Digital payment firms in a no-win game as margins hit rock bottom
digital payments ecosystem
has become intensely competitive with the
Reserve Bank of India
issuing payment aggregator (PA) licences to more than 50 entities, pushing core
transaction processing margins
to what industry executives see as unsustainable levels.
These aggregators facilitate digital payments for online merchants in categories such as ecommerce, food delivery and travel. With a crowded field and large players like
Razorpay, Cashfree
,
PayU
and
Paytm
slashing rates, newly licensed firms are finding it increasingly difficult to scale sustainably.
As of May 2025, 54 companies have secured online PA licences from the RBI. In addition to dominant online players, several offline-first firms including
MSwipe
,
Innoviti Payments
and
Pine Labs
have expanded into online payments. Startups like PayGlocal and DigiO, which focus on
recurring payments
, have also entered the fray.
'The market has become so competitive that prices for processing each payment transaction have dropped to anywhere between 15 and 60 basis points,' said the chief executive of one of India's largest payment processors. 'Ideally, pricing should have hovered around 1% per transaction to make the business viable,' he added. 100 basis points is equal to 1%.
Further, big players enter into subvention deals with their banking partners in lieu of large deposits and heavy volumes, which enable them to give attractive rates to clients. Smaller players cannot play this game, the chief executive said.
Pricing wars
Discover the stories of your interest
Blockchain
5 Stories
Cyber-safety
7 Stories
Fintech
9 Stories
E-comm
9 Stories
ML
8 Stories
Edtech
6 Stories
In some cases, the race for merchant acquisition has driven prices to zero.
A Bengaluru-based payments founder told ET that several well-funded aggregators were recently offering card-based payments to large merchants at no charge. 'They might display a 2% rate on the website, but actual negotiations lead to significantly lower fees — or nothing at all,' he said.
Infibeam Avenues
, which operates listed payment platform CCAvenue,
disclosed in its March quarter results
that its net take rate was only 11 basis points in FY25. The net take rate is arrived at after bank commissions are taken out from the gross margins.
'The domestic payments business is becoming a challenge. Merchants don't want to pay, especially when competitors are offering such low rates. We cannot match that pricing at our scale,' said a senior executive at a newly licensed PA.
The regulatory mandate that UPI-based transactions remain free of charge has further eroded industry margins, with players unable to monetise a large chunk of digital payments.
After Paytm
released its March quarter results
, chief financial officer Madhur Deora acknowledged pressure from larger merchants and alluded to limited headroom for charging the full MDR (merchant discount rate) on UPI transactions.
Pivoting to survive
PAs are looking beyond core processing to retain margins. Most are either targeting niche segments or embedding payments into broader financial services. 'We expect to generate 2% to 4% of our revenue this year from value-added services — and grow that to 7% to 10% in coming years,' said Vishal Mehta, managing director at Infibeam Avenues.
Segments such as recurring payments,
cross-border transactions
and enterprise pay-outs are gaining traction.
'We focus only on recurring payments via UPI AutoPay and NACH (National Automated Clearing House), where banks need a reliable product and good tech support,' said Sanket Nayak, founder of DigiO. The startup, backed by Groww and Rainmatter, integrates payment processing into its broader authentication suite. Rajeev Agrawal, chief executive officer at Innoviti, pointed out that as the market matures, there will be more verticalisation among PAs with each focusing on niche areas.
Cross-border players such as PayGlocal and BriskPe (a PayU-backed firm) are betting on higher margins in international commerce. 'Cross-border GMV (gross merchandise value) is smaller than domestic volumes, but the take rates and revenues are significantly higher,' said the founder of one such firm.
Despite deep discounting, there are early signs that the market may rationalise. Investors are now pressing portfolio companies to prioritise profitability over market share.
