When a payment aggregator signs up new merchants, the first job is simple but critical: customer due diligence. It makes sure that the business is genuine and not trying to misuse the payments system. This is perhaps the overarching message in the new RBI master directive for payment aggregator due diligence.
The easiest way is through CKYCR, a central database that stores KYC records. If a merchant’s details are there, the aggregator can pull them up with consent. But if the record is old or missing, the aggregator must collect updated documents directly.
Sometimes CKYCR access is not possible, especially if the aggregator’s authorisation with the Reserve Bank is still pending. In such cases, KYC can still be done through other approved ways.
Small merchants get a simpler option. If their turnover is below forty lakh rupees (or five lakh in exports), they can be onboarded with just a few checks: collect and verify PAN, do a simple site visit (Contact Point Verification), and collect one valid ID of the proprietor or the authorised person.
Documents alone are not enough as part of payment aggregator due diligence process described in the directive. Background checks must also be done to ensure the merchant has a clean track record. If one aggregator signs up a merchant through another, the one actually doing the onboarding is responsible for all these checks.
Once onboarded, the aggregator must assign proper merchant codes and IDs, and make sure the merchant’s name is correctly captured in every transaction. This avoids confusion and disputes when customers see their payment slips. Marketplaces face an additional rule. They cannot process payments for sellers who are not formally registered on their platform. And money collected from customers must always flow directly into the merchant’s own bank account, never anywhere else.
The work does not stop after onboarding. Aggregators must monitor merchant transactions on an ongoing basis. The idea is to ensure that the pattern of payments matches the merchant’s business profile. If a corner shop suddenly starts processing huge international payments, it should raise a red flag.
Non-bank aggregators also have to register with FIU-IND, the body that tracks suspicious financial activity. They must meet reporting obligations to keep the wider system safe. Timelines are fixed. Merchants signed up till December 2025 must complete due diligence within a year. From January 2026, every new merchant must be onboarded under the full rules without exception.
Acquiring banks also play a role. Whenever a bank works with a non-bank aggregator, it must have a policy on how payments are processed. The bank doesn’t need to repeat all the due diligence, but it must be able to access merchant details whenever required and ensure that aggregators are following the bank’s standards.
Aggregators are allowed to use agents to help merchants with steps like digital KYC or video-based verification (V-CIP). But agents are only helpers. Note that the Agent has not been elaborated but industry assumption is that they are third parties or business correspondents supporting the PA with KYC and customer due diligence. The aggregator is fully responsible for the outcome and must even check the agents themselves before appointing them.
All these requirements may sound like a long checklist, but they are about one thing: building trust. They protect merchants from errors, customers from fraud, and the entire payments system from abuse. They also strike a balance by keeping rules lighter for small merchants so that growth is not slowed down.
Digital payments thrive only when people trust the system. Customers will pay with confidence, merchants will grow with credibility, and aggregators will operate with clear regulations. If you are interested in how FRS Labs can help you scale your customer due diligence through Digital KYC, Video KYC and no-code journey builder, please do request a demo and trial access
About
We are your friends at frslabs
FRSLABS is an award-winning research and development company specialising in customer onboarding, identity verification and fraud prevention solutions for businesses. Whether you are a big bank, insurance, telco or a small investment broker, we help you onboard and verify your customers with greater flexibility, compliance and reliability.
Built for you, not for investors
We do what is right for you (and only you) at scale. Nothing is off-limits for us when it comes to innovation, a culture best reflected in the array of patents we have filed. We want to be your trusted partner, to build the solutions you need, and to succeed when you succeed.
Priced for success
We are driven by our mission to touch a billion lives with our tools and not beholden by venture capital or mindless competition. We therefore have the freedom to do the right thing, and price our products sensibly, keeping your success and our staff in mind.
Supported by humans
Whatever it takes, we are here to help you succeed with our products and services. For a start, you get to talk to a human for help, not bots, to figure things out one-to-one. Whatever your needs, however trivial or complex it may seem, we have you covered.
