Payment Gateway License
- Transform Your Business with a Payment Gateway License from Kanakkupillai!
- Unlock seamless online transactions, boost customer trust and expand your financial business reach with a Payment Gateway License.
- Our experienced team guides you through the application process, ensuring compliance with RBI regulations.
- From document preparation to application submission, we provide end-to-end assistance tailored to your business needs.
- Schedule a free consultation and let us help you navigate the licensing process.
1,12,845+
Happy and satisfied customers.
Expert Consultation
Payment Gateway License in India
In June 2025, UPI payments in India processed transactions worth ₹24.03 lakh crores. As per the Reserve Bank of India, the total value of digital transactions in India grew from ₹1,775 lakh crore in 2019 to ₹2,830 lakh crore by the end of 2024. The reason for this exponential growth is attributed to the rise of digital payment gateways - they act as technological intermediaries, check the payment details and funds in the buyer's account, and safely transfer the amount into the seller’s/receiver’s bank account. To regulate this sector, the Reserve Bank of India (RBI), under the Payment and Settlement Systems Act, 2007, mandated that all entities engaged in fund collection and settlement on behalf of merchants must obtain a Payment Aggregator (PA) License.
What is a Payment Gateway?
A payment gateway is a digital service that helps businesses accept online payments securely from customers.
When you buy something online and pay using a debit card, credit card, UPI, or net banking, the payment gateway acts as a middleman between you (the buyer), the merchant, and the bank. It checks the details of your payment, makes sure there is enough money in your bank account, and safely moves the payment from your bank to the seller's bank.
The term & Payment Gateway’ broadly includes two models:
- Payment Aggregator (PA): Entities that facilitate online payments by collecting funds from customers on behalf of merchants without the need for the merchant to directly integrate with acquiring banks.
- Payment Gateway (PG): Technology providers that offer routing, encryption, and a payment interface without handling funds.
In India, only PAs who handle funds are required to obtain RBI authorisation, whereas PGs offering only tech infrastructure do not need licensing but must comply with security standards.
Legal Framework
In India, the payment gateways are regulated by the following statutes and rules:
- The Payment and Settlement Systems Act, 2007: This is the foundational legislation regulating all forms of payment systems in India. Under Section 4, it mandates that no person or entity can operate a payment system, including payment gateways or aggregators, without prior authorisation from the Reserve Bank of India (RBI). The Act empowers the RBI to frame regulations, inspect licensees, issue directions, and cancel authorisations for non-compliance. It ensures orderly development and oversight of digital payment infrastructure.
- RBI Guidelines on Regulation of Payment Aggregators and Payment Gateways (March 2020; updated in March 2021 and August 2022): The guidelines were issued under the authority of the 2007 Act. These guidelines created a formal licensing regime for Payment Aggregators (PAs) and a regulatory framework for Payment Gateways (PGs).
- Payment Aggregators that handle customer funds must register with the RBI and adhere to capital adequacy norms, escrow account management, and KYC/AML compliance.
- Payment Gateways, while not directly handling funds, must comply with baseline IT security, fraud prevention standards, data localisation, and grievance redressal mechanisms.
- The Reserve Bank of India Act, 1934: The RBI is the regulatory authority over monetary policy and financial stability. Under Section 45JA, RBI may issue directions to any financial institution relating to conduct, audit, reporting, and inspection. RBI uses this power to enforce the licensing, reporting, and operational standards on PAs/PGs.
- The Information Technology Act, 2000: This Act governs all digital transactions and imposes mandatory obligations on intermediaries, including payment gateways, under Section 43A and Section 72A. The act deals with the protection of sensitive personal data, cybersecurity, and the liability for data breaches.
- The Prevention of Money Laundering Act, 2002 (PMLA): As the payment aggregators deal with financial transactions, they are considered ‘ reporting entities’ under PMLA. They are mandated to conduct KYC verification, monitor transactions, and report suspicious activities to the Financial Intelligence Unit - India (FIU-IND).
- The Companies Act, 2013: All payment gateway license applicants must be incorporated entities in India. Compliance with corporate governance, auditor appointment, disclosure norms, and financial reporting obligations under the Companies Act, 2013, is a prerequisite to maintain the integrity of the applicant entity.
