Successfully reported this slideshow.
Your SlideShare is downloading. ×

Webpay - Payment Gateway Business Plan

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 125 Ad
Advertisement

More Related Content

Slideshows for you (20)

Similar to Webpay - Payment Gateway Business Plan (20)

Advertisement

More from Mufaddal Nullwala (20)

Advertisement

Webpay - Payment Gateway Business Plan

  1. 1. MIM Batch – Sem IV 2017
  2. 2. Business Plan for WebPay
  3. 3. Business Plan Contents ▸ Mission & Vision ▸ Product and Services ▸ Marketing ▸ Target Customers ▸ Finance ▸ Technology ▸ Legal Aspects ▸ USP
  4. 4. Vision & Mission
  5. 5. Vision To be the most trusted and innovative partner in the payments industry, delivering best-in-class solutions to our valued customers in the markets we serve and secure the flow of digital money.
  6. 6. Mission ▸We intend to reach every inch of the country and - en- route, empower small enterprises. We commit to operate in an economically, socially and environmentally responsible manner. ▸To forge enduring partnerships through the delivery of innovative, reliable, and secure payments solutions, backed by a relentless commitment to exceed the expectations of our customers and partners. ▸Creating and Empowering a large customer base by enabling a multi lingual access to the e payment market.
  7. 7. Tag Line Pay Quick, Pay Smart, Pay Safe Webpay
  8. 8. Product & Services
  9. 9. WhyweneedPayment Gateway? Why we need Payment Gateway?  An Internet E-Commerce Payment Gateway is a critical infrastructural component to ensure that such transactions occur without any hitches and in total security over electronic networks.  This is due to Rapid Evolution of International economy is being increasingly “electronized”, from Paper to Paper free Billing.  In addition, governments worldwide, particularly in India, are targeting electronic delivery of public services and banking activities.  Internet is being tapped for servicing the rural populace due to significant cost benefits and the reach afforded  To facilitate increasing volumes, security and efficiency are essential and so is the required infrastructure.  A Payment Gateway is the access point to the national banking network.  All online transactions must pass through a Payment Gateway to be processed.  Payment Gateways act as a bridge between the merchant's website and the financial institutions that process the transaction.
  10. 10. WhatisFolwofPayment Process Flow of Payment Process
  11. 11. WhatSERVICESwe Provide? We Provide to our customers  Online shopping web sites for retail sales direct to consumers.  Providing or participating in online marketplaces,  Business-to-Consumer (B-C)  Business-to-Business (B-B)  Business-to-Government (B-G)  Marketing to prospective and established customers by e-mail or fax  For example, with newsletters.  Engaging in retail for launching new products and services.  Online financial exchanges for Currency or trading purposes.  Shopping Assistant.
  12. 12. WhatFEATURESdowe Have? Major Features of our Payment gateway  Satisfactory Experience to customers to buy products from all over the world without any fear.  Multiple payment options of online payment gateways such as Credit/Debit Cards, Net banking, Mobile Wallets, EMI Payment Option , IMPS & various others as well to improve Business efficiency.  Fraud screening features to alert merchants on any fraudulent representation of our Customers Cards (Debit/Credit) and prevent it for about 80 to 90%.  Supports multiple currencies : Go Global, deliver localized buying experience and avoid conversion disputes.  Multilingual Checkout Page : Deliver a "localized" shopping and payments experience and reach out to all sections of consumers.  Easy Customization : Design to complement your website.
  13. 13. WhatFEATURESdowe Have?  Retry Option : Purposefully imagined, intelligently coded  Smart Dynamic Routing : Switch transaction dynamically depending on bank's performance to ensure consistently high success rates.  Social Network In-stream Payments : Monetize your Social Network Platform.  Invoice Payments : Faster, easier way to invoice.  One touch payment option  Smart Analytics : Transparency to the core.  Immediate Refund Option  User-friendly and speedy in processing.  Robust, clean, developer-friendly Payment Gateway build for Developers.
  14. 14. ADVANTAGESofour Product Advantages of our WebPay  Trust worthy Service to customers with Very obvious 24x7x365 available Service.  Real time authorization of credit/debit cards.  Secure flow of transaction details among buyers, sellers and financial institutions.  Flexible, powerful real-time reports generation.  Multi-currency settlements as per requirements.  Merchants can get rid of large databases, extensive processing and complex software.  Multi-Factor / Dual-Factor Authentication of Transaction.  Provision for multiple host interfaces.  Comprehensive, simple administrative control.
  15. 15. FewLIMITATIONfor AlertingourCustomers Few Limitations  RISK ON SENSITIVE INFORMATION  Payment gateway deals with customers’ information and hence will have files on all sensitive customers’ data—- customers’ names, banks accounts, credit card numbers, passwords,etc.  ANY TECHNICAL GLITCH CAN TAKE CONSIDERABLE TROUBLESHOOTING TIME  A payment gateway is ultimately a software, and just like any piece of computer software, it can go awry (Crooked) at times.  CUSTOMERS’ UNEASINESS  Fraud is widespread in the Net and this fact scares most customers as a results some customers may fear and feel uneasy to use Payment Gateway.
  16. 16. BewareofFRAUD& RISKMANGAEMENT Our way to Manage FRAUD & RISK  Fraud prevention through top-quality fraud scrubbing tools.  Website and business model compliance checks.  Risk assessment based on processing activity.  All data streams managed and directed in real-time.  All transaction data are validated and authenticated prior to forwarding to the acquirer.  128-bit Secure Socket Layer (SSL) data encryption key.  Risk rule-set module to catch, combat and block fraudulent transactions.  Fire-walled and encrypted database.  Complete Back office accounting module.  Regularly Audited by External Auditors to ensure gateway security.
  17. 17. AlwaysReadyforthe SUPPORTofourCustomers Support Details and FAQ’s Q Do we offer live chat support to our Customers?  Yes. Open webpay.com or webpay Dashboard in any modern web browser on a desktop and click the box at bottom right. Q How can our Customers contact us?  Send us a mail at support@webpay.com with your phone number and we’ll schedule a call. Q Where can I file a support ticket?  Send us a mail at support@webpay.com
  18. 18. Market Analysis & Strategy
