What is a Payment Aggregator? Difference Between Payment Aggregator & Payment Gateway With Examples


Want to know how a payment aggregator is different from a payment gateway? Click to know the differences & why they’re important for your business.


You might have heard of payment aggregators and payment gateways. 

You might even have been confused between the two of them. 

Some blogs tell you that a payment aggregator is just a collection of payment gateways. On the other hand, some tell you that an entity can be a payment gateway as well as a payment aggregator.

So, which one of these statements is true?

Well, as it turns out, both of them are. 

Confused? 

Allow us to explain. 

What is Payment Aggregator/ Merchant Aggregator?

A payment aggregator (also known as a merchant aggregator) is a service provider that allows merchants to accept payment from customers without creating a separate payment integration system

In other terms, a payment aggregator (PA) bridges the gap between merchants and acquirers. A PA receives payments from customers on behalf of the merchant. Thereafter, it transfers the payments to the merchant in batches after a period of time. 

Payment Aggregator in India

A payment aggregator or a merchant aggregator in India is incorporated under the Companies Act, 1956 / 2013.

Now, a payment aggregator can be a bank or a non-bank PA. Since a PA handle funds, they require a license from the RBI. 

However, only non-bank PAs require unique authorisation from RBI under this act. This is because ‘handling funds’ is counted as a part of ‘normal banking relationship’ for bank PAs.

How Does Payment Aggregator Work?: Payment Aggregator Example

A payment aggregator or a merchant aggregator is a platform that aggregates various payment options in one place. In a way, a payment aggregator is a collection of payment gateways across multiple payment modes.

Let’s take a payment aggregator example here. 

Let’s assume you’re a merchant looking to offer net banking payment option to your customer. Now, you cannot tie up with different banks as that would entail a lot of time in due diligence and integration procedures. Moreover, It would require a lot of capital. 

This is where a payment aggregator comes into play.

A PA can offer you various payment options like cards, net banking, UPI, wallets, EMI, Pay Later etc. under one roof. 

What is Payment Gateway?

According to RBI notification, A payment gateway (PG) is a company that provides technology infrastructure to facilitate online payment processing.

 It is important to note that a payment gateway does not handle funds. 

However, usually, payment aggregator and payment gateway is often used interchangeably, and many PAs call their offering a PG.

Payment Gateway in India

There are two types of payment gateway providers in India. They can be classified as:

Third-Party Payment Gateways

Most businesses are attracted to third party payment gateways because of their innovative payment products. Moreover, they have user-friendly features like seamless onboarding, dashboard and reliable customer support.

Most of them charge low Transaction Discount Rate (TDR), annual fee and charging setup. In fact, there are some third party payment gateways that even more budget-friendly. For instance, Cashfree charges zero setup fee or annual maintenance charges (AMC). 

Related Read: Payment gateway charges India: Busting the free payment gateway myth

Bank Payment Gateways

These payment gateways have high set up costs and are harder to integrate. Their payment modes are not comprehensive. Moreover, reporting and analytics features are not present. They are not considered suitable for startups and small businesses as they can prove to be expensive initially. They are suitable for very large businesses who want to work with multiple service providers.

Difference Between Payment Aggregator and Payment Gateway

Differentiating between a payment gateway and a payment aggregator can be quite hard.

In this section, we will give a detailed rundown of those differences and what it entails. 

Authorization

The criteria of authorization is mainly dependent on whether the entity (PA or PG) handles funds or not.

Like we mentioned before, non-bank PAs require special authorization from RBI. Existing non-bank PAs apply to the Department of Payment and Settlement Systems (DPSS) for this authorization. Moreover, eCommerce marketplaces do not offer PA service unless this activity is separated from the marketplace business. 

On the other hand, payment gateways are considered ‘outsourcing partners’ or ‘technology providers’ of banks and non-banks. So, bank PGs have to follow the RBI regulation on “Managing Risks and Code of Conduct in Outsourcing of Financial Services by Banks” 

Capital Requirements

PAs are required to reach and maintain a specific net worth if they want to continue doing business.

