Tag Archives: PPI

Authorisation of New Retail Payment Systems : RBI’s Policy Paper

Reserve Bank of India (“RBI”) vide its press release on January 21, 2019 has invited comments on the Policy Paper on Authorisation of New Retail Payment Systems (“Policy Paper”). Earlier in June 26, 2018 RBI had released a Statement on Developmental and Regulatory Policies which aimed to minimize the concentration risk in retail payments systems and foster innovation and competition in the retail payments market. With this objective in mind RBI has placed this Policy Paper in public domain, inviting comments till February 20, 2019.

Existing retail payment services and operators in India

RBI is the regulator for payment and settlements systems under the Payment and Settlement Systems Act, 2007 and it ensures that the payment systems operate in a secure and efficient manner with regard to banks as well as non-bank entities. Banks have been the traditional gateway to payment systems but with the demand for varied payment systems and technological changes, non-bank entities have been granted access to the payment systems. These non-bank entities have been competing with the banks by providing retail electronic payment services. As a result, RBI has been issuing guidelines for various payment systems and granting the non-bank entities to setup and operate payment systems. It is to be noted that RBI had granted permission to eighty- nine (89) non-bank entities to act as payment system operators.

Analysis of the current landscape w.r.t retail payment system operators

Though there are many payment systems such as card networks, Prepaid instrument issuers (PPIs), ATM networks, etc. there are only a handful of payment operators in India. As a result of which, there are concerns around concentration and competition and its impact on the current financial of the country. Therefore there are a number of issues which need attention. The issues for discussion are as follows:

  1. a single operator having multiple and varied retail payment systems versus diversification across multiple operators;
  2. payments systems managed by a single operator such as Unified Payments Interface (UPI), Immediate Payment Service (IMPS), Aadhaar Enabled Payment System (AePS) ,etc. versus multiple systems with similar product features being offered by multiple operators;
  3. availability of a window for licensing operators of a payment system on-tap; and
  4. reviewing the criteria of licensing to foster innovation and competition and to broad base potential applicants.

RBI has classified the payment systems as follows:

Serial Number. Basis of Classification Particulars
1. Number of operators 1.    Single operator for a single or multiple retail payments systems

·         NPCI- National Financial Switch (NFS), IMPS, BHIM Aadhaar Pay, National Electronic Toll Collection (NETC), etc.

·         Empays-IMT


2.    Multiple operators for similar payment services- to name a few:

·         ATM networks- 5

·         Card Payment Networks- 5

·         Prepaid Payment Instrument (PPI) issuers- 48 non-banks and 60 banks


2. Type of payment services Classification on the payment service based on the end user as under:

1.    Fund transfer and merchant payments systems- IMPS, UPI, PPI, Aadhaar based payments, etc.

2.    Card based payments- Card networks, ATM networks

3.    Bulk and repetitive payments, utility payments- NACH, BBPS

4.    Toll collection- NETC

5.    MSME receivables’ financing- TReDs

NPCI has become pivotal to the operation of many critical retails payments systems in the country. By October 2018, NPCI was accounting for almost 48% of the retail electronic payment transactions (excluding paper) in volume to 15% of the value of the retail electronic payment transactions.

The advantages of having concentrated system operations with few entities are as follows: (a) leads to standardisation with uniform and tested payment systems; (b) less pressure on capital and infrastructure; and (c) a unity of approach by the regulators. Whereas the disadvantages of having a single operator are as follows: (a) absence of redundancy and fall-back arrangements may impact continued availability; (b) inadequate competition may lead to complacency with no upgradation and improvement in the product; and (c) increase of the prices at which the services are being offered with reduction in quality of service.

The Policy Paper also discusses a multi-pronged action for a more appropriate level of retail payment systems and operators.

The pros of having multiple entities which provide similar payment services would be to increase the competition. However, this may require additional investments, creation of a suitable infrastructure, and this may be achieved over phases. Also, the feature of adding inter-operability in the new payment systems would incur huge costs.

Open and keep-on-tap window for making applications

There can be an open and keep-on-tap window for making applications by all the payment systems in place. This window would permit the receipt of applications for all payment systems and would prescribe for a specific “point of arrival” metric which would allow the entities who are unable to achieve the desired capacity and scale to have a defined-time line exit.