  19. 19. Market Function Marketing-is the process of performing market research, selling products and/or services to customers and promoting them via advertising to further enhance sales Aims to identify the customer, to satisfy the customer, and to retain the customer.
  20. 20. Market Analysis - Facts Digital Payments Total Transaction Value [2016] – USD 28961.6 M Expected Annual Growth Rate[2020] – 18.36% –USD 56837.5M Why Now??
  21. 21. Market Analysis – Facts India’s Cashless Journey 2006 – 2011 – Shift of Non Cash Payments 2013 – Master Card Launched 2014 - Online Payments rapid Growth 2014 – Adaption of mobile payments
  22. 22. Market Segmentation Parameters Geographic 1. Metro 2.Non Metro Demographic 1. Age 2. Income Psychographic Behavioral
  23. 23. Market Analysis – Segmentation ▸Segmenting Consumer Market [B2C] ▸Serving Customers directly in the form of Mobile App ▸Segmenting Business Market [B2B] ▸Partenring with ▸Bank ▸Online Shopping Sites ▸Local Merchants
  24. 24. Metro City • Easy Access to Internet • Lifestyle – Open to changes • Open Mindset to Cashless Transactions • Mindset of Online Shopping Non – Metro City • Limited access to the Internet • Simple Lifestyle • Believe in Cash Transactions • Limited Mindset Market Segmentation
  25. 25. Market Segmentation – Geographic
  26. 26. Market Segmentation 0% 5% 10% 15% 20% 25% 30% 35% 40% 15 - 24 YEARS OLD 25 -31 YEARS OLD 35 - 44 YEARS OLD OTHERS 37% 38% 16% 9% Demographic Wise Segmentation
  27. 27. Market Analysis – Trends
  28. 28. Market Analysis – Trends
  29. 29. Market - Current Players VS Banks 1. ICICI 2. CITI 3. HDFC 4. AXIS etc. Third Party Vendors 1. CC Avenue 2. Bill Desk 3. PayU 4. Paypal Etc. Payment Gateway Players – India VS
  30. 30. Competitor Analysis Parameters Set Up Fees 0 0 0 0 Transaction Fees Tailor Made 1.99% + Rs.3 Flat 1.99% + Rs.3 Flat 2.00% Flat AMC Fees 1200 4900 0 Payment Options CC/DC/NB/W allet/IMPS CC/DC/NB/ Cash Cards CC/DC/NB/ CC/DC/NB/ Cash Cards No of Currencies INR/USD/GBP and 27+Currencies INR/USD/GBP INR INR Mobile Payments Yes Yes Yes Yes
  31. 31. Competitor Analysis Strengths 1.Highly Secured Online Infrastructure 2. Available in Multiple Currencies 3. USP’s 4. Unique Features Weaknesses 1. Exposure to Risks & Frauds 2. Limitations in Global Market Opportunities 1. Cashless Economy 2. Digital Currencies 3. Upcoming Ecommerce Market Threats 1. Stringent Economic Policies 2. Highly Competitive Environment 3. Hacking & Fraud Threats SWOT
  32. 32. Target Customers CUSTOMERS B2B B2C B2G
  33. 33. B2B Business Model Business Customer Order Deliver
  34. 34. B2B Target Customers ▸Online payments through credit cards, debit cards, gift cards and other prepaid card offerings - Visa, MasterCard, Maestro. ▸Netbanking – Tie-up with Private and Nationalized banks ▸E-commerce – Shopping portals (Amazon, Flipkart), Cab services (Uber, Ola), Food ordering applications (Swiggy, Zomato) ▸Mobile payments – Portals of Vodafone, Airtel and other telecom companies ▸Electronic check services ▸Other businesses – local, wholesale
  35. 35. B2C Business Model
  36. 36. B2C Target Customers ▸For B2C model the Customer Type is usually consumer ▸One way in which we can figure out what makes your target customer tick is to develop a consumer persona ▸These areas should be taken into consideration when building up a consumer persona:
  37. 37. B2C Target Customers Once consumer persona is identified they can be targeted based on whether they are active internet users with appropriate devices and whether they frequently use; ▸E-Commerce Website ▸Educational Website ▸Entertainment Website ▸Financial Website ▸Travel Websites ▸Transportation Services ▸Food Service/Home Service ▸Professionals : Lawyers/Doctors/CAs and so on…
  38. 38. Government transactions
  39. 39. Digital India ▸Essential commodities ▸Utility service providers ▸Petrol pumps ▸Gas agencies ▸Railway tickets /IRCTC ▸Tax department ▸Museums ▸Monuments Digital government is the most recent phase of government evolution, which has been made possible by the advent and maturity of a nexus of mobile, social, information and cloud techs, supplemented – where it makes sense – by the Internet of Things
  40. 40. B2G Target Customers ▸ Ministry of Road Transport & Highways/Ministry of Urban Development  Toll fees  Metro rail  Bus services ▸ Department of Financial Services/ RBI  digital financial services ▸ Department of Electronics & Information Technology  collection of all revenue, fee, penalties ▸ Department of Revenue  CBDT (Central Board of Direct Taxes)  CBEC (Central Board of Excise and Customs)
  41. 41. B2G Target Customers ▸ Govt of India Autonomous bodies/Central PSU’s/State & Central Govt Departments ▸ Payments and receipts between different Govt Bodies ▸ Payment and receipt from employees(salaries/GPF/Grants/funds/fines) ▸ Food Corporation of India ▸ Buying and Selling of grains/payment to laborers ▸ Educational Institutions/Trusts ▸ Payment of Fees/Scholarship Grants ▸ Utility Services ▸ Water/Electricity/Telephone Bill Payments ▸ Municipal Corporation ▸ Payment of taxes/funds
  42. 42. Strategies to Attract and Retain Customers
  43. 43. Strategies to Attract & Retain : B2B Customers ▸Reasonable/low set-up cost, contract fee for businesses opting for packages ▸Unexhausted transactions will be allowed to carry forward with an additional fee with a clause of 7-day renewal. ▸Cost:  Merchant discount rate: Lesser per transaction fee (2-5%)  Flat/Floating transaction fee  Security and support fee ▸Flexible Pay-out policy ▸Reliability and high Availability ▸No monthly cost to reduce the fix cost component on customers ▸Good customer care support ▸Security – reconciliation reports in case of frauds
  44. 44. Strategies to Attract & Retain : B2B Customers ▸Flexible payment services across multiple customers – easy management for buyers and sellers ▸Integration services to cater to diverse range of customers ▸Welcome offers – to provide some component of profit to customer ▸Currencies/Localization ▸ Hosting/On-form Payments
  45. 45. Active age group on Internet from 15 to 40 year old Strategies to Attract & Retain : B2C Customers
  46. 46. ▸ Emotional connection to accelerate Customer base: “Let help us to make India Cashless Economic” ▸ “On each Rs 100 transaction; Rs1 go to build India Infrastructure” ▸ Customer Experience (Speed and Ease of use) good and simple to use payment page ▸ First two transaction fee free with balance to advertisement (Inform at least two friends and free processing fee) ▸ Offering Customer more choices to increase transaction per customer ▸ loyalty points /Discount coupon/Cash back etc. ▸ Sending money as digital birthday card/marriage anniversary/cultural festival offers ▸ Customer Engagement Strategies to Attract & Retain : B2C Customers
