Merchant Onboarding Policy @PayGlocal

A comprehensive guide for merchants what it takes to get onboarded with PayGlocal and start accepting payments from their customers

Got questions? Write to us at merchant.support@payglocal.in
Last updated: August 22, 2024

Introduction

This policy is created by PayGlocal Technologies Private Limited (hereinafter referred to as the "Company" or PayGlocal or "We") to clearly document guidelines & practices followed by the Company for refund in the course of its Payment Aggregator ("PA") and Payment Aggregator – Cross Border ("PA-CB") businesses. The Reserve Bank of India ("RBI") by means of Guidelines on Regulation of Payment Aggregators and Payment Gateways ("PA Guidelines") and Regulations on Payment Aggregator – Cross Border ("PA-CB Regulations") regulates PA and PA-CB intermediaries in the payment ecosystem.

In accordance with the PA Guidelines and PA-CB Regulations PayGlocal ensures detailed evaluation of each merchant onboarded on its system with detailed coverage of all the steps. ("Merchant On-boarding Policy" or "Policy"). The intent of the Policy is to establish a comprehensive mechanism to onboard merchants on the platform.

Merchant on-boarding process includes documentation collection and verification, merchant nodal codes setup process, activation & maintenance activities.

Our assessment and evaluation processes followed have been diligently drafted primarily on the guidelines and rules framed by RBI, advice and counsel of our banking partners and renowned consultants, prevailing industry best practices and our own zeal to provide our merchants and customers a safe, trusted, reliable and a secure platform to allow exchange of payments across. These assessments, evaluations and processes are updated from time to time as per the regulatory guidelines formulated and enforced.

II Objectives

The key Policy objectives are:

The policy must be read in conjunction with the Company's Know Your Customer/ Anti-Money Laundering/ Combating Financing of Terrorism Policy (KYC/AML/CFT Policy), as updated from time to time.

III Scope and Applicability

The scope of the Merchant Onboarding Policy is to establish the framework and requirements for ensuring adequate management of regulatory compliance, financial and operational risk associated with the merchant onboarding process. The aim of this framework is not to eliminate the aforesaid risk, but to assist in managing the risks involved in the activities associated with KYC verification, commercial update/ payment option enablement etc., to maximize efficiency, to improve the processes and to minimize chances of adverse consequences and resultant losses.

This Policy shall be applicable to all the merchants with whom the Company establishes a PA or PA-CB relationship irrespective of the entity types or the scale of the merchants.

The Customer Onboarding, Risk and Compliance teams shall be responsible to assess scrutinize the potential merchant based on the information collected from the said merchant. The parameters for assessing the merchant are subject to and in accordance with the applicable laws, including the PA Guidelines and PA-CB Regulations.

IV Governance

The Policy is approved by the Board of Directors (“the Board”) of the Company.

The merchant sourcing / sales team and the risk & operations team are responsible for onboarding merchants and performing necessary due diligence.

A report on an agreed frequency is submitted to senior management for the merchants onboarded, necessary findings and due diligence conducted. A list of merchants is also provided to competent regulatory authorities whenever requested.

On-boarding Risks

The scope of this section is to capture the activities and process steps involved in merchant onboarding and to identify the risks in the system.

Throughout our process of merchant onboarding, PayGlocal bears two types of contingent liability: Financial risk and compliance risk.

Please note that relevant financial risk and its mitigation guidelines on account of merchant credit / fraud risk is part of the Company's 'Merchant Risk & Fraud Policy.’

Financial risk

PayGlocal is exposed to financial risks in the following situations:

Compliance risk

Compliance Risk is endured in the following situations:

Other Assessments

V Merchant Onboarding Overview

The Company shall ensure that the following KYC and due diligence checks are performed on the merchants as part of the onboarding process as per the PA Guidelines and PA-CB Regulations:

VI Merchant Onboarding Process

The Policy covers mainly the following aspects of managing financial risk and compliance risk:

This Policy aims to define the following processes, which are to be executed by Merchant On-boarding team and part of PayGlocal core activity of payments processing:

Merchant KYC validation:

Merchant Commercial update:

Merchant payment option update:

Merchant bank details update:

MID Creation & Activation

Please refer to Appendix 1 of this Policy for the list of banned and restricted business lists. Restricted categories to be onboarded post joint approval from Risk and Business heads.