'We've seen this before. Remember the cashback wars in consumer payments? Paytm, PhonePe and Google Pay eventually scaled back,' said the founder of a mid-sized PA. 'Just last week, my sales team flagged a rival offering payments for free. I told them — stick to the basics. The burn won't last forever.' But industry insiders also agree that the market dynamics will eventually get the PA industry to settle for four to five major players, just like what was seen in the offline merchant payments space.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
India.com
20 minutes ago
- India.com
CoinDCX Suffers Major Cyberattack, $44 Million Stolen– All You Need To Know
New Delhi: India-based crypto exchange CoinDCX suffered a major cyberattack on July 20 with hackers stealing nearly 44 million dollars (around Rs 380 crore) from its internal accounts. The breach which occurred over 17 hours ago. It was first flagged within the community by ethical hacker ZachZBT. CoinDCX's co-founder later confirmed the incident in a post on X (formerly Twitter). As a precaution, the company has temporarily paused its Web3 operations but assured users that customer funds on CoinDCX Web3 remain safe. CoinDCX co-founder Neeraj Khandelwal confirmed that the hackers stole around 44 million dollars from the company's treasury funds, not from user accounts. He assured users that CoinDCX itself will cover the loss, and their top priority has been to secure all remaining assets and ensure user safety. The total amount lost was ~$44Mn out of our treasury assets. Coindcx Treasury will be bearing these losses. Our first and foremost objective throughout the day has been to first secure assets. — Neeraj Khandelwal (@neerajKh_) July 19, 2025 How did the breach happen? CoinDCX co-founder and CEO Sumit Gupta revealed that hackers targeted one of the company's internal accounts used for managing funds on a partner platform. The breach was described as 'sophisticated' and involved vulnerabilities in their server system. As soon as the issue was detected, the team quickly isolated the compromised account to contain the damage. Cybersecurity experts are now investigating the breach and working to fix the security gaps, and tracing the stolen funds.// CoinDCX CEO Sumit Gupta assured users that the situation was brought under control swiftly by isolating the affected operational account. He explained that since customer wallets are kept separate from internal accounts, the breach was limited to just one account. 'The incident was quickly contained by isolating the affected operational account. Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us - from our own treasury reserves. Our internal security and operations teams have been working through the day along with leading cybersecurity partners to investigate the matter, patch any vulnerabilities and trace the movement of funds,' Gupta said.// Hi everyone, At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly. Today, one of our internal operational accounts - used only for liquidity provisioning on a partner exchange - was compromised due to a… — Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025 India Sees Another Major Crypto Breach Within a Year CoinDCX has become the second major Indian crypto exchange to suffer a cyberattack in the past year. Back in July 2024, rival platform WazirX lost a staggering 234 million dollars in crypto assets after one of its wallets hosted on Liminal was hacked. The breach forced WazirX to halt trading and withdrawals, triggering panic among its 4.4 million users. The company filed an FIR and even launched a white hat bounty program, offering up to 23 million dollars to recover the stolen funds. However, a year later, only 3 million dollars has been recovered. International investigations later traced the hack to North Korean state-sponsored cybercriminals.
Mint
20 minutes ago
- Mint
Millions stolen, death threats: Should banks do more to fight ‘pig butchering'?
For nearly 50 years, Anamarie Hurt trusted her husband, Craig, to manage their finances. And he did a good job of it, making investments that grew into a comfortable nest egg. Then Craig walked into a bank in Tulsa, Okla., and began moving their retirement funds into cryptocurrency investments that turned out to be fake. A year later, after losing more than $5 million, the Hurts' life savings were gone. At first, Anamarie's anger was directed at Craig. But it soon found another target: the bank that she said helped him send wires as high as $300,000 at a time to scammers. Now that investment scams, sometimes called pig butchering, are booming global operations, some Americans are demanding their banks and financial advisers do more to prevent the scams from happening. Pressure is also spreading to telecoms and social-media platforms such as Facebook, where scammers find their marks. In 2023, Anamarie sued Arvest Bank, the Arkansas-based regional lender that processed Craig's wire payments. Similar lawsuits have sprung up around the country, seeking damages from the likes of JPMorgan Chase and Wells Fargo and alleging they didn't do enough to investigate their customer's suspicious behavior or to block payments to scammers. A lawyer for Arvest, which hasn't publicly responded to the Hurts' claims, declined to comment on the lawsuit. The dispute is now in arbitration. Operating from compounds in Southeast Asia and West Africa, criminal gangs have mastered the art of building trust with victims—or fattening up their 'pigs." Scammers cultivate romantic connections with victims while posing as savvy investors with knowledge about how to strike it rich. Victims are often elderly or otherwise vulnerable, and many end up losing their life savings. The scams have put banks in a difficult position. If banks don't try to stop fraudulent payments, victims and their advocates argue, scammers