  47. 47. ▸ Sending money as digital birthday card/marriage anniversary/cultural festival offers ▸ Biometrics application one-touch payment ▸ Capability to ensure customer financial information do not share with the seller ▸ Customer support 24X7 Strategies to Attract & Retain : B2C Customers
  48. 48. Factors Affecting Market Strategies ▸ Finance- : Companies allocated Marketing Budget plays major role for adapting marketing strategies. ▸ Target Customer -: Marketing strategies will vary as per target customer such as B2B, B2C and B2G. ▸ Market Segmentation -: Product promotion will target more populated and advance technical area based on market segmentation analysis. ▸ Customer’s Emotions -: Money Security, affordable price, good offerings and schemas will help in attracting more customer towards WebPay.
  49. 49. Marketing Mix
  50. 50. Promotional Mix Advertising Public Relations or Publicity Direct MarketingPersonal Selling Sales Promotion Promotional Mix
  51. 51. Ways of Promotions ▸ Physical Environment -: Corporate Events, College Campus , Sociel Events,Corporate Clubs and societies. ▸ Traditonal Media -: Targeting people who are not comfortable with advance techlogies. Emphasizing more on offline services. ▸ Digital Marketing -: Capturing huge audience in affordable way with much ease. ▸ Social Networking -: Facebook, Twitter, WhatsApp, Instragram are fastest and easiest way of publicity in todays world.. ▸ Mouth publicity -: Old and Gold way ▸ Cutomer Offering and Scemes -: Providing affordable offerings and scemes for attracting more and more cutomers. ▸ Vendor Engagement -: Involing Vendor for publicity.
  52. 52. Ways of Promotions ▸ Employee Involvement -: In house strategies such as company’s name and logo printing on Mugs , Pens and T-shirts, ▸ Competitive awareness -: Build strategies based on Our USP’s. Strategies to Promote offerings which our Competitors do not provide. ▸ Pricing Control ▸ Invite your buddy -: Available for WebPay App. ▸ Security ▸ Customer Emotions ▸ Web Site promotion-:One of the selling point from marketing perspective. On companies website will display all the companies product and services with its USP’s and available product Schemes and offerings.
  53. 53. Branding ▸ Purpose and Planning -: WebPay has sole purpose for growth and we are planning accordingly. ▸ Loyalty -: Whatever Promises that we have made in our promotions, will maintain those through out our venture for being loyal with customer. ▸ Consistency -: Will consistently maintain our product quality and quantity and impart new ▸ Flexibility and Adaptability -: Product is flexible for any kind of new technical enhancement and adaptable for new product visions. Customer Feedback is valuable for our growth. ▸ Service Control -: Our product and services are meant for customer satisfaction.
  54. 54. FINANCIAL PLAN
  55. 55. Introduction What is Business plan? What is financial Plan Topic to be Covered : A. Sources of Funds B. Revenue C. Budgeting D. Expenditure E. Investments F. Taxation G. Projections
  56. 56. Business plan You want to start a business – or expand your existing business. You have a great idea, super attitude and the entrepreneurial spirit. So you head down to your financial institution; you sit down in front of the credit manager and start to explain this brilliant idea when she interrupts you: “That sounds great, but where is your business plan?”
  57. 57. Financial plan Firms often need financing to pay for their assets, equipment, and other important items. The financial plan is critical to the success of your business plan – especially if it is for the purpose of getting a bank loan. There are three sections in a financial plan: 1.The Starting Balance Sheet 2.The Pro-Forma (or Forecast) Income Statement 3.The Cash Flow Forecast (each of these sections should have notes of explanation for the reader).
  58. 58. TIPs Five tips on your financial plan 1.Be persistent! Most people do not have expertise in finance so preparing a financial plan is a journey into the unknown. Be patient. 2.Read the entire planning guide before starting on the plan. You will learn what information you require to assemble the financial part of the plan. 3.Get help in assembly, but not in research. These should be your numbers and assumptions. You will be responsible for achieving these objectives so you should believe in the numbers. 4.Be consistent. Make sure that your financial plan is consistent with the rest of the business plan. For example, if your pricing section mentions a margin of 40%, this should be reflected in your Income Statement. 5.Use templates. Although it will not provide a final plan, it will get you well on your way in the journey.
  59. 59. Sources of income ▸There are two main types of financing – equity financing and debt financing. ▸Equity finance is a method of raising fresh capital by selling shares of the company to public, institutional investors, or financial institutions. The people who buy shares are referred to as shareholders of the company because they have received ownership interest in the company. e.g. Venture Capital, Equity shares, Angel Investors. ▸With debt financing, the lender charges interest for the use or rental of money loaned, but does not get a share or equity in the business. e.g. Bank loans, Small Business Administration (SBA) Loans.
  60. 60. Sources of fund ▸Bootstrapping (Self-funding) - Short term ▸Friends and family - Short term ▸Small Business Administration (SBA) Loans - short term ▸Bank Loans - long term ▸Venture Capital - long term ▸Angel Investors - long term / short term ▸Crowdfunding - short term ▸Equity shares - long term
  61. 61. REVENUES Revenues = Price * Volume Main Revenue Areas for WebPay are: A. Per Transaction Fee (Transaction Discount Rate) B. Yearly Subscription fees C. Per Currency Fees (For Foreign or multiple currency ) D. Annual Software Upgradation Charge (ASUC) E. Set Up Cost ( Mostly it would be Zero, but can vary depending on the customization requirements of the Vendor)
  62. 62. REVENUE MODELS ▸ Per Transaction Fee - TDR in Payments Gateways- Transaction Discounting Rate expressed as a percentage of the transaction value. (This would involve all domestic Debit/Credit Cards, Netbanking, Wallets, EMI). ▸ Keeping in mind the Vendor requirement, we have developed 2 Main Revenue Models. ▸ Model 1 - Pro Revenue Model ▸ Model 2 - Privileged Revenue Model
  63. 63. REVENUE MODELS