Liberal entry norms

The Policy calls for a liberal entry norm which would require reviewing the entry point capital (net worth) requirement and an analysis of the capability potential of the entities. Finally the Policy also recommends that all payment systems should have a physical presence in the country, an impeccable track record, and shall conform to the best overall standards including those pertaining to customer service and efficiency.

The Policy also makes it clear that there should be an alignment of regulatory framework to encourage enhanced participation of both bank and non-bank entities.

Further, Annexure III of this Policy Paper lays down the authorisation criteria for non-bank payment system operators which discusses the review possibility of the financials in terms of the reduction or revision of the net worth for payment systems such as WLAOs, BBPOUs, and TReDS.

Source: https://rbidocs.rbi.org.in/rdocs/PublicationReport/Pdfs/ANRPS21012019A8F5D4891BF84849837D7D611B7FFC58.PDF

RBI directive to limit customer liabilities

RBI issues directive limiting the liability of customers in unauthorised electronic payment transactions in Prepaid Payment Instruments issued by authorised Non-Bank Issuers.

The Reserve Bank of India (RBI) vide its Notification No. DPSS.CO.PD.No.1417/02.14.006/2018-19 dated 4 January 2019 (“the Directive”) has taken steps to limit the liability of customers in respect of unauthorized electronic payment transactions through Prepaid Payment Instruments (PPIs) issued by Authorised Non-banks. The said Directive should be read alongside with the paragraphs 15 and 16 of RBI’s Master Direction on Issuance and Operation of Prepaid Payment Instruments (“the PPI Master Direction) which already provides a framework for ‘Risk Management’ and ‘Customer Protection’. Under the present Directive, the criteria for determining customers’ liability under the extant framework have been further reviewed.

The provisions of the Directive will be applicable to all authorised non-bank PPI issuers only. Bank PPI issuers will not have to follow the provisions of the Directive. Furthermore, PPI for Mass Transit Systems (PPI-MTS) will be outside the purview of the Directive, except for cases of contributory fraud/ negligence/ deficiency on the part of the PPI-MTS.

For the purpose of the Directive, electronic payment transactions have been divided into two categories for the purpose of the Directive:

  • Remote/Online payments transactions e.g. wallets, card not present (CNP) transactions.
  • Face-to-face/Proximity payment transactions e.g. transactions at point of sale.

The Directive brings forth the following two important changes:

Reporting of unauthorised payment transactions by customers to PPI issuers:

PPI issuers will have to comply with the following conditions:

  1. PPI issuers must ensure that their customers mandatorily register for SMS alert or e-mail alerts (wherever available), and that mandatory SMS or e-mail alert is sent to the customers, and the transaction alert has a contact number and / or e-mail id on which the customer can report unauthorised transactions or notify the objection. Customers must also have 24´7 access via website, SMS, e-mail, or a dedicated toll-free helpline number.
  2. Customers must be advised by the PPI issuers to notify the PPI issuer of any unauthorized electronic payment transaction at the earliest, and that the longer the customer takes to notify the PPI issuer, the higher will be liability of the customer.

A direct link for lodging complaints, with a specific option to report unauthorized transactions, must be provided by PPI issuers on their mobile app, home page of website, or any other evolving acceptance mode. PPI issuers must ensure to resolve the complaint within 90 days from the receipt of the complaint.

  1. PPI issuers should have in place a loss/ fraud reporting system to send immediate response (including auto-response) to customers acknowledging the complaint. All the relevant data pertaining to time and date of deliveries and receipt of customer response must also be recorded within the PPI issuers’ systems.
  1. Limited Liability of a customer:

The Directive limits the liability of customers in stipulated cases based on the number of days the customer takes to report the issue, the longer time the customer takes to report, the higher is his/her liability. The classification of liability is broken down as follows:

  • In case of contributory fraud/negligence/deficiency on part of the PPI issuer, there is no liability of customer.
  • In case of a third-party breach, i.e. neither the customer nor the PPI issuer being responsible for the deficiency, the customer liability will depend upon the number of days lapsed between receipt of transaction communication and the reporting of unauthorised transaction by the customer-
  • If within three days, then no customer liability.
  • If within four to seven days then customer will be liable for the transaction value or Rs. 10,000 per transaction, whichever is lower
  • Beyond seven days the customer liability will be as per the approved policy of the board of directors of the PPI issuer.
  • In case where the loss is due to the negligence of the customer, i.e. cases where customer shares the payment credentials themselves, the customer will bear the entire loss until the customer reports the unauthorised transaction to the PPI issuer. If any loss occurs after the reporting of the unauthorized transaction, it shall be borne by the PPI issuer.

