization, the first step towards the same is
simplification and relaxation of guidelines, and ease of practising digital payments. It should, therefore, be treated with high priority to build a progressive discourse around the PAPG guidelines and help businesses and consumers get rid of additional burden and digital payment-related challenges.