  64. 64. PRO REVENUE MODEL ▸ 3.99 % of the Transaction Amount (For all National Transaction)* + Fixed Amount ₹ 5.00 (For all National Transaction)*.(Additional Service Tax of 12.36% of the service cost ) ▸ Eg: Item A = ₹ 100.00 WebPay Commission = ₹ 3.99 Transaction Cost = ₹5.00 Service Tax = ₹1.11 Amount for WebPay = ₹10.10 Amount to Merchant = ₹ 89.90 So on an Average if a merchant has a transaction of ₹ 10,000/- through WebPay, we earn ₹453.93/- and the merchant gets ₹9,456.07 / -
  65. 65. THIS IS A SLIDE TITLE
  66. 66. PRIVILEGEDRE VENUE MODEL ▸ 1.99 % of the Transaction Amount (For all National Transaction)* + Fixed Amount ₹ 5.00 (For all National Transaction)*.(Additional Service Tax of 12.36% of the service cost ) ▸ Eg: Item A = ₹ 100.00 WebPay Commission = ₹ 1.99 Transaction Cost = ₹5.00 Service Tax = ₹0.86 Amount for WebPay = ₹7.85 Amount to Merchant = ₹ 92.15 So on an Average if a merchant has a transaction of ₹ 10,000/- through WebPay, we earn ₹229.21/- and the merchant gets ₹9,770.79 / -
  67. 67. THIS IS A SLIDE TITLE
  68. 68. ADDITIONAL REVENUE MODEL ▸ Per Currency Fees – WebPay would charge higher TDR for on Transaction involving multiple currencies (7.99 % of Transaction Amount per Transaction per Currency). ▸ Set Up Costs would Range from INR 0 to INR 20,000 /- depending on Merchant Requirement and customization.
  69. 69. A Budget is ... ▸A quantitative expression of a plan of action ▸A detailed plan for acquiring and using financial and other resources over a specified time period ▸At a minimum, project monthly costs for the first 12 to 36 months and multiply this by a factor of 1.5 to account for unexpected spending.
  70. 70. Cost Item Considered – Variable & One Time
  71. 71. Budget Estimate for Year 2017 = INR 9,651,000
  72. 72. Budget Estimate for Year 2018 = 8,352,000
  73. 73. Budget Estimate for Year 2019 = INR 8,893,920
  74. 74. Expenses by Month 2017 & YOY
  75. 75. Expenditures ▸Money spent or cost incurred in an organization's efforts to generate revenue, representing the cost of doing business. ▸Expenses may be in the form of actual cash payments (such as wages and salaries), a computed expired portion (depreciation) of an asset, or an amount taken out of earnings (such as bad debts). ▸Expenses can be calculated based on different cost centers in a company
  76. 76. Different Cost Centers ▸Operations ▸Sales ▸Finance ▸Marketing
  77. 77. Treasury and Investment Management
  78. 78. Investment & Extending Business to Next Level What is Treasury Management ? The process of administering to the financial assets and holdings of a business. The goal of most treasury management departments is to optimize their company's liquidity, make sound financial investments for the future with any excess cash, and reduce or enter into hedges against its financial risks. Functions of the Treasury Management : ( Treasury As a Services - Application) Cash Management a) Working Capital Management Major usage of company’s cash is in the working capital area. Working capital is a key component of cash forecasting. It involves changes in the levels of current assets and current liabilities in response to a company’s general level of sales. The treasurer should be aware of working capital levels and trends, and advise management on the impact of proposed policy changes on working capital levels. b) Cash Forecasting determine if more cash is needed. If that is the case, then they can go on to plan for fund inquiry either through the use of debt or equity. plan for invetment purposes, if the forecast results in surplus and cash excess shows up. plan its hedging operations by using the information at the individual currency level. Combining information in the cash forecast and working capital management activities, Treasury staff is able to ensure that sufficient cash is available for operational needs.
  79. 79. Investment & Extending Business to Next Level 2. Currency Management Manages the foreign currency risk, exchange rate risk, etc. Advise on currency to be used for overseas billing,etc. 3. Investment Management When the forecast shows some excess funds at, the treasury staffs are responsible for the proper investment of it. Three primary goals of the role are: maximum return on investment; matching the maturity dates of investments with a company’s projected cash needs; and most importantly is not putting funds at risk. 4. Treasury Risk Management The treasury staffs are also responsible to create risk management strategies and implement hedging tactics to mitigate the whole company’s risk—particularly in anticipating (a) market’s interest rates may rise and leave the company pays on its debt obligations; and (b) company’s foreign exchange positions that could also be at risk if exchange rates suddenly worsen.
  80. 80. Investment & Extending Business to Next Level 5. Banking Maintain good relationships with bankers and carry out initial negotiation with them for any short term loan 6. Corporate Finance Advises and Involves in mergers and acquisition, capital structure, rights issue,etc 7. Venture Capitalist Finance involves in new high risk ventures by getting venture capitalists Link : https://www.treasurers.org/node/328400
  81. 81. Investment & Extending Business to Next Level
  82. 82. Long term Investment Plan ▸Ploughing back the profit back into business in expansion considering Revenue Model. ▸Backward Integration and strengthen the goodwill in the sector. ▸Diversification to other domain of the business ▸Understanding the economic investment opportunity and select the profitable source of the investment with lucrative RoI. ▸Proper diversification of Reserve and surplus of the organization in debt, high risk, balance(hybrid) and dynamic avenue of investment ▸Better management of borrowed fund
  83. 83. Corporate Tax Rate in India for Financial Year 2017- 18 ▸A resident company in India is taxed on its worldwide income where as a non-resident company is taxed only for its income received in India. Companies must pay income tax on their taxable profit based on the rate of tax applicable to the financial year. ▸If you are a new company, one of the first things you should do is to register with income tax department by applying for a PAN (Permanent Account Number). Each year company must file its income tax return in ITR6.