will continue extracting tens of billions or more each year from vulnerable Americans. But holding payments and trying to talk victims out of being scammed, as some states now allow, can provoke a backlash from customers. Bankers argue that they already have their hands full trying to thwart money laundering, terrorist financing and other types of fraud and have put considerable resources into such efforts. They say they can't be expected to protect their customers from making ill-advised decisions. Those who sue their banks face an uphill battle. Federal law requires banks to reimburse people whose credit cards are stolen or who have their accounts infiltrated by fraudsters. But there's little protection for the growing ranks of Americans who are tricked into turning over their money. For Anamarie, the episode has come with one haunting twist after another. As she worked to get to the bottom of what happened, she faced death threats from scammers, who repeatedly told Craig they would track down and kill him and his wife if he didn't comply with their requests. 'Look I'm given you 1 hour to send my money to my wallet otherwise I don't mind spending extra money driving down to your house and gun you and your f—ing wife down instantly and nothing will happen," one message said. The scammers also tried to blackmail Anamarie, sending her photos Craig had taken of her in the shower at their behest and without Anamarie's consent. She also made unsettling discoveries about Craig, the person she thought she knew better than anyone—including a medical issue that helped explain why he was vulnerable to the scam and why his judgment deteriorated so quickly. In August 2022, Anamarie was shopping at Walmart when her credit cards were declined. When she brought up the issue at home, Craig said he would take care of it. But Anamarie was worried. 'Are you being scammed?" she finally asked him. Flustered, Craig admitted it was possible. They went to the police, where Anamarie, in shock, started understanding the severity of the situation. She and her sister would spend months unraveling what had happened and learning the extent of the damage. A year or so earlier, Craig had responded to an online ad about investments and later received a text message from someone calling themself Tiffany, according to his hazy account. The person struck up a flirtatious exchange and was soon telling him about a lucrative opportunity. All he needed to do was wire money from his bank account. Craig's early efforts to wire money to scammers had raised alarm bells at the Bank of Oklahoma, where the Hurts had banked for their entire marriage, Anamarie would learn. The bank closed Craig's accounts after he made at least one suspicious payment. Another bank where he opened an account quickly did the same. Banks have a legal obligation to screen for and report potential money laundering activity by their customers. If a customer continues to engage in suspicious activity, banks will sometimes close the account. The law that requires banks to report suspicious money laundering activity was passed in 1970. Later that decade, as electronic payments such as debit cards and ATMs became ubiquitous, Congress also passed a law requiring banks to screen for fraudulent activity and reimburse customers for stolen funds. Fraud, however, was defined by lawmakers at the time as an unauthorized transfer—meaning when a criminal impersonated a customer or got access to an account without the customer's help. The pig-butchering scams of today often slip through the cracks of banks' anti-money laundering and fraud detection programs, since victims are tricked by scammers into authorizing the fraudulent transactions themselves. Craig plays fetch with his dog, photos at the Hurts' home. In April 2021, Craig landed at Arvest, opening a checking account at a branch a five-minute drive from the Hurts' home. There he began sending more wires to the scammers, starting with a payment of $25,000 and quickly escalating to larger amounts. Craig sent the wires in-person and with the help of Arvest employees, according to the Hurts' lawsuit. To fund the transfers, he liquidated the Hurts' retirement funds at Raymond James. He also drained his mother's trust and, after being told he need to pay additional fees to access his fake investment earnings, the funds from a $350,000 home-equity loan on the Hurts' home. Anamarie's lawsuit would later cite the federal anti-money-laundering laws that require banks to screen for suspicious activity. Despite what the suit calls obvious red flags, such as the size of the transfers and the suspicious names of the recipients, the Arvest employees who assisted Craig didn't investigate his wire payments or alert Anamarie, whose name was on the account. Those failures constituted a form of legal negligence, Anamarie's lawyers argued. They also questioned Arvest's approval of the home-equity loan, because taking out such a loan usually requires signatures from all owners of the residence. But Anamarie hadn't known about the loan and didn't sign any documents for it, according to her suit. Other lawsuits by scam victims accuse banks of failing to sufficiently vet bank accounts opened by scammers to launder pig-butchering funds or cite state laws, including a California statute that allows victims to bring suit against institutions or individuals who assist in elder abuse. In an ongoing lawsuit there, an 80-year-old widow named Alice Lin has accused JPMorgan Chase and several of its employees of aiding pig-butchering scammers who defrauded her of nearly her entire life savings. Lin, who hadn't sent a wire transfer in more than six years, was scammed into wiring $720,000 over the course of three weeks, according to the suit. In a victory for Lin, a federal judge last year denied a motion by JPMorgan to dismiss the case. A JPMorgan spokesman said the bank disputes her claims and that employees warned her the payments would be irreversible. During the Hurts' visit to the police in 2022, an officer told Anamarie to get power of attorney over Craig. The next day Craig refused to go along with it and threatened to kill himself. She sought psychiatric help for Craig, and got a court to appoint her his legal guardian. The Hurts don't have children. At Arvest just days later, Anamarie and her sister discovered that only a few hundred dollars remained in the Hurts' checking account. 