April 15, 2024
Cash loans on credit cards raise KYC concerns in POS transactions
Data security risks are highlighted in varying storage practices among POS operators
Regulatory intervention is needed to mitigate risks in fund management by third-party players
The potential requirement for licenses raises questions about the eligibility of players like Paytm and BharatPe
The Reserve Bank of India (RBI) is poised to introduce guidelines for issuing licenses in the point-of-sale (POS) business, creating a new category within financial services, as reported by Hindu Businessline. Sources say this move aims to bolster regulation in the offline payments sector, ensuring operational fairness and establishing parity between online and offline payment operators.
According to the report, banks and non-banking financial companies (NBFCs) currently engaged in the POS business will remain unaffected. However, third-party operators such as BharatPe, MSwipe, Paytm, and PineLabs are anticipated to be impacted, necessitating them to acquire licenses to sustain their operations.
The report notes that the rapid proliferation of third-party operators in the offline payments sector has underscored the necessity for regulatory measures. Additionally, banks have increasingly utilised third-party POS services to streamline business processes.
These operators manage daily average balances of INR 400 crore, compared to INR 1,000 crore online. An industry insider emphasised the importance of implementing regulatory changes before the offline market becomes excessively large.
Like payment aggregator licenses, POS operators may need to fulfil specific criteria, including a minimum net worth of INR 25 crore and compliance with other stipulations outlined by the RBI.
Challenges and concerns within the industry have prompted the need for a licensing framework. Firstly, there has been a surge in cash loans on credit cards, resulting in large, one-time swipes at POS terminals. This has raised concerns about merchants offering cash in exchange for transactions, highlighting issues with know-your-customer (KYC) procedures and regulatory oversight.
Secondly, discrepancies in data storage practices among POS operators pose security risks. Varying data retention periods, spanning from 90 days to over a year, underscore the necessity for standardisation aligned with security protocols.
Thirdly, apprehensions exist regarding fund management by third-party players. Concerns include delayed settlements to merchants and the risk of unregulated entities mishandling funds, necessitating regulatory intervention to mitigate potential risks. Although no such instances have been reported yet, it remains a concern.
The potential requirement for licenses raises questions about the eligibility of players like Paytm and BharatPe, awaiting approval from the central bank for payment aggregator services, to operate in the offline POS segment.
Source: Mint