  84. 84. Domestic Company ▸For the Assessment Year 2016-17 and 2017-18, a domestic company is taxable at 30%. However, for Assessment year 2017-18, tax rate is 29% if turnover or gross receipt of the company does not exceed Rs. 5 crore. ▸Add: ▸ a) Surcharge: The amount of income-tax shall be increased by a surcharge at the rate of 7% of such tax, where total income exceeds one crore rupees but not exceeding ten crore rupees and at the rate of 12% of such tax, where total income exceeds ten crore rupees. However, the surcharge shall be subject to marginal relief, which shall be as under: ▸ (i) Where income exceeds one crore rupees but not exceeding ten crore rupees, the total amount payable as income-tax and surcharge shall not exceed total amount payable as income-tax on total income of one crore rupees by more than the amount of income that exceeds one crore rupees. ▸ (ii) Where income exceeds ten crore rupees, the total amount payable as income- tax and surcharge shall not exceed total amount payable as income-tax on total income of ten crore rupees by more than the amount of income that exceeds ten crore rupees. ▸b) Education Cess: The amount of income-tax and the applicable surcharge, shall be further increased by education cess calculated at the rate of two per cent of such income-tax and surcharge. ▸c) Secondary and Higher Education Cess: The amount of income-tax and the applicable surcharge, shall be further increased by secondary and higher education cess calculated at the rate of one per cent of such income-tax and surcharge.
  85. 85. Foreign Company ▸Assessment Year 2016-17 and Assessment Year 2017-18 ▸Nature of IncomeTax RateRoyalty received from Government or an Indian concern in pursuance of an agreement made with the Indian concern after March 31, 1961, but before April 1, 1976, or fees for rendering technical services in pursuance of an agreement made after February 29, 1964 but before April 1, 1976 and where such agreement has, in either case, been approved by the Central Government50%Any other income40% Add: ▸ a) Surcharge: The amount of income-tax shall be increased by a surcharge at the rate of 2% of such tax, where total income exceeds one crore rupees but not exceeding ten crore rupees and at the rate of 5% of such tax, where total income exceeds ten crore rupees. However, the surcharge shall be subject to marginal relief, which shall be as under: ▸ (i) Where income exceeds one crore rupees but not exceeding ten crore rupees, the total amount payable as income-tax and surcharge shall not exceed total amount payable as income-tax on total income of one crore rupees by more than the amount of income that exceeds one crore rupees. ▸ (ii) Where income exceeds ten crore rupees, the total amount payable as income-tax and surcharge shall not exceed total amount payable as income-tax on total income of ten crore rupees by more than the amount of income that exceeds ten crore rupees.
  86. 86. ▸ b) Education Cess: The amount of income-tax and the applicable surcharge, shall be further increased by education cess calculated at the rate of two per cent of such income-tax and surcharge. ▸ c) Secondary and Higher Education Cess: The amount of income-tax and the applicable surcharge, shall be further increased by secondary and higher education cess calculated at the rate of one per cent of such income-tax and surcharge.
  87. 87. Financial Projections ▸ Financial Projections are not for Investor, its for entrepreneurs ▸ Financial projections must show rational business strategy ▸ Growth projections should be aggressive, never conservative
  88. 88. Balance Sheet ▸Balance Sheet is the statement which summaries company's Assets, Liabilities, Shareholders Equity at the end of financial year
  89. 89. Cash Flow Statement ▸In financial accounting, a cash flow statement, also known as statement of cash flows, is a financial statement that shows how changes in balance sheet accounts and income affect cash and cash equivalents.
  90. 90. Cash Flow Statement
  91. 91. Profit & Loss Statement ▸A profit and loss statement (P&L) is a financial statement that summarizes the revenues, costs and expenses incurred during a specific period of time, usually a fiscal quarter or year.
  92. 92. Profit & Loss Statement
  93. 93. Profit & Loss Statement
  94. 94. P&L at glance
  95. 95. Break Even ▸Break-even point (BEP) is the point at which cost or expenses and revenue are equal: there is no net loss or gain, and one has "broken even."
  96. 96. Technology Used
  97. 97. Cashless Payment Ecosystem & Components
  98. 98. Payment Gateway Architecture
  99. 99. Algorithm
  100. 100. Payment gateway Touchpoints – Unstrctured Supplementar y Service Data (USSD) based Mobile / Web Based Banking ▸E- Wallets ▸POS ▸UPI ▸Adhar Enabled Payment System ▸Core High Value Banking Trasnactions
  101. 101. Software Development
  102. 102. Interfaces ▸WCF services shall be used for interfacing and interoperability. ▸WCF REST service shall be used for mobile application
  103. 103. Firewall ▸Firewall
  104. 104. Encryption Digital security needs to take into account two factors: the human factor and the technical factor. The human factor is about designing an app that remains secure throughout its everyday use. For example, If you accidentally leave door open. It should be with springs closer. The technical factor protecting your information using encryption Encryption of your stored data and encryption of your entry password We must use the latest encryption techniques and the highest possible encryption standards. Advanced Encryption Standard – 256 bits: sufficient to protect classified information up to the SECRET level. To authenticate main entry password we uses a standard known as PBKDF2
  105. 105. Encryption The PBKDF2 key derivation function has five input parameters: pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false) The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data. AES comprises three block ciphers: AES- 128, AES-192 and AES-256. Each cipher encrypts and decrypts data in blocks of 128 bits using cryptographic keys of 128-, 192- and 256-bits, respectively. PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) Various level of securities: auto-lock feature, password change reminder, self-destruct option in case your device accidentally ends up in malicious hands, password generator that helps to create super strong passwords to maximise online security.
  106. 106. Web Security Security For Client 1)PCI DSS (Payment Card Industry Data Security Standard) Use a payment gateway (which meets PCI DSS requirements) for a secure connection of the online shop to the acquiring bank as well as for allowing communication of payment information. 2) 3D Secure (Verified by VISA ir MasterCard SecureCode programmes). It is an authentication system for online card payments which helps to verify whether a purchaser is a genuine cardholder. It minimizes the risk of fraud and enhances confidence in your online shop. 3)CVV or CVV2 (Card Verification Value): Code Verification (CCV) are different terms for security features for credit or debit card transactions, providing increased protection against credit card fraud. credit card comes with a special three- or four-digit code generally known as a CVV2 or CVV number. Cardholders will be requested to enter this when processing an online payment.
