Merchant Acquiring -Safety Aspects

Real-time digital payments is now a basic table stake. With all the changes the payments industry is facing currently, the merchant acquirer today is faced with bigger challenges : advanced data awareness, a wide range of payment solutions portfolio with a heavy emphasis on the touch-free ones, and a clean technological interface with the other players in the game. In other words, safety, convenience and simplicity are the deciding factors when it comes to finding the ideal acquiring partner. The safety aspect automatically reaches the top spot.

In this article, let us delve deeper into the payments regulations scenario in India and the safety aspects that Toucan platform offers.

Digital Payments in India:

The digital payments industry in India has seen extraordinary growth since demonetisation. Reports speculate that realtime electronic payments will touch 70% of the total transaction volume by the year 2025. In the same time frame, PwC estimates the volume and value of digital transactions in India to reach INR 167 billion and INR 238 trillion respectively.

However, in Aug 2020, RBI reported a 28% increase in volume and a staggering 159% increase in value in financial fraud from the preceding year.

RBI Directives and corresponding Toucan Features :

RBI Regulation of Digital Payments includes the following guidelines :

  1. RBI Guidelines on Regulation of Payment Aggregators and Payment Gateways – March 2020
  2. Master Direction on Digital Payment Security- February 18, 2021, effective from Oct 2021.

Let us consider the major items that have a direct bearing on Merchant Acquiring.

Information Security Governance: The entities at a minimum shall carry out comprehensive security risk assessment of their people, IT, business process environment, etc., to identify risk exposures with remedial measures and residual risks.

Being a technology-first company, Toucan has multi-layered test strategies before a product is deployed on the client platform. Audits, both internal and external, are regularly undertaken to update and secure the system. There is an active threat monitoring system in place that overlays the IT infrastructure to assess any potential threats and block them. Issues are mitigated at the foundation level as security and privacy flow down right from the design principles.

Data Security Standards: Data security standards and best practices like PCI-DSS, PA-DSS, latest encryption standards, transport channel security, etc., shall be implemented.

Toucan is PA DSS assessed and PCI DSS certified. It uses a robust stack of the latest technology. To begin with, it has a Web Application Firewall deployed, which creates an integrated defense against a range of attack vectors.

The threshold barriers for acquiring security, the merchant on-boarding process, will be discussed in a continuation post.