Third Party Payment Providers

Third Party Application Providers (TPAPs)

TPAPs refer to (API), which are either standalone applications or applications that add functionality to an existing parent program / system. In the financial space, third party apps are often connected to a banking application to provide a variety of services. A third party app sends a request to the linked banking application for permission to access the user's bank details, which is further relayed by the banking application to the customer to authenticate the request. These apps provide flexibility and freedom to consumers to select solutions they find most convenient to meet their financial needs.

TPAPs are the best examples of public-private partnership and underscore the importance of fintech in the payments' ecosphere. CDDP appreciated the partnership between banks and non-banks and noted that the latter are responsible for expanding the range of payment services available to the Indian consumer on account of their technology and customer centric innovation. This ';best of both worlds'; approach has contributed to the recent growth in digital payments, and is expected to grow further. This architecture balances regulatory safety and innovation as it combines the safety and trust of banking institutions with the informality and convenience offered by non-banks.

In the payment space, third party service providers are primarily in the form of payment gateways, payment aggregators and TPAPs in UPI. The UPI ecosystem is designed for banks. Only a banking entity can directly interact with the UPI switch. However, non-banking entities can participate by partnering with a banking entity which is already on UPI platform, and developing their own APIs referred to as third party apps. The role of these entities is more in the nature of facilitator for transactions as the entire operational and financial liability of transactions originated through third party app lies on the bank. There are over 20 TPAPs (eg., Google Pay, WhatsApp etc.) in UPI. Around 200 crore UPI transactions are undertaken each month, of which a significant share are originated through the third party apps.

Leveraging further on the system, a multi-bank model has been introduced for large TPAPs which allows them to tie-up with multiple banks to act as PSPs. As in the case of single bank model, the TPAPs provide only customer interface, while the transactions continue to be processed through the underlying PSP bank.

Payment Aggregators (PAs) / Payment Gateways (PGs)

A typical online payment transaction requires the involvement of several intermediaries like banks and non-banks which act as merchant aggregators. PAs, provide PG services and engage in other technology driven value-added activities. PAs and PGs are entities that facilitate e-commerce sites and merchants to accept various payment instruments from customers for completion of their payment obligations without the need for merchants to create a separate payment integration system of their own. In this process, while PAs also handle funds, PGs provide only technological infrastructure. While banks and other PSOs are directly regulated by RBI, the PAs and PGs were not.

Given the critical role of these intermediaries in payment transactions, PAs have been brought under regulations while baseline technology specifications have been laid down for PGs. Banks provide PA services as part of their normal banking relationship and hence do not require a separate authorisation from RBI. Non-bank PAs will now require authorisation from RBI under the PSS Act. e-commerce market places selling goods of various merchants on their platform are exempted from these guidelines. However, if an e-commerce market place is providing aggregation services, it will have to segregate the PA services from other businesses and apply for authorisation for continuing PA services.

The guidelines mandate that a proper Customer Grievance Redressal and Dispute Management Framework is put in place along with a strong risk management system with adequate information and data security infrastructure for prevention and detection of frauds in order to make the payment systems safe, secure and robust systems and ensure customer protection.

Source : RBI