  107. 107. Web Security 4)SSL(secure Socket Layer) SSL is standard security protocol used in online transaction to establish an encypted linl between web server (where payment is taken) & browser(where the payment info is entered) E-commerce websites uses SSL to authenticate their indetnity to visting customers & to protect sensitivity 5)SET (Secure Electronic Transaction) Developed by VISA & Master card,the secure electronic transaction protocol is used to aid the secure transammison of customer’s card details during online transaction. The protocols blocks out the details cad info,thus preventing merchnats,hackers & unauthorized parties from accessing the sensitivity info. 6)HTTPS: Https is an application layer protocol indetical to HTTP,but using 443(instead of 80) & additional layer (SSL/TLS) 7)TLS: Transaport Layer Security Is the successor to SSL,based on Netscape’s SSL 3.0.TLS/SSL cannot be used in conjustion with one another
  108. 108. Why mobile Security? Recent Incidents
  109. 109. Precautions to be taken while developing the app ▸If a code is being reused that code shall be analyzed line by line to look for phishing scams and only use verified and trusted sources for code. ▸The cache to be automatically wiped every time the mobile device reboots. ▸Users shall not be having access to see crash and debug logs ▸Plan for Physical Security Breaches ▸Patching the app proactively ▸Securing Outside the Box
  110. 110. Adding more security ▸ 24/7 fraud protection and monitoring ▸ Having mechanisms to prevent reverse engineering of the app ▸ Strategy to deal with rooted devices ▸ Using AI to further secure the user ▸ Repeat requests shall be disallowed ▸ Modified requests shall be disallowed ▸ Storing the credentials locally in encrypted format
  111. 111. LEGAL ASPECTS OF WebPay
  112. 112. Register WebPay Company ▸Directors and Shareholders for WebPay Private Limited Company are: 1. 3 Directors (Minimum requirement 2 Directors) 2. 54 Shareholders (Minimum requirement 2 Shareholders) 3. 3 Directors are also share holders (Directors and Shareholders can be same) ▸Documents Required for the Private Limited Company – 1. PAN Card or Address Proof of the Directors 2. Business Place ownership proofs. ▸Steps involved for register the private limited company – 1. Apply for the DSC ( Digital Signature Certificate) and DIN (Director Identification Number). 2. Apply for the Name Approval and fillings other e-forms or we can use INC 29 Integrated Forms. 3. Issue the Certificate of Incorporation. 4. Apply for Company PAN and open a current bank account. 5. Service Tax Registration or GST Registration.
  113. 113. Acts and Regulators Governing Payment Gateways in India ▸Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. ▸ The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process. ▸The Payment and Settlement Systems Act, 2007 is the nodal legislation for the regulation of payment systems in India and empowers the RBI to regulate and supervise these systems.
  114. 114. Bank Collaborations ▸We need to comply with the PCI DSS Compliance and apply for the Merchant Service Provider or Payment Facilitator with all of the banks such as HDFC, ICICI, Axis, CITI, etc . ▸ Depending on our financial standing and credibility, the bank may approve our application. Once they do, we can start signing up merchants on behalf of the bank. ▸WebPay is subject to disclosure requirements for the protection of customers. These include: ▸ All important T&Cs captured in clear and simple language (preferably in English, Hindi and local languages). ▸ All charges and fees associated with the use of WebPay Payment Gateway ▸The expiry period and the terms relating to expiration of WebPay Payment Gateway ▸The customer service telephone numbers and website URL of WebPay Payment Gateway. Disclosure Norms
  115. 115. Grievance Redressal ▸There will be a system for customer complaint/grievance redressal with a clear escalation matrix. In the event a customer’s concerns are not sufficiently addressed by the PPI issuer (if it is a bank) ▸The customer may approach the Banking Ombudsman set up by the RBI for resolution of customer complaints in a time-bound manner.
  116. 116. Integration with UPI for Offline Payments ▸NPCI has released several payments products to the market such as IMPS (Immediate Mobile Payments Service) and the UPI (Unified Payments Interface). ▸Unlike mobile wallets, these products can be operated only through a bank account. It is expected that with the launch of payments banks, these platforms will ultimately score over mobile wallets in the long run. ▸The UPI is a revolutionary new payment mechanism that provides for a safe and secure manner of making a payment without sharing the bank account number or IFSC codes. ▸This is possible through the generation of a Virtual Payment Address (VPA) that can be obtained by anyone with an account in a participating bank.
  117. 117. Security and Data Protection
  118. 118. Guidelines for execution of sub merchant agreement and KYC Documents required ▸Photo Proof ▸Office Address Proof ▸Additional Documents: ▸For Sole Proprietor 1. Registration certificate (in the case of a registered concern) 2. Certificate/license issued by the Municipal authorities under Shop & Establishment Act 3. Sales and income tax returns 4. CST/VAT certificate 5. Certificate/registration document issued by Sales Tax/Service Tax/Professional Tax authorities. ▸ Partnership / LLP Firm: 1. Certificate of registration (for registered partnership firms only) 2. Copy of partnership deed 3. Copy of Pan Card of Partnership Firm 4. Board resolution applicable in case of LLP only (on letter head of LLP) a resolution passed in favor of authorized signatory. ▸Cancelled Cheque ▸Financial Proof
  119. 119. Documents required ▸Public limited / Private Limited 1. Memorandum / Articles of Association and Certificate of Incorporation. (1st and Last 3 Pages) 2. List of Directors details from MCA Website. 3. Company Pan Card. 4. Board Resolution. ▸ Others ( NGO / Government / Education / Society) 1. Memorandum of Understanding / Certificate of registration (for registered trust only) & Copy of Trust deed or Society Deed / Government Certificate. 2. List of trustees / member/ authorized signatory certified. 3. Copy of Pan card of Trust. 4. Trust Resolution. Guidelines for execution of sub merchant agreement and KYC
  120. 120. Terms & Conditions ▸Member account, password, and security ▸Member privacy ▸Authority to debit payment account ▸Payment instructions ▸Modification or cancellation of payment instructions ▸Member conduct ▸Disclaimers ▸Termination ▸Indemnification
  121. 121. THANK YOU

