The Complete Guide to Payment Aggregators: Flows, APIs, Fraud Detection, and Settlement

Introduction to Payment Aggregators (PAs)
End-to-End Transaction Flow
Technical Architecture of a Payment Gateway
API Integration Between Merchant and PA
Bank and Card Network Partnerships
Fraud Detection and Risk Management
Settlement and Reconciliation Process
Revenue Model of Payment Aggregators
Regulatory Compliance (RBI, PCI-DSS, etc.)
Case Study: Handling Failed Transactions

1. Introduction to Payment Aggregators (PAs)

A Payment Aggregator (PA) acts as an intermediary between merchants, customers, banks, and payment networks, simplifying digital transactions. Examples include Razorpay, PayU, PhonePe, and Stripe.

Key Functions of a Payment Aggregator

Merchant Onboarding (KYC, underwriting).
Unified Checkout (supports cards, UPI, wallets, net banking).
Transaction Routing (connects to banks, card networks, and UPI).
Settlement & Reconciliation (T+1/T+2 payouts).
Fraud Prevention (real-time risk checks).

2. End-to-End Transaction Flow

Step-by-Step Payment Journey

Customer → Merchant → Payment Aggregator → Card Network → Issuing Bank → Settlement

Customer Initiates Payment

Selects a payment method (e.g., UPI, credit card) on the merchant’s checkout.

Merchant Requests Payment Aggregator

Calls PA’s API to create an order (/v1/orders).

PA Routes Transaction

For cards: Sent to Visa/Mastercard.
For UPI: Sent to NPCI’s UPI switch.

Issuing Bank Authorizes

Checks fraud, available balance, and 3DSecure (if required).

PA Confirms Payment

Sends success/failure response to the merchant.

Settlement (T+1/T+2)

Funds move from issuing bank → acquiring bank → PA’s nodal account → merchant.

3. Technical Architecture of a Payment Gateway

Core Components

Layer	Technology Used	Purpose
Frontend	React.js, Angular, Flutter (Mobile)	Checkout page, merchant dashboard.
API Layer	Java (Spring Boot), Node.js, Python	Handles payment requests.
Database	PostgreSQL (ACID), Redis (Cache)	Stores transactions, session data.
Fraud Engine	Machine Learning (Python, TensorFlow)	Detects suspicious transactions.
Bank Integrations	REST/SOAP APIs (NPCI, Visa, etc.)	Connects to banking systems.

High-Level System Flow

+-------------------+       +-------------------+       +-------------------+
|   Customer        |       |   Merchant        |       |   Payment         |
|   (Checkout)      |------>|   (API Call)      |------>|   Aggregator      |
+-------------------+       +-------------------+       +-------------------+
                                                                   |
                                                                   v
+-------------------+       +-------------------+       +-------------------+
|   Card Network    |       |   Issuing Bank    |       |   Acquiring Bank  |
|   (Visa/NPCI)     |<------|   (Auth)          |------>|   (Settlement)    |
+-------------------+       +-------------------+       +-------------------+

4. API Integration Between Merchant and PA

Key APIs Used

API Type	Endpoint	Description
Order Creation	`POST /v1/orders`	Creates a payment order.
Payment Capture	`POST /v1/payments/capture`	Confirms a successful transaction.
Webhook	`POST /merchant-webhook`	Sends real-time payment updates.
Refund	`POST /v1/refunds`	Initiates a refund.

Sample API Request (Order Creation)

POST /v1/orders  
{
  "amount": 10000,  // ₹100 (in paise)
  "currency": "INR",
  "receipt": "order_789",
  "payment_methods": ["card", "upi"]
}

Sample Webhook Response (Payment Success)

{
  "event": "payment.captured",
  "payload": {
    "payment_id": "pay_XYZ456",
    "amount": 10000,
    "status": "completed"
  }
}

5. Bank and Card Network Partnerships

How PAs Integrate with Banks

Nodal Account (RBI Mandate) – Pooling account for merchant settlements.
Direct API Connections – Real-time UPI, IMPS, and card processing.
File-Based Settlements – CAMT.053, MT940 for reconciliation.

Card Network Partnerships

Network	Integration Type	Use Case
Visa	Visa Direct APIs	Card payments, tokenization.
NPCI	UPI AutoPay, Mandate APIs	Recurring payments.
RuPay	RuPay Secure APIs	Domestic card transactions.

6. Fraud Detection and Risk Management

Real-Time Fraud Checks

Technique	How It Works	Tools Used
Velocity Checking	Blocks rapid transactions from one IP.	Redis, Kafka (streams).
BIN/IP Geolocation	Flags mismatched card vs. IP country.	MaxMind GeoIP.
Device Fingerprinting	Tracks suspicious devices.	FingerprintJS.
3DSecure 2.0	Adds OTP-based authentication.	Visa Secure, Mastercard ID.

Post-Transaction Fraud Prevention

Chargeback Handling (RBI mandates 45-day dispute resolution).
AI/ML Models (Anomaly detection on historical data).

7. Settlement and Reconciliation Process

Funds Flow (T+1/T+2 Cycle)

Day T (Transaction Day)

Customer pays, bank authorizes.

Day T+1

Issuing bank → Acquiring bank → PA’s nodal account.

Day T+2

PA reconciles, deducts MDR, transfers to merchant.

Reconciliation File (CAMT.053 Format)

<Document>
  <Stmt>
    <Id>SETTLEMENT_001</Id>
    <Acct>
      <Id>INR5000005678</Id> <!-- Nodal Account -->
    </Acct>
    <Bal>
      <Amt Ccy="INR">97000.00</Amt> <!-- After 3% MDR -->
    </Bal>
    <Ntry>
      <Amt Ccy="INR">100000.00</Amt> <!-- Gross Amount -->
      <NtryRef>UTR20250701123456</NtryRef>
    </Ntry>
  </Stmt>
</Document>

8. Revenue Model of Payment Aggregators

Revenue Stream	How It Works	Example
Merchant Discount Rate (MDR)	1.5%–3% per transaction.	Razorpay charges 2% on cards.
Programmatic Ads	Promotions in checkout flow.	PayU shows BNPL offers.
Value-Added Services	Instant settlements, analytics.	PhonePe’s “Priority Settle.”

9. Regulatory Compliance

Key Regulations

RBI PA Guidelines (2021) – Mandates nodal accounts, KYC for merchants.
PCI-DSS – Ensures secure card data handling.
DPA 2023 (India) – Data localization requirements.

10. Case Study: Handling Failed Transactions

Scenario:

Customer pays via UPI, but money is debited without merchant confirmation.

Resolution Steps:

Check PA’s Transaction Status API (GET /v1/payments/{id}).
Verify Webhook Logs (if payment.failed event was missed).
Initiate Auto-Refund (if payment not captured in 7 days).

Conclusion

Payment Aggregators form the backbone of digital commerce, handling transactions, fraud checks, settlements, and compliance. Understanding their technical flows, APIs, and business models helps merchants optimize payments and reduce failures.