- The Consumer Protection Act, 2019: The act empowers customers to raise grievances against unfair trade practices, deficient services, or unauthorised debits by payment gateways.
- The Foreign Exchange Management Act, 1999 (FEMA): The cases where cross-border payments or inward/outward remittances, FEMA governs such operations. Any payment gateway that facilitates foreign transactions must ensure compliance with the RBI's Master Directions on the Import and Export of Goods and Services and have the approval of the AD Banks.
Eligibility Criteria for Payment Gateway (PA) License
In order to obtain the Payment Gateway License in India, the entity must fulfil the below-mentioned eligibility criteria specified by the RBI:
1. Incorporation and legal status
The applicant must be:
- A company incorporated in India under the Companies Act, 2013.
- A new applicant must have a clear object clause in its Memorandum of Association (MoA) for operating as a Payment Aggregator
2. Minimum net worth
- ₹15 crore at the time of application.
- Must increase to ₹25 crore within three years of operation.
3. Promoters and directors must
- Qualify under the fit and proper criteria prescribed by RBI.
- Not be convicted of any financial crime or regulatory violation.
4. System audit
The applicants must:
- Have a functioning and interoperable technology infrastructure.
- Submit an audit certificate from a CISA-qualified (Certified Information Systems Auditor) professional.
- Demonstrate robust cybersecurity systems, data encryption, and fraud management mechanisms compliant with RBI’s Cyber Security Framework for Payment Systems (2022).
5. No access to customer funds
Payment Gateways do not handle funds. If an entity seeks to operate as a Payment Aggregator and handle customer funds, it must comply with:
- Escrow account maintenance with a scheduled commercial bank.
- Daily settlement obligations.
6. Merchant onboarding policy
Applicants must adopt a documented and Board-approved policy for:
- Merchant due diligence
- Risk assessment
- KYC compliance as per RBI’s Master Directions on KYC, 2016
7. Compliance with FEMA and FDI Norms
If the applicant receives foreign direct investment, it must comply with:
- FEMA, 1999 regulations
- FDI caps as notified by DPIIT
8. No Co-mingling of Funds
PAs must not co-mingle funds of different merchants and must ensure proper reconciliation of each transaction.
Benefits of a Payment Gateway License
Obtaining a Payment Gateway License offers numerous benefits for companies looking to simplify their online payment processes and enhance customer trust. By sticking to the strict guidelines set by the Reserve Bank of India (RBI), approved payment systems provide a safe and efficient platform for transactions, eventually helping both businesses and clients.
1. Enhanced Security:
A Payment Gateway License ensures compliance with strict security standards, protecting private customer data during transactions.
2. Improved Customer Trust:
Having a registered payment platform increases trustworthiness, telling customers that their financial information is handled safely and properly.
3. Faster Transactions:
Licensed payment platforms enable faster transaction handling, improving the overall customer experience and reducing cart failure rates.
4. Access to Multiple Payment Options:
Offering credit cards, debit cards, and digital wallets, among other payment options, a Payment Gateway License enables companies to meet different consumer demands.
5. Regulatory Compliance:
Obtaining a license ensures obedience to the rules of the Reserve Bank of India (RBI), cutting potential risks for companies.
6. International Payment Acceptance:
Licenced gateways let companies welcome payments in several currencies, therefore enabling growth into foreign markets.
Documents Required to Obtain Payment Gateway License
You need the following documents to obtain the payment gateway license:
- Certificate of Incorporation (under Companies Act, 2013)
- Memorandum & Articles of Association (MoA & AoA)
- PAN card of the company
- GST registration certificate
- Udyam/MSME registration (if applicable)
- Shop & Establishment License (if applicable)
- Audited financial statements (last 3 years or since incorporation)
- Net worth certificates from a Chartered Accountant
- Income Tax returns of the company (last 3 years)
- Bank account statements (6-12 months)
- Working capital and projected financials (3-5 years)
- Escrow account agreement with a scheduled commercial bank
- Business continuity and disaster recovery plan
- Cybersecurity framework as per RBI IT guidelines
- Risk management and grievance redressal policies
- KYC documents of directors and key personnel (PAN, Aadhaar, Passport)
- Board resolution authorising license application
- Shareholding pattern and beneficial ownership disclosure
- Details of group entities or associated companies
- IT infrastructure architecture and data flow diagrams
- Merchant onboarding policy and due diligence framework
- Fraud detection and monitoring mechanism
- PCI-DSS certification or implementation roadmap
- Integration protocol documents (APIs, SDKs)
Important points to keep in mind
- Only Payment Aggregators (PAs) handling funds need RBI authorisation.