Editor's Notes

  • 1. Satisfactory Experience to customers:
    We offer our customers a good experience in making the payment with confidence by using credit card, debit card, electronic check and allow them to buy products from all over the world.

    2. Multiple payment options This feature will improves business efficiency of handling many tasks in a wider range and fulfill the needs of customers. It will make clients able to pay your products or services through their selected payment gateways like PayPal, Authorize.net, Google Checkout and various other online payment gateways.

    3. Fraud screening features:
    The Payment gateway enables your business to track misuse of credit card or debit card and screen fraud purchases. It will minimize such malpractices to a great extent that it will protect you from suspicious transactions and larger charge back costs. Further, this will alert merchants on any fraudulent representation and prevent it for about 80 to 90%.
    4. Triggered Payments
    Triggered payments allow for the storage of credit card payments for recurring payments. This is useful if you plan to offer lay by or you have regular customers that use your web store.

    5. Payment Modes
    Start and end payments on the same page. Accept all major debit and credit cards, UPI, 50+ net banking banks and popular wallets.

    6. User-friendly and speedy in processing
    Last but not the least, payment gateway is user friendly and speedy in processing. As this will save customer’s time and make business to operate more easier. This will attract more visitors to have a glance at your business.

    7. Built for Developers
    Robust, clean, developer-friendly Payment Gateway that lets you focus on building great products instead of worrying about integration.

  • 1. Satisfactory Experience to customers:
    We offer our customers a good experience in making the payment with confidence by using credit card, debit card, electronic check and allow them to buy products from all over the world.

    2. Multiple payment options This feature will improves business efficiency of handling many tasks in a wider range and fulfill the needs of customers. It will make clients able to pay your products or services through their selected payment gateways like PayPal, Authorize.net, Google Checkout and various other online payment gateways.

    3. Fraud screening features:
    The Payment gateway enables your business to track misuse of credit card or debit card and screen fraud purchases. It will minimize such malpractices to a great extent that it will protect you from suspicious transactions and larger charge back costs. Further, this will alert merchants on any fraudulent representation and prevent it for about 80 to 90%.
    4. Triggered Payments
    Triggered payments allow for the storage of credit card payments for recurring payments. This is useful if you plan to offer lay by or you have regular customers that use your web store.

    5. Payment Modes
    Start and end payments on the same page. Accept all major debit and credit cards, UPI, 50+ net banking banks and popular wallets.

    6. User-friendly and speedy in processing
    Last but not the least, payment gateway is user friendly and speedy in processing. As this will save customer’s time and make business to operate more easier. This will attract more visitors to have a glance at your business.

    7. Built for Developers
    Robust, clean, developer-friendly Payment Gateway that lets you focus on building great products instead of worrying about integration.

  • By
    Abdul Mughni Ansari 15-I-102
    Hemal Doshi 15-I-112
    Harshad Kadu 15-I-119
    Suyog Kore 15-I-122
    Anjani Kumar Mishra 15-I-128
    Priyanka Phatak 15-I-134
    Mushfique Shaikh 15-I-140
    Jitesh Soni 15-I-148
    Amol Virbhache 15-I-151
    Harshal Desai 14-I-111

  • Over the last couple of years, mobile payment systems, as the following, have been compromised:
    Google Wallet has had it’s fair share of hacks in the past, such as the 2012 hack that exposed user’s PINs.
    The Starbucks app  was hacked in May 2015 which automatically withdraw funds from user’s bank, credit, or PayPal accounts.
    CurrentC was jeopardized in 2014 after the email addresses of pilot participants.
    Slate discovered in early 2015 that the accounts of users on the popular mobile-payment solution Venmo had been hacked, which resulted in their accounts getting drained.
    Fraudsters were able to hack into Apple Pay accounts when users were first inputting their credit card information.
    LoopPay, the core of Samsung’s mobile payment system, was broken into in 2015 by state-sponsored Chinese hackers. While no information was stolen, it’s believed that the group left backdoors so that they could reenter the system.

    To put this concern into perspective, recent research from Arxan determined that among the top paid and free mobile applications:
    100% of the top 100 paid apps on the Google Android platform had been hacked
    56% of the top 100 paid apps for Apple iOS had been hacked
    73% of popular free apps on Android had been hacked
    53% of popular free apps on Apple iOS had been hacked

  • Using Code from Other Developers
    It takes a lot of time to develop an app from the ground up, but there's no need to do so when so much free code exists to build on. Some hackers create code in the hopes that app developers pick it up to use in their apps. This gives hackers access to any information they want after the app’s release.
    There's nothing wrong with building upon the ideas of others, but you have to do your research. Make sure that if you use code from a third-party source, you can trust it's not going to cause security issues. Read the code line by line to look for phishing scams and only use verified and trusted sources for code.


    Not Planning for Data Caching Vulnerabilities
    Mobile devices are fundamentally different from standard laptops and desktops in that they store short-term information as long as possible (caching) to increase speed. This makes mobile devices more susceptible to security breaches because hackers can access cached information easily. To avoid the problem, you can require a password to use an app. Of course, app users often find passwords inconvenient, which can hurt the popularity of your app. You can try another solution to data caching vulnerabilities by programming the cache to automatically be wiped every time the mobile device reboots.