VII Merchant KYC Verification

To minimize the error in merchant validation in Onboarding process and to enable Transaction and Settlement for the Merchant below due diligence on merchant KYC is performed.

Settlement Obligations

Merchant settlement cycle within the system will be as following:

Merchant supporting documents and KYC validation/ verification

Depending on the business entity and type of the merchant a defined set of respective documents is required which should be provided by the merchant. The KYC documents are validated/ verified and if any application is considered as unacceptable/ unqualified the merchant is to be rejected and the services will not be enabled. Please refer to Appendix-2 of this Policy for KYC documents required by each merchant entity type.

Merchant commercial update

Based on the agreement between the merchant and PayGlocal, the merchant is charged a service fee which may vary basis the various plans offered to the merchant as per the business category or as per the agreed terms between PayGlocal and the merchant.

Merchant payment option update

Tp, Ts, Td and Tr are terms defined by RBI as time of payment, time of shipment, time of delivery and time of refund. PayGlocal is not in the business of shipping goods or services. Hence, PayGlocal will agree on settlement cycle with the merchants either based on Tp, Td or Tr and will adhere to the agreed timelines for settlement cycle excluding exception.

Based on the commercials provided by the business team, onboarding team checks them against the base rate (rack rate) and commercials agreed with the merchant to process further. If the rates are below the base rate (rack rate), the team rejects the cases. Such cases only get processed on approval of the business head.

Merchant bank details update

PayGlocal will review and validate all its merchants as mentioned below:

Bank account validation

Bank verification letter/ cancelled cheque/ bank account details is/are mandatory document(s) which is provided by the merchant for due diligence wherein the details are cross checked and validated and if any application is considered as unacceptable/unqualified the merchant should be rejected and the services should be put on hold.

Bank validation testing or account verification

A systemic bank account verification activity is performed for any new bank account that is recieved on our system to validate the authenticity of the merchant’s account. The check is implemented to see if the merchant has provided valid / active bank account.

Preformat code creation

PayGlocal system creates 'preformat codes’ which is mandatory for merchant settlement wherein a code in specific format is mapped to the bank account details of a Merchant on a particular merchant ID. These codes are updated on bank’s portal that processes PayGlocal’s merchant settlements. This ensures that settlement will be done on the merchant’s bank account that is mapped to the specific code which is mapped on the system.

VIII MID Creation & Activation

PayGlocal will create the unique MID in the PayGlocal system once the below conditions are met:

If all the above conditions are successfully completed, then MID will be generated post which MID would be activated for transaction processing.

MID activation is preceded by following activities:

IX Security Assessment of Merchants

The following security assessment will be conducted prior to onboarding merchants, wherever applicable:

Security controls implemented by the merchants will be assessed by the Company. The assessment would include checks of the following aspects, at least:

Merchants will be assessed to ensure compliance of their infrastructure to security standards PCI-DSS, as applicable. Merchants are obligated to be compliant with the security standards as per PA Guidelines and PA-CB Regulations and any violation of the same is considered breach of agreed terms with PayGlocal and can be considered as grounds for delisting or deactivation.

Merchant site shall not save customer card and a security audit of the merchant may be carried out to check compliance, as and when required. Merchants are not allowed to store payment data irrespective of their being PCI-DSS compliant or otherwise. They shall, however, be allowed to store limited data for the purpose of transaction tracking, for which the required limited information may be stored in compliance with the applicable standards.

Data sovereignty: PayGlocal shall take preventive measures to ensure that a Merchant does not store data in infrastructure that belongs to jurisdictions which may be physically located outside India. Appropriate controls shall be considered to prevent unauthorized access to the data.

A review will be conducted at least annually in order to verify continued compliance by the merchants already onboarded.

Below mentioned is the indicative frequency of security assessment based on the volumes processed by the merchant:

Volumes processed monthly (USD)Frequency of security assessment
Greater than 5 Mn12 months
Between 2 Mn to 5 Mn18 Months
Less than 2 Mn24 months

X Delisting and Deactivation of Merchants

Delisting or de-activation of a merchant shall be considered for the reasons as per the agreed terms between the Company and the merchant. The reasons for deactivation shall include the following:

XI Policy Review

The Policy shall be reviewed as and when required (at least annually), or when significant regulatory changes occur to ensure its continuing suitability, adequacy, and effectiveness. The changes must be approved by the Board of the Company.

XII Record Keeping

The records pertaining to merchant transactions/ complaints shall be maintained for a minimum period of 5 (Five) years by the respective department of the Company as per the KYC Master Directions.

