How to Choose a High-Risk Payment Processor in India

Highlights:

Understand RBI’s Payment Aggregator Directions requiring ₹15 crore minimum capital and merchant verification.

Learn why gaming, fantasy sports, and subscription businesses face strict compliance requirements.

Discover cost structures, including rolling reserves and PCI DSS compliance expenses.

Compare settlement timelines and chargeback management for high-risk merchants.

Introduction

Businesses in gaming, fantasy sports, subscription services, and cross-border e-commerce often realise that standard payment gateways do not meet their needs. These sectors deal with higher refunds, disputes, and regulatory checks.

India recorded a 45% increase in chargeback volumes in 2024, especially in digital-first businesses. This rise has pushed regulators and banks to closely monitor how payments are collected and settled.

To address this, the Reserve Bank of India introduced updated Payment Aggregator Master Directions in September 2025, changing how high-risk merchants are onboarded and monitored.

What Defines High-Risk Payment Processing in India?

High-risk payment gateway solutions handle transactions for businesses requiring enhanced fraud monitoring, regulatory compliance, and merchant due diligence beyond standard processing.

Businesses face high-risk classification when chargeback rates exceed 1%, a critical threshold monitored through Visa’s Global Acquirer Risk Standards and Mastercard’s programmes. Beyond chargeback ratios, the industry sector determines risk classification.

India-specific high-risk industries include:

• Gaming and fantasy sports: Regulatory ambiguity between skill-based and chance-based activities
• Subscription services: Higher dispute rates from recurring billing
• Cross-border e-commerce: Subject to ₹25 lakh per-transaction limits under RBI’s PA-CB framework
• New businesses: Lack of 6-12 month processing history
• Crypto-related services: Enhanced monitoring for virtual asset transactions

Payment aggregators handling these merchants must obtain RBI authorisation under the Payment and Settlement Systems Act, 2007, implementing stringent verification protocols.

RBI Authorisation & Payment Aggregator Compliance

Non-bank payment aggregators must demonstrate ₹15 crore net worth at authorisation, increasing to ₹25 crore within three years. This capital requirement ensures aggregators maintain operational stability when serving high-risk sectors.

Merchant verification deadlines:

Requirement	Timeline
Existing merchant KYC	December 31, 2025
Re-onboarding starts	January 1, 2026
Capital compliance	February 28, 2026

High-risk merchant onboarding typically takes 7–14 business days at minimum, but enterprise cases can extend to 3–6 weeks depending on complexity. The timeline is driven by several underwriting layers:

• Business model review: Aggregators assess revenue flows, refund mechanics, prize pools, and regulatory positioning, especially for gaming and fantasy platforms.
• Chargeback risk analysis: Historical dispute ratios, if available, are evaluated. New entities without 6–12 months of processing history face deeper scrutiny.
• KYC and UBO verification: Central KYC Registry checks, Ultimate Beneficial Owner identification, and director background screening.
• Technology and security audit: PCI DSS compliance validation, data storage architecture review, and API integration security testing.
• Bank risk committee approval: Larger merchants are often escalated internally to a credit or risk committee, which operates on scheduled review cycles.

Delays usually occur when documentation is incomplete, foreign shareholding structures require additional checks, or the business model falls into a regulatory grey area. Enterprises planning product launches should factor in buffer time beyond the stated minimum onboarding window.

RBI mandates PCI DSS compliance verification during merchant onboarding, with security incident reporting to RBI within stipulated timeframes. Payment aggregators must maintain board-approved information security policies reviewed annually.

Cost Structures Impacting High-Risk Merchants

High-risk businesses pay approximately 1.5% higher transaction fees than standard merchants, reflecting increased fraud monitoring and compliance overhead.

Typical fee structure:

• Transaction fees: Base MDR + 1.5% risk premium
• Rolling reserves: 5-10% of transactions held for 30-180 days
• Setup costs: Due diligence and compliance verification
• Annual PCI DSS: ₹2-8 lakh depending on transaction volume

Rolling reserves protect payment aggregators against chargebacks. If your business processes ₹10 lakh monthly, expect ₹50,000-₹1 lakh held in reserve at any time, impacting working capital management.

Settlement follows T+n cycles, where ‘n’ varies by merchant agreement, compared to instant payouts for standard merchants. Non-bank aggregators maintain merchant funds in escrow accounts with scheduled commercial banks, with end-of-day balance monitoring and immediate RBI reporting for shortfalls.

Cross-border transactions face additional constraints with separate Inward Collection Accounts and Outward Collection Accounts required, and pre-funding prohibited.

Selecting a High-Risk Payment Gateway

Verify RBI authorisation status before partnering with any payment aggregator. Check the Reserve Bank’s official authorised payment aggregator list, regularly updated on their website.

Evaluation criteria:

• Industry experience: Gaming processors understand skill-based verification requirements
• Compliance infrastructure: Automated PCI DSS reporting and merchant due diligence workflows
• Transparent pricing: Clear breakdown of transaction fees, reserves, and compliance costs
• Chargeback management: Dispute resolution tools and representment support
• Settlement clarity: Documented T+n timelines and escrow account access

Request documentation showing board-approved information security policies and annual compliance audits. Enterprise businesses should evaluate gateway capacity to handle transaction volumes whilst maintaining ₹25 crore capital adequacy thresholds.

The Bottom Line

High-risk payment processing in India demands understanding the RBI’s comprehensive compliance framework. Budget for extended onboarding timelines, higher transaction costs, and capital tied in rolling reserves when planning payment infrastructure. December 31, 2025, marks the KYC verification deadline; merchants without completed verification face re-onboarding delays from January 2026.

FAQs

1. What is a high-risk payment gateway in India?

A payment gateway authorised by RBI to handle transactions for merchants in high-risk industries requiring enhanced fraud monitoring, PCI DSS compliance, and merchant due diligence under Payment Aggregator Directions 2025.

2. Why is my business classified as high-risk?

Businesses face classification due to operating in gaming/fantasy sports, chargeback rates exceeding 1%, subscription models, cross-border transactions, or a lack of processing history. RBI mandates strict merchant verification for such businesses.

3. What are RBI compliance requirements for high-risk processing?

Payment aggregators must maintain ₹15-25 crore net worth, implement PCI-DSS security, conduct CKYCR verification, maintain escrow accounts, and report security incidents to RBI immediately per September 2025 Directions.

4. How much do high-risk payment gateways charge?

Merchants pay 1.5% higher transaction fees, plus rolling reserves holding 5-10% of transactions for 30-180 days, and annual PCI DSS compliance costs ranging from ₹2-8 lakh based on volume.

5. What is PCI DSS compliance?

PCI DSS mandates 12 security controls for entities processing card payments, requiring annual audits and quarterly scans. Non-compliance risks processor termination and penalties from acquiring banks.