    Foregoing Thorough Security Testing
    As the app developer, you’re the last line of defense. If you don’t ensure your app is secure, you put all of your app's users at risk. That means you should never rush to release an app before you have properly tested it. Test every inlet for security issues, including the camera, GPS, sensors, and even the platform itself. No app is safe from the attacks of viruses and malware.
    During testing, avoid allowing users to see crash and debug logs. These are often the first places hackers look for app vulnerabilities. As an app developer, you can disable the NSLog statements on iOS. This action increases the speed of the app, too, which your users will appreciate. The Android debug log is typically cleared when a device is rebooted, but an app is vulnerable until that happens.

    Forgetting to Plan for Physical Security Breaches
    There's not much app developers can do to prevent mobile devices from being stolen or lost, but implementing a local session timeout code does help. Basically, users must periodically enter a password to get into an app. Instead of happening daily, it could be something like entering a password once a week or every five times they use an app. Sometimes, mobile devices have software that remembers passwords, but the local session timeout prevents this.

    Patching Your App Too Slowly
    You're not done after you launch your app. Hackers work fast. They look for apps that don't release security updates often, and then exploit those security holes. You need to revisit the app often to perform security updates. However, patches can regularly take time to reach users. For instance, Apple's approval process can take as long as a week. Plus, all mobile device users have to accept and download the patch. If you don't stay on top of new security updates, patches will take too long to reach users, putting their information at risk.
    There’s no margin for error when apps deal with things like customer credit cards and personal information. The repercussions of a security breach are catastrophic to an app developer. Don’t get caught unaware and unprepared. Make the necessary precautions to protect your app and its users.

    Securing Outside the Box
    It’s critically important to consider all of the various techniques for securing an app through intelligent development decisions. For enterprises developing and deploying apps internally to their employees, there are additional tools to consider. An enterprise mobility management (EMM) solution provides protections typically not addressed through direct app development. These protections start with the basic and most important, detection and remediation if an iOS device is jailbroken or an Android device is rooted. If all the built-in security of the mobile operating system has been removed, no app specific protections are going to keep the data safe for long, as all the above techniques build upon the inherent mobile OS security features.
    Beyond jailbreak and root security, an EMM solution can provide enterprise authentication requirements before launching an app and the ability to apply various security policies to prevent data breach. For example, the app and the device may be secure, but what about the data transmissions? Can those transmissions only happen over a secure channel? Will you allow the app to transmit if connected to an untrusted WiFi network? These and many other vulnerabilities can be addressed by the inclusion of an EMM solution in the enterprise.
    The combination of development strategies combined with EMM is the most comprehensive way to insure that devices, apps, and the critical data they contain stay safe in an unsafe digital world.





  • Wallet also comes with 24/7 fraud protection and monitoring. If you lose your phone, you can login to your Google Wallet account on any browser to instantly disable your lost or stolen device. You also have to enter a PIN to use Google Wallet, as you would with a debit card.

    Mobile malware often taps vulnerabilities or bugs in the design and coding of the mobile applications they target. Recent research from Kindsight reported by Infosecurity shows that malicious code is infecting more than 11.6 million mobile devices at any given time, and the number of mobile malware samples is growing at a rapid clip, increasing by twentyfold in 2013.
    Even before a vulnerability is exploited, attackers can obtain a public copy of an application and reverse engineer it. Popular applications are repackaged into “rogue apps” containing malicious code and are posted on third-party app stores to lure and trick unsuspecting users to install them and compromise their devices.
    Enterprises should look for tools to aid their developers to detect and close security vulnerabilities and then harden their applications against reverse engineering and tampering. However, “consumer apps” still represent a threat as they may not undergo the appropriate hardening process; and if rogue applications, malware and enterprise apps share the same device, the threat is tangible.


    Secure the Device: Detecting Compromised and Vulnerable Run-Time Environment
    As secure as an application is, its security relies on the underlying device’s security. Jailbroken or rooted devices or the presence of rogue applications can represent an execution risk that may be allowed for certain enterprise apps but not for others.
    Enterprises should look into ways to dynamically gauge the security of the underlying device. First, the mobile app sandbox, which is prevalent in modern mobile operating system design, must be intact. Rooting or jailbreaking the device breaks the underlying security model, and it is highly recommended to restrict these devices from accessing enterprise data. Furthermore, jailbreak technology is evolving rapidly to evade detection; coping with these mechanisms is essential to keeping up with these threats.
    Mobile malware doesn’t always rely on the device being jailbroken, however. Excessive use of permissions to the mobile applications — which are granted by the user, often by default — can provide malware and rogue applications access to basic services (e.g., SMS) used to facilitate fraudulent activities.
    Enterprises should consider up-to-date intelligence sources and application reputation services to track the tidal wave of applications — and their associated risk — as they enter mobile app stores on a daily basis. Using this data, application capabilities could be enabled or disabled based on the device risk profile.

    If I use an app to log into another service, what assurance is there that they aren't storing my password in cleartext? 
    It is easy to make mistakes such as storing user data (passwords/usernames) incorrectly on the device, in the vast majority of cases credentials get stored either unencrypted or have been encoded using methods such as base64 encoding (or others) and are rather trivial to reverse,” says Andy Swift, mobile security researcher from penetration testing firm Hut3.



    Don't allow repeat requests.
    Attackers can replay intercepted requests. The resulting impact can range from being merely annoying (as in the case of a repeat Tweet) to having dire consequences (for example, when a request to transfer money is re-sent). Developers can prevent repeat requests by using a NONCE (number used once.) The client generates a random number for each request. The server keeps track of these numbers to ensure that the requests are true and not being re-executed. If a repeat NONCE occurs, then the server knows that the request is invalid. The list of NONCEs stored on the server can be minimized by using a timestamp, as explained in number five.

    Don't allow modified requests.
    Rather than repeating a request, an attacker may choose to modify it. For example, the attacker may transfer money to a different account altogether. This can be prevented by using a shared secret or a cryptographic keypair. Creating an HMAC of the request and sending it to the server with the request allows the server to confirm that the request has not been modified.





×