Net worth is a combination of compulsorily convertible preference shares, paid-up equity capital, free reserves, the book value of intangible assets, etc. 

According to the latest RBI regulation, existing PAs are required to achieve a net worth of at least  ₹15 crores by March 31, 2021, and at least ₹25 crores by March 31, 2023. Thereafter, they have to maintain a net worth of at least ₹25 crores at all times.

Naturally, the rules are a bit different for new PAs. They should have a net worth of at least ₹15 crores at the time of application. However, by the end of the financial year (March 31, 2023), they should achieve a net worth of ₹25 crores and maintain it at all times. 

Governance 

The directors of PAs have to satisfy the ‘fit and proper’ criteria of RBI. In fact, RBI can check if the criteria is being satisfied by consulting other government departments, regulators etc. 

Furthermore, non-bank PAs have to notify DPSS of any change in the management of the entity.

Apart from this, rules entail that PAs have to disclose the complete information on privacy policy, customer grievances, merchant policies etc. on their website/app. PAs usually have Board approved policies on dispute resolution mechanism/timelines of processing funds, etc. In fact, PAs appoint a Nodal Officer to handle customer grievances.

On the other hand, the top management/Board in PGs establish organisational processes and approve policies pertaining to information security. The executive management and the IT Steering Committee implement the IT strategy approved by the board.

Safeguards Against Money Laundering

RBI issues the The Know Your Customer (KYC) / Anti-Money Laundering (AML) / Combating Financing of Terrorism (CFT) guidelines. All PAs follow these rules. Moreover, they have to uphold the provisions of the Prevention of Money Laundering Act, 2002.

Moreover, payment gateways run risk assessment procedures. This can identify any vulnerabilities or threats to confidentiality or integrity of asset from a contractual or business compliance perspective.

Merchant Onboarding

PAs have a merchant onboarding policy approved by the Board. They usually run background checks on their merchants to ensure that they do not have any mal intentions to dupe customers or sell fake products.

In addition to this, PAs ensure Payment Application-Data Security Standard (PA-DSS) and Payment Card Industry-Data Security Standard (PCI-DSS) compliance

PAs might also carry out security audits of merchants sites to ensure that they are not storing customer card-related data. In fact, PA agreements with merchants include incident reporting obligations and PA-DSS compliance rules. 

The PG entities follow similar rules during the merchant onboarding process. They undertake comprehensive security assessments to ensure that the merchants adhere to the baseline security controls.

Fraud Prevention, Security and Risk Management

Payment aggregators ensure the prevention and detection of frauds through adequate data security infrastructures. Moreover, they follow information security policies and mitigate possible risks for the security of their payment systems.

In case of any cybersecurity breaches, PAs report the incident to DPSS and CERT-In (Indian Computer Emergency Response Team). Internally, they establish a procedure for handling and following up on these incidents.

Similarly, payment gateways undertake assessments for comprehensive security risks of their employees, business process environment etc. This helps identify risk exposures and apply remedial measures. Mos PGs conduct internal security audits for reports on security compliance posture, risk assessment, etc. 

Conclusion- So Can Your Payment Gateway and Payment Aggregator Be The Same?

Now that we have covered the differences between a PA and a PG in detail, let’s go back to our first question.

Can a company be both a payment gateway and a payment aggregator? 

The answer is yes. A payment company in India can work as a payment aggregator with some banks and a payment gateway with others. This is a hybrid model.

An entity can work as a PG and a PA depending on the payment mode. Alternatively, the bank can work as the payment gateway while the third party entity could work as a payment aggregator.

We started this blog by differentiating between a PG and a PA. However, in reality, the lines between them can be quite blurry. We hope that this blog solves the query out for you. 

Do you have any more questions on the topic? Let us know in the comments below!