PPI issuers may also decide to waive off any customer liability at their own discretion even if it involves customer’s negligence.

Even in cases where customers are sought to made liable, the burden of proof of negligence/deficiency/liability shall at all times lie with the PPI issuers. Further, the Directive requires the PPI issuer to credit the amount involved in unauthorized transaction within 10 days from the date when customer notifies the PPI issuer about unauthorised electronic payment. This should be done even if such reversal breaches the maximum permissible limit applicable to that type / category of PPI.

The Directive also imposes important compliances in the form of requirement for a board approved policy for customer protection, reporting and monitoring of compliances.

Source: https://rbidocs.rbi.org.in/rdocs/notification/PDFs/NT101746BAE75BB964EB1AD2E5BB6DC3FE5DC.PDF

Regulatory update: Prepaid Payment Instruments (PPIs) – Guidelines on Interoperability

The Reserve Bank of India (RBI) on October 16, 2018 issued a set of guidelines for interoperability of PPIs. The guidelines are issued under Section 18 read with Section 10(2) of the Payment and Settlements Act, 2007. PPI issuers who choose to adopt interoperability shall adhere to these guidelines along with the Master Direction[1].

  1. Common requirements for achieving interoperability for wallets and cards
    • Where the PPIs are issued in form of online wallets, interoperability shall be facilitated through UPI and where PPIs is issued through a card, the cards shall be affiliated to authorised card networks. Option of interoperability has also been provided to PPI issuers operating in segment of meal, gift and mass transit system (MTS).
    • The interoperability shall be facilitated to all KYC compliant PPI account and entire acceptance infrastructure.
    • Technical Requirement: While facilitating interoperability the PPI issuer shall comply and adhere to all requirements of respective card networks and UPI, including adherence to various standards, technical requirement specific to a payment system, certification, audit and etc.
    • Further the PPI issuers will have to comply with mechanism established for reconciliation, grievance redressal and consumer protection by UPI and specific card networks.
  2. Specific Requirements for achieving interoperability through card networks
    • Card networks are allowed to integrate PPI issuers on their network. Further the non-banking PPI issuers are allowed to join card networks as members or associate members.
    • Settlement: For the purpose of settlement, Non-banking PPI issuer may directly participate in the card network or through a sponsor bank arrangement while adhering to requirements of the specific card network which it is a member of.
    • Safety and Security
  3. Non-banking PPI issuers will be issuing interoperable cards for the first time and therefore they shall make sure that the cards have an EMV chip and are PIN compliant.
  4. Banks shall ensure that while issuing new PPIs and renewing the old PPIs, the cards shall have EMV and shall be PIN compliant.
  • If a PPI issuer in the meal segment intends to facilitate interoperability, it shall also issue EMV chip and PIN compliant cards, whereas it is not compulsory for PPI issuers in the gift cards and MTS segment to have EMV chip and PIN.
  1. Specific requirements for achieving interoperability through UPI
    • PPI issuers will operate as payment system providers (PSP) in the UPI network. National Payment Corporation of India (NPCI) will provide all the PPI issuers, including non-banking PPI issuers a platform for linking their respective PPI holders/users to the platform to facilitate interoperability. The platform issued will use UPI to provide such Interoperability.
    • The PPI issuers as PSPs are only allowed to integrate their PPI holders/users and shall not on board PPI holders/users of other PPI issuers or customers of banks.
    • Any interoperable transaction will be approved as per the credentials of an individual’s online wallet before the same transaction reaches UPI network.
    • Settlement: Non-banking PPI issuer can directly settle a payment though a sponsor bank. Non-banking PPI issuers shall adhere to the requirements of sponsor bank in the UPI network and shall also comply with requirements stipulated by NPCI.

Source: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11142

[1] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11142