PayGlocal shall maintain all necessary records of transactions between them and the customer, both domestic and international, for at least 5 (Five) years from the date of transaction and preserve the records pertaining to the identification of the merchants and their addresses obtained while opening the account and during the course of business relationship, for at least 5 (Five) years after the business relationship is ended.

PayGlocal shall make available the identification records and transaction data to the competent authorities upon request and also maintain all necessary information in respect of transactions prescribed under Rule 3 of Prevention of Money Laundering (Maintenance of Records) Rules, 2005, so as to permit reconstruction of individual transaction, including the following:

Banned Business List

  1. Adult goods and services which includes pornography and other sexually suggestive materials (including literature, imagery and other media), escort or prostitution services.
  2. Alcohol which includes alcohol or alcoholic beverages such as beer, liquor, wine, or champagne.
  3. Body parts which include organs or other body parts.
  4. Bulk marketing tools which include email lists, software, or other products enabling unsolicited email messages (spam).
  5. Cable descramblers and black boxes which includes devices intended to obtain cable and satellite signals for free.
  6. Child pornography which includes pornographic materials involving minors.
  7. Copyright unlocking devices which include Mod chips or other devices designed to circumvent copyright protection.
  8. Copyrighted media which includes unauthorized copies of books, music, movies, and other licensed or protected materials, copyright infringing merchandise.
  9. Products labelled as 'tester, 'not for retail sale,' or 'not intended for resale'.
  10. Copyrighted software which includes unauthorized copies of software, video games, and other licensed or protected materials, including OEM or bundled software.
  11. Counterfeit, unauthorized goods which include replicas or imitations of designer goods; items without a celebrity endorsement that would normally require such an association; fake autographs, counterfeit stamps, and other potentially unauthorized goods.
  12. Products that have been altered to change the product's performance, safety specifications, or indications of use.
  13. Drugs and drug paraphernalia which includes hallucinogenic substances, illegal drugs and drug accessories, including herbal drugs like salvia and magic mushrooms.
  14. Drug test circumvention aids which include drug cleansing shakes, urine test additives, and related items.
  15. Endangered species which includes plants, animals, or other organisms (including product derivatives) in danger of extinction.
  16. Government IDs or documents which includes fake IDs, passports, diplomas, and noble titles.
  17. Hacking and cracking materials which include manuals, how-to guides, information, or equipment enabling illegal access to software, servers, websites, or other protected property.
  18. Illegal goods which include materials, products, or information promoting illegal goods or enabling illegal acts.
  19. Miracle cures which include unsubstantiated cures, remedies, or other items marketed as quick health fixes.
  20. Offensive goods which include literature, products, or other materials that:
    • Defame or slander any person or groups of people based on race, ethnicity, national origin, religion, sex, or other factors.
    • Encourage or incite violent acts.
    • Promote intolerance or hatred.
  21. Offensive goods, crime which includes crime scene photos or items, such as personal belongings, associated with criminals.
  22. Pyrotechnic devices (apart from the ones mentioned in the Restricted category), hazardous materials and radioactive materials and substances.
  23. Tobacco and cigarettes which includes cigars, chewing tobacco, and related products.
  24. Traffic devices which include radar detectors/jammers, license plate covers, traffic signal changers, and related products.
  25. Weapons which include firearms, ammunition, knives, brass knuckles, gun parts, and other armaments.
  26. Matrix sites or sites using matrix scheme approach/Ponzi/Pyramid schemes.
  27. Work-at-home information.
  28. Any product or service which is not in compliance with all applicable laws and regulations whether federal, state, local or international including the laws of India.
  29. BPO services.
  30. Surgical products on B2C model.
  31. Immigration services.
  32. Immigration services.
  33. Guaranteed Employment Services.
  34. Religious products that make false claims or hurt someone's religious feelings/beliefs.
  35. Adoption agencies.
  36. Pawnshop.
  37. Esoteric pages, Psychic consultations.
  38. Telemarketing (Calling list, selling by phone for example travel service, overall sales).
  39. Credit Counselling/Credit Repair Services.
  40. Get Rich Businesses.
  41. Bankruptcy Services.
  42. Websites depicting violence and extreme sexual violence.
  43. Bestiality.

