Account Aggregator Use Case for Payment Aggregators
Payment Aggregators (PAs) play a crucial role in financial sector by bridging the gap between merchants (who provide goods and services) and their customers. They enable payment collection and settlement between merchants and customers.
As per RBI, PAs include entities that
- provide technology infrastructure to facilitate processing of online payments, without actually handling the funds
- facilitate e-commerce sites and merchants who accept payment instruments from customers, without any separate payment in
- and entities that facilitate merchants to connect with acquirers
Apart from payment processing services, some PAs also provide generation of settlement, cross border settlement services, and transaction management services. Therefore, PAs are also subject to Forex regulations.
Regulatory Requirement for Security, Fraud Prevention and Risk Management Framework
Such PAs have been operating the country for long, and were recently pulled into the regulatory ambit by RBI. With the regulations there has been an increased emphasis on security, fraud prevention and risk management.
This security framework highlights five key measures for mitigating risks at PAs:
- Information Security Governance to identify risk exposures with remedial measures and residual risks.
- Data Security Standards and best practices like PCI-DSS, PA-DSS, latest encryption standards, Transport Channel Security etc. to be implemented
- Security Incident Reporting of security incidents / card holder data breaches within 2-6 hours time frame to RBI among other monthly reporting to RBI
- Merchant Onboarding to ensure these minimal baseline security controls are adhered to by the merchants
- Cyber Security Audit and Reports
AA as a Tool for Fraud Risk Management – Payment Aggregator (PA) Perspective
As PAs are being included into the regulatory ambit, (being newest Regulated Entity (RE) by the Central Bank), the onus on Fraud Risk Management has increased multifold. As we all know, majority frauds happen at the payment legs across the world. PAs have to be one step ahead in Fraud Risk Management. The largest risk a PA (who is primarily responsible for Settlement of the funds to the Merchant) carries is to ensure the funds getting settled are for genuine transactions & genuine goods & services provided by the Merchant. The payment industry today lacks additional data points to access a foul play by merchants as they have access only to Transaction Data with PA framework.
Currently, Risk Assessment is primarily being done during Merchant Onboarding wherein thorough KYC is performed of the Merchant. Post Merchant goes live, there are hardly any measures, controls or innovation to do continuous risk monitoring by looking at data points beyond Transaction Data. This is where Account Aggregator can solve the problem for newly regulated RE’s. With access to Banking Data / GSTN Data & lot more FSR’s participating as FIP’s, the richness of data can add an immense value to assess risk of a Merchant.
Thanks to one consent framework, which
- can allow continuous flow of recurring data,
- seamless Merchant-onboarding experience &
- Unified Consent Management Framework through AA,
risk models can be built to assess the overall health of the Merchant.
Merchant Risk Monitoring will be a great tool to check frauds by Merchants. Based on the Transaction Data & Financial Data coming from AA, the Fraud Risk team can do a combined behavioral pattern analysis & can act accordingly.
To conclude, Payment Aggregators are in a dire need of innovation and Account Aggregator framework can be a game changer for the industry.
About Author:
Oomkar Kulkarnie is the Head of Product & Technology, at 1pay.in, one of the leading payment aggregators in India. The author can be reached at oomkar@1pay.in for feedback and comments.