- A minimum net worth of ₹15 crore at application time, to be increased to ₹25 crore within three years.
- Must be a company incorporated under the Companies Act, 2013. LLPs and partnerships are not eligible.
- Entities such as NBFC Registration may also apply for a Payment Aggregator license, provided they meet all RBI eligibility norms and capital requirements.
- The Memorandum of Association must clearly state the business intent to operate as a Payment Aggregator.
- PAs must maintain an escrow account with a scheduled commercial bank and follow daily settlement timelines.
- Applicants must undergo a system audit by a CISA-certified professional
- All payment-related data must be stored within India in accordance with RBI’s data storage mandates.
- Regular reports on transactions, fraud monitoring, system audits, and merchant activity must be submitted to RBI.
Why Choose Kanakkupillai?
At Kanakkupillai, we don't just provide a service; we are your partner in getting your Payment Gateway or Aggregator license smoothly and correctly.
- We help you get ready: Before you apply, we carefully check your business setup, documents, and systems to make sure everything is in compliance with the RBI requirements.
- Setting up your company: If you have not yet incorporated your company, we will assist you with the incorporation process, ensuring the right capital, shareholding, and board structure that complies with RBI rules and appeals to investors.
- Application handling: We take care of the entire RBI license application from preparing all forms, escrow account setup, cybersecurity policies, to submitting forms, documents, and everything on the official COSMOS portal.
- Policies and audits made easy: We write and review your policies for fraud prevention, KYC, AML, and data security. Our audit experts even do mock checks to ensure that you are fully prepared for RBI’s inspections.
- Compliance support after approval: Our role does not end at obtaining your license; we are committed to helping you with all RBI filings, transaction reports, suspicious activity reports, board updates, and license renewals. Similar to how we assist with NBFC Annual Compliance, we ensure your Payment Aggregator entity stays fully compliant with all ongoing RBI regulatory requirements.
Frequently asked questions
A Payment Aggregator (PA) collects and settles customer funds on behalf of merchants, requiring an RBI license. A Payment Gateway (PG) provides technical infrastructure to process online transactions but does not handle funds directly and therefore does not need RBI authorisation.
If the startup collects and settles funds for merchants (i.e., acts as a PA), RBI authorization is mandatory. If it only offers technology infrastructure (i.e., PG), it does not need a license but must comply with IT and data protection norms.
No, companies incorporated in India are eligible. However, foreign ownership is allowed subject to FDI norms and disclosure under FEMA and DPIIT guidelines.
RBI may suspend or cancel the license, impose penalties, or direct the aggregator to cease operations, as per Section 4 and 7 of the Payment and Settlement Systems Act, 2007.
Wallet providers are regulated separately under the Prepaid Payment Instruments (PPI) guidelines. UPI apps are subject to NPCI’s oversight and may fall under the PA framework if they handle merchant settlements.
While not mandatory at the time of application, PCI-DSS implementation (or a roadmap toward certification) is highly recommended for handling card payments securely and avoiding regulatory scrutiny later.
A Chartered Accountant-certified net worth certificate, supported by audited balance sheets, must be submitted at the time of application.
Yes, but if the entity handles funds, it will be treated as a Payment Aggregator and must meet the full licensing and compliance requirements for PAs.
Yes, in most cases, RBI prefers a dedicated legal entity for PA operations to avoid co-mingling of funds and to ensure financial segregation.
Yes, provided they meet all RBI eligibility norms and capital requirements. However, prior approval from RBI may be required in some cases.
PAs must submit quarterly reports on merchant onboarding, fund settlements, and annual system audits to RBI. Suspicious transactions must be reported to FIU-IND.
A System Audit by a CISA-qualified auditor and a financial audit (by a statutory auditor) demonstrating capital adequacy and compliance with IT norms are essential.
No. However, the applicant must submit a draft escrow agreement or evidence of readiness to open one with a scheduled commercial bank.
Might Be Looking For
Trusted by 1,12,845+ Happy customers are using Kanakkupillai!
