By Sandeep Parekh, Managing Partner, Finsec Law Advisors
India’s digital payments revolution has been a story of speed and scale. India today processes over 18 billion United Payments Interface (UPI) transactions a month, accounting for nearly half of the world’s real-time digital payments. While UPI, the crown jewel of the India Stack, has been a core driver of this growth, acceptance infrastructure has been equally crucial in supporting widespread adoption. This includes both offline payment solutions deployed at merchant locations such as QR codes and point-of-sale (POS) terminals and online solutions on e-commerce websites and apps.
Until recently, only online transactions were covered under the Reserve Bank of India (RBI) Guidelines on Regulation of Payment Aggregators and Payment Gateways (March 17, 2020) that delineated the roles of entities which constitute the core infrastructure, viz. payment aggregators (PAs), merchants, and acquiring banks. Offline transactions at merchant locations fell outside the scope of the above guidelines.
In its Payments Vision 2025 (June 2022), the RBI signalled its intention to harmonise practices and regulatory obligations across online and offline PAs. Shortly after, in its Statement on Development and Regulatory Policies issued in September 2022, it proposed to extend the existing regulations to offline PAs, recognising the similarities in their activities with online PAs and their overall significance in the payments ecosystem.
On September 15, the RBI released the Master Direction on Regulation of Payment Aggregator, repealing the earlier guidelines and introducing physical PAs (PA-Ps) as a sub-category requiring RBI authorisation. PA-Ps are defined as entities facilitating transactions where both the acceptance device and payment instrument are in close physical proximity when the transaction is made.
The formal classification of PA-Ps under the Master Direction brings POS operators and QR-code facilitators that process offline payments under the same framework as their online counterparts. Entities carrying out only the PA-P business must apply for RBI authorisation by December 31, while existing licensed PAs carrying out PA-P activity can continue if they intimate the central bank and obtain an updated authorisation.
The Master Direction establishes parity between online and offline PAs through similar governance and operational obligations, reflecting the RBI’s principle-based and soft-touch approach that allows licensed PAs the discretion to innovate, provided they meet minimum standards. Broad standards cover guidelines and restrictions on handling of funds, such as maintaining an escrow account, specifying permissible debits and credits, and ensuring day-end balances cover funds payable to merchants. PAs may design settlement timelines based on negotiations with the merchants, provided they are fair, equitable, and transparent.
The responsibility of carrying out merchant due diligence rests with the PA, including know-your-customer (KYC) and background checks during onboarding and monitoring of subsequent transactions by the merchant to ensure they are in line with the merchant’s business. Simplified KYC norms have been introduced for small merchants having a turnover of up to `40 lakh or export turnover of up to Rs 5 lakh, enabling easier onboarding. PAs are required to have systems in place to ensure funds due to a merchant are only credited to the merchant’s bank account, and that all transactions processed for a merchant are tagged with a code allotted to the merchant by the PA. They are barred from processing payments of sellers that are not onboarded by them as merchants.
The Master Direction also specifies mandatory elements that must form a part of the dispute management and security and risk management frameworks, while leaving the actual terms of such frameworks up to the PA’s discretion. PAs must obtain quarterly auditor certifications on escrow balances, submit monthly transaction statistics to the RBI, and file annual system and cybersecurity audit reports through Indian Computer Emergency Response Team (CERT-In)-empanelled auditors, in addition to ongoing incident reporting.
Including PA-Ps within the regulatory framework aligns with the RBI’s overall vision of regulating all significant payment intermediaries to support the continued growth of the Indian payment ecosystem. Previously, a PA’s role in the facilitation of offline payments, despite the scale and significance of such payments, was not regulated. According to the 2025 edition of PwC’s Indian Payments Handbook, an estimated 1,297 million acceptance devices are expected to be deployed at merchant locations by 2030. Keeping this in mind, introducing uniform and principle-based standards for offline payment aggregation workflows, right from merchant onboarding and diligence, settlement of transactions, and technology, to reporting obligations can act as a key catalyst in helping offline payments scale sustainably while managing risks.
Moreover, considering the fintech industry’s growing focus on offering full-stack payment solutions to merchants, uniform standards for online and offline PA activities can help streamline common processes (such as client and merchant diligence, or information security protocols) across both functions. Consider an existing licensed PA providing payment processing services for online purchases made on Company X’s website. If the PA wishes to expand its product suite and offer similar services for payments made through POS terminals in Company X’s stores, it will be able to do that by giving prior intimation to the RBI. In fact, prominent fintech players like RazorPay and Pine Labs, which initially specialised in online payments and offline payments respectively, have expanded into the other segments.
On the flipside, while the Master Direction levels the playing field for PAs, it may also create transition challenges for smaller offline PAs catering to a relatively smaller merchant base. However, it is worth considering that the long-term benefits of uniform practices, enhanced security in handling of funds, and higher regulatory oversight may outweigh short-term adjustment costs. By demanding scale, the RBI is prioritising systemic stability in the longer run.
From a largely cash-based economy to processing billions of digital transactions monthly, India has achieved remarkable financial inclusion through innovation and pragmatic regulation. As fintechs navigate these new requirements, they join a more regulated but potentially more sustainable ecosystem. The fintechs that make compliance and governance a strategic priority will be better positioned for growth, institutional partnerships, and long-term growth.
Co-authored with Rashmi Birmole and Purva Mandale, respectively senior associate and associate, Finsec Law Advisors