'Oh, we know Craig," Anamarie recalled the bank manager saying. 'He's in here all the time." In some states, a bank like Arvest might have been able to pause the payments that Craig was making, and been required to report his behavior to authorities or make a reasonable attempt to contact Anamarie or another family member. That wasn't the case in Oklahoma. The state has some requirements for investment advisers and broker-dealers such as Raymond James, but none for banks—often the last stop before a victim's money is sent to scammers and lost forever. For joint accounts, banks aren't typically required to notify another account holder of any suspicious withdrawals. More than 20 states do have laws that provide banks with a safe harbor from legal action for delaying transactions if they suspect a client is the victim of financial exploitation. More than 40 have a similar safe harbor for investment professionals such as broker-dealers. Many—but not all—of the state laws specifically apply to clients over the age of 60 or 65. In some cases, the laws also require a report to state authorities or permit banks to contact a trusted third party such as a family member. Anamarie searches through binders of credit card statements and bank statements. In Alabama, safe harbor rules have allowed the state to prevent millions of dollars from being siphoned from seniors, said Amanda Senn, director of the state's securities regulator. A rule enabling investment professionals to delay a payment for up to 25 days went into effect in 2016, and a parallel safe harbor for banks was created in 2021. Banks and financial advisers have filed a growing number of reports of potential exploitation since Alabama created the twin rules. The Alabama Securities Commission received 37 reports in the first full fiscal year after the first rule went into effect. In its most recent fiscal year, the commission received 319. 'Financial professionals are looking out for their customers, but it's getting increasingly harder for everyone," said Senn. Calls for federal legislation that addresses banks' responsibilities around elder fraud and investment scams have been growing. Last year, Democrats in Congress introduced a bill that would have expanded the 1970s era fraud laws and forced banks to cover losses in cases where consumers are tricked into sending payments. Some industry representatives have argued for regulatory guidance that would allow banks to better share information with each other about customers impacted by scammers. Plaintiffs' lawyers and victim advocates have also pushed states to go further than current hold laws, which allow banks to delay transactions if they wish, by requiring banks to do so if they have a reasonable suspicion of fraud. Last year, California's legislature voted to pass a law that would have required banks and other businesses to create an emergency contact program and delay suspicious transactions for elderly account holders age 65 or older. The California Bankers Association opposed the legislation, arguing that banks were 'ill-equipped to second-guess their customers' decision," and the bill was eventually vetoed by Gov. Gavin Newsom. 'The argument is that it's the customer who's doing it," said Ken Palla, a financial security expert and former director at MUFG Union Bank. 'It's their money, and they can direct us where to send it." Victims can be adamant and refuse to believe family members or authorities who tell them they are being scammed. 'They really wrap these people around the axle," Palla said. Craig and Anamarie head upstairs to Craig's den, where he spends much of his time. On at least one occasion, Craig upbraided an Arvest customer-service representative over the phone after he was questioned about a suspicious $1,000 Zelle payment, according to a recording of the call reviewed by The Wall Street Journal. The representative told Craig it was a red flag that the name on the Zelle account where he was trying to send money didn't match the name in the email address he was given. Craig's Zelle account had been frozen as a result. 'I don't need an overseer," Craig responded. 'If you don't want to do it, just cancel the transaction, and I'll do it somewhere else." The Arvest representative ultimately declined to unfreeze the account, according to the recording. 'You can get employee of the year," Craig told him sarcastically. Shortly after discovering the scam, Anamarie learned something else about Craig that helped explain what had happened. His doctor told her that Craig had vascular dementia, likely due to a brain injury from a fall he took in 2015 while walking his brother-in-law's dog. Someone with vascular dementia can be completely articulate and appear normal to their friends and family, but also be impaired in their ability to assess risk and make decisions. Anamarie had been aware of the injury, but was under the impression that Craig had mostly recovered after being given medication. Her lawyers also uncovered more about how scammers manipulated Craig into wresting control of his funds from his longtime financial adviser at Raymond James. The adviser had repeatedly tried to convince Craig that 'Tiffany" was scamming him, to no avail. While Oklahoma doesn't have a law enabling banks to pause transactions, it does provide a safe harbor for broker-dealers to do so. Around August 2021, Raymond James's compliance department placed restrictions on Craig's accounts and alerted the state's adult protective services agency about his behavior, according to emails reviewed by The Wall Street Journal and a person familiar with the matter. But Craig still insisted on withdrawing money from his Raymond James accounts for fake cryptocurrency investments. Eventually he moved his funds to a Fidelity brokerage account, where they were cashed out and transferred to Arvest. 