Restricted Business List

  1. Gaming/gambling which includes lottery tickets, sports bets, memberships/enrolment in online gambling sites, and related content.
  2. Prescription drugs or herbal drugs or any kind of online pharmacies which includes drugs or other products requiring a prescription by a licensed medical practitioner. Exceptions:
    • Medical devices authorized by the FDA for over-the-counter purchase that are not otherwise restricted and are appropriately described and labelled, including eyeglass frames, tanning devices, otoscopes, ionized or ionic bracelets, Personal Sound Amplification Products (PSAPs), etc.
  3. Fireworks and related flammable goods.
  4. Securities which include stocks, bonds, or related financial products.
  5. Forex merchants.
  6. Crowdfunding.
  7. Investment in the future of assets (Futures markets are the performance of contracts for purchase or sale of certain matters at a future date, agreeing price on the present, the amount and due date. Currently, these negotiations are conducted in stock markets).
  8. Portfolio Collection, Debt Collection.
  9. Stock trading & Financial advisory.
  10. Multilevel sales, profit or income by referral of new users.
  11. NGO.
  12. Real Estate.
  13. Loans.
  14. Surgical products on B2B model.
  15. Club memberships.
  16. Money transfer.
  17. Resume Writing Services.
  18. Auctions/Tenders.
  19. Sale of gemstones / High value jewellery.
  20. Sale of animal husbandry.
  21. Antiques or collectibles.
  22. Dietary and herbal supplements.
  23. OTC drugs.
  24. Photographs, images from videos, images generated by PC Images (copyright or intellectual property).
  25. Foundations, donations or fundraising by third parties.
  26. Discount coupons, coupons.
  27. Sex shops and erotic items.
  28. Professional services (psychologists, lawyers, etc.).
  29. Protection services (Bodyguards services).
  30. Electronic cigarettes (e-cigarettes).
  31. Political Parties; Politically related payments (donations for a party).
  32. Religious Organisations.
  33. Financial Services: money exchange service, including bitcoins, cryptocurrency, forex brokers, financial institutions, debt recovery.
  34. Financial Products (Mutual Funds, Insurance).
  35. Real Estate Agents/Brokers.
  36. Matchmaker services.
  37. Sexual Health Products (Vitamins, Nonprescriptive Treatment & Medicine).
  38. Offline dating meetups, social-based dating events, matchmaking.
  39. Gift Cards as Primary Business.
  40. Gold, Silver & Precious metals.
  41. Collection Agencies.
  42. Medical Devices.
  43. Chit Fund, Credit societies, and small NBFC.
  44. Fireworks.
  45. Lottery, Raffles.
  46. Incentive Business.
  47. Funeral Services.
  48. Subscription Services.
  49. Warranty Services.
  50. Air Bags, Batteries containing mercury.
  51. Government Uniforms.
  52. Real Estate Maintenance.
  53. Web Hosting, Designing.
  54. Art Promotion.
  55. Commodities Trading.
  56. Career Counselling Services.
  57. Marketplace Model.
  58. Aggregator, Payment Facilitator.

Appendix 2

KYC Document Requirements by Merchant Entity type

Common Document NameIndividualHUFProprietorPvt Limited/ Public LtdOPCPartnership Firm/ LLP (1)Trust/Society (2)Govt (3)Associate of Person
Bank Verification Letter/ Cancelled ChequeYesYesYesYesYesYesYesYesYes
Aadhaar Card (Individual/ Authorized Signatory)Yes
Individual PAN CardYesYesYes
Individual Address Proof* (Please go through the list of sub-category documents)YesYes
HUF PAN CardYes
Proprietor PAN CardYes
Proprietor Address ProofYes
Signing Authorities (As per BR) - PAN CardYesYesYesYesYes
Signing Authorities (As per BR) - Address ProofYesYesYesYesYes
Company PAN Card (Firm/ Society/ Trust)Yes (Not Mandatory)YesYesYesYesYes
Board Resolution/Authorization Letter (BR Mandatory for all PG)YesYesYesYes
Government Issued Certificates* (Please go through the list of sub-category documents)YesYes, COI CompulsoryYes, COI CompulsoryYes, COI CompulsoryYesYesYes
CIBIL/Consent Letter (Not Mandate)YesYesYesYesYes
List of Directors/Partners and KYC (KYC not mandatory)YesYesYes
2nd Government ProofYes
Partnership Deed Verified by RegistrarYes
Partner KYC (Not mandatory)Yes
Memorandum and Articles of AssociationYesYes
Trust/Society DeedYes