'You do not want to be the one who effectuated his request for a scam and likely immense loss—let him do it elsewhere," a compliance executive told Craig's financial adviser in an email. 'We all tried our best to help him." Whether the firm fully alerted Anamarie is unclear. Anamarie said she recalls one phone conversation with their adviser at Raymond James but said the adviser was vague and that the call left her confused. The adviser said he fully informed Anamarie of what was happening. In an email following that call, she told the adviser that she had confronted Craig about whether he was being scammed after coming home and finding him on the phone transferring funds from Fidelity. 'I cannot convince him he's being scammed…He has it in his head he knows what he's doing," Anamarie wrote. She said she later forgot about the email and the incident and that to her knowledge adult protective services never reached out. Oklahoma Human Services declined to comment and said all cases are confidential. Raymond James still manages a separate IRA fund that is solely owned by Anamarie. In the months that followed the Hurts' visit to the police station, the scammers proved reluctant to let go of Craig. They infiltrated their devices, revealing on one occasion that they knew Anamarie's exact location: 'Right now you at the dance at the senior center." Anamarie eventually took Craig's phone away completely. For a year, she slept with her laptop, phone and wallet under her pillow so he couldn't get hold of them. The arbitration with Arvest is scheduled to take place later this year. Other lawsuits against banks have faced dismissal or been settled on undisclosed terms, which has the effect of preventing the suits from creating legal precedent. Thanks to Anamarie's measures, Craig's behavior has normalized somewhat. He has stopped trying to sneak off to local convenience stores to buy gift cards for women he is chatting with online. He now sleeps for 18-20 hours a day, Anamarie said, often in the recliner where he still searches for his phone. He has never apologized about the damage he caused, Anamarie said. Given the opportunity, he seems to think he could make everything right, she said, saying he has told her, 'All I need is one more investment." Write to Dylan Tokar at
NDTV
36 minutes ago
- NDTV
India's UPI Revolution Powers 50% Of World's Digital Payments
India is now a global leader in fast payments and the Unified Payments Interface (UPI) is the main driver, as per the International Monetary Fund (IMF). The app-driven tool is the world's most used real-time payment system, handling over 18 billion transactions monthly. In June alone, UPI processed transactions worth Rs 24.03 lakh crore, a 32 per cent rise in transaction volume compared to the same month last year. Launched in 2016 by the National Payments Corporation of India (NPCI), UPI allows users to link multiple bank accounts to one app and transfer money instantly. Its appeal lies in security and round-the-clock accessibility. The platform now serves 491 million individuals and 65 million merchants, with 675 banks connected to the system. UPI handles 85 per cent of all digital payments in India and nearly half of all real-time digital transactions across the world. Why People Choose UPI Before UPI, payment platforms were mostly "closed-loop", meaning, money could only be sent within the same app or wallet. UPI changed that by allowing users to send money across different banks and apps using a single, common protocol. This interoperability opened up competition and improved services. Users can make secure transactions via mobile apps with only a UPI ID. No need to share bank details. Features like QR code payments, app-based customer support, and 24x7 access have made UPI convenient even for small, everyday transactions. For small businesses, UPI offers a zero-cost or low-cost method to accept digital payments, especially useful in rural and semi-urban areas. Its speed and affordability make it accessible for everyone. UPI dominates Global Payment space! India's UPI is now the World's 1 real-time payment system. It enables 85% of all digital transactions in India and powers nearly 50% of global digital payments. #UPI #NewIndia #IndianEconomy — MyGovIndia (@mygovindia) July 14, 2025 What Is Behind UPI's Success? UPI is built on top of a strong national digital infrastructure: Jan Dhan Yojana: Over 55.83 crore bank accounts opened to bring citizens into formal banking. Aadhaar: Over 142 crore unique IDs issued, enabling secure, digital identity verification. 5G and Connectivity: With 4.74 lakh 5G base stations, India's internet access is fast and affordable. Data costs dropped from Rs 308/GB in 2014 to Rs 9.34 by 2022. Mobile Penetration: 116 crore subscribers in 2025 provide a wide base for digital adoption. How UPI Serves Everyday Life Send/receive money instantly, 24x7. Link all bank accounts in one app. No need to carry cash or share sensitive bank info. Easy QR code payments for shops, deliveries, services. Pay bills, recharge phones, and donate directly from the app. Raise complaints or track issues within the app itself. UPI Goes Global UPI's influence is no longer confined to India. The platform is now active in seven countries like UAE, Singapore, Bhutan, Nepal, Sri Lanka, France, and Mauritius.
