Posts

Disrupting Traditional Card based Payments – Smart Contract based Payment Infrastructure using Stablecoin

/0 Comments/in /by

Subhojit Shome, Senior Manager | Finserv@vinodkothari.com 

Introduction

The payments ecosystem is often described as the “plumbing” of commerce—rarely visible to consumers, yet fundamental to economic activity. For decades, this plumbing has been dominated by credit and debit card systems, operated by banks and card networks under tightly regulated frameworks. In recent years, however, global technology platforms have begun experimenting with alternative payment infrastructures, particularly those built on blockchain technology, with the aim of reducing remittance fees and achieving faster settlement.1

One such initiative is the payment infrastructure jointly developed by Shopify and Coinbase (“Shopify–Coinbase Payment Infrastructure”), which enables merchants to accept payments using stablecoins, most notably USD Coin (USDC), without relying on traditional card networks.

Shopify–Coinbase Payment Infrastructure has been initially launched in at least 34 countries where merchants can accept USDC payments via the Base (blockchain) network. This includes a range of markets across the United States, most of Europe, Canada, Australia, Japan, Singapore2. A number of these countries/ regions (e.g. United States3, EU4,  Japan5, Singapore6) have statutorily recognised, and regulate the use of stablecoins.

This article examines the Shopify–Coinbase Payment Infrastructure in comparison with traditional card payment rails and analyses the regulatory concerns that would arise if such a system were to operate in India, with particular reference to the Payment and Settlement Systems Act, 2007 (“PSS Act”) and the regulatory stance of the RBI.

Understanding Payment “Rails” and the Card System

To appreciate what Shopify and Coinbase seek to replace, it is first necessary to understand the traditional debit/ credit card “payment rails”. The term “rails” is a metaphor, referring to the underlying infrastructure that carries a payment transaction from the payer to the payee—much like railway tracks carry trains.

In a credit or debit card transaction, the rails consist of several interconnected elements. When a customer uses a card, the merchant does not receive money immediately. Instead, the transaction is routed through the card network (such as Visa, Mastercard, or RuPay), which communicates with the customer’s bank (the issuer) and the merchant’s bank (the acquirer). The customer’s bank first checks whether sufficient funds or credit are available and places a temporary hold on that amount. This is known as authorisation (“auth”). The actual transfer of money happens later, when the merchant confirms the transaction—a step known as capture. Settlement between banks typically occurs after a delay of one or two business days.

This system is heavily regulated in India – card networks operate under RBI oversight, settlement occurs through RBI-regulated banking channels, and consumers are protected through structured dispute resolution mechanisms, including chargebacks7. The entire system functions within the legal framework of the PSS Act and the RBI’s directions on payment systems and card networks, payment aggregators, and consumer protection.

The Shopify–Coinbase Payment Infrastructure

The Shopify–Coinbase Payment Infrastructure proposes a fundamentally different way of moving money. Instead of using banks and card networks as intermediaries, it relies on stablecoins, which are digital tokens designed to maintain a stable value by being backed by traditional currency reserves. The stablecoin USDC, for example, is designed to track the value of the US dollar.

In this system, when a customer pays a merchant, the payment is executed on a blockchain network. The funds are first locked in a digital escrow mechanism controlled by software (a “smart contract”) and once the merchant fulfils the order, the funds are automatically released to the merchant. This process replicates the familiar card concepts of authorisation and capture (“auth and capture”), but replaces banks and card networks with software rules and cryptographic verification.

From the user’s perspective, the checkout experience may look familiar. From a legal perspective, however, the system represents a shift from institution-based trust (banks and regulators) to code-based execution. Settlement is near-instant, global, and does not depend on banking infrastructure.

Auth/ Capture using Stablecoins and Smart Contracts

In card payment systems, authorisation and capture are two distinct but linked stages in how a transaction is processed and settled. One of the unique characteristics of the Shopify–Coinbase Payment Infrastructure is that it is able to replicate such an auth/ capture settlement process which is observed in traditional card rails.8

Authorisation is the preliminary step. When a customer enters card details at checkout, the merchant seeks confirmation that the cardholder has sufficient funds or credit and that the transaction is permitted. At this stage, no money actually moves. Instead, the issuing bank places a temporary hold on the relevant amount, effectively earmarking those funds. From a legal perspective, authorisation represents a conditional and revocable promise by the issuer to honour the transaction, subject to subsequent validation and compliance with network rules.

Capture occurs later, when the merchant confirms that the goods or services have been provided (or are about to be provided) and formally requests payment. Upon capture, the transaction becomes final for settlement purposes. The temporary hold created at the authorisation stage is converted into an obligation to transfer funds through the card network’s clearing and settlement process. Only after capture does the merchant acquire an enforceable right to receive payment, subject to chargeback and dispute mechanisms.

The Shopify–Coinbase Payment Infrastructure seeks to recreate this familiar commercial logic—authorisation first, settlement later—while removing traditional card networks entirely. In this model, the customer pays using a stablecoin (typically denominated in a foreign currency such as the US dollar). Rather than immediately transferring funds to the merchant, the payment is first routed into a smart contract–based escrow. This escrow functions as the economic equivalent of card authorisation. The funds are not credited to the merchant and cannot be unilaterally withdrawn. They are effectively “locked,” signalling the payer’s intent and financial capacity, much like a card authorisation hold. The legal character of this stage differs fundamentally from card authorisation. In card systems, the issuer’s promise is conditional and revocable, and the funds remain within the regulated banking system. In a blockchain escrow, by contrast, the customer has already transferred the funds out of their wallet. Control is no longer exercised by a regulated intermediary but by pre-programmed contractual logic embedded in code.

The equivalent of capture occurs when the merchant satisfies predefined conditions—such as confirmation of shipment or lapse of a dispute window. Once those conditions are met, the smart contract automatically releases the stablecoins to the merchant’s wallet. Settlement is thus executed not through interbank clearing, but through an on-chain state change that is immediate, final, and typically irreversible. From a legal standpoint, this mechanism replaces discretionary decision-making by regulated institutions with deterministic execution by software.

Comparing Card Rails with Stablecoin-Based Payments

The contrast between card rails and the Shopify–Coinbase model is not merely technical; it is institutional and legal.

Card payments are embedded within a regulated financial ecosystem. Every participant—issuer banks, acquirers, networks, payment aggregators—is subject to licensing, capital requirements, audit obligations, and RBI supervision. Settlement occurs in Indian Rupees, and consumer protection is enforced through mandatory refund and dispute resolution frameworks.

By contrast, the stablecoin model shifts settlement outside the traditional banking system. Funds are represented not as bank deposits but as digital tokens. Settlement does not occur through RBI-regulated systems such as RTGS, NEFT, or card clearing arrangements, but on a distributed ledger maintained by a global network of computers. While this may reduce costs and increase speed, it also raises fundamental questions about regulatory oversight, legal accountability, and consumer protection.

The Indian Legal Framework Governing Payment Systems

The Payment and Settlement Systems Act, 2007 establishes a comprehensive legal framework under which the RBI is the sole authority empowered to regulate and supervise payment systems.

No person, other than the Reserve Bank, shall commence or operate a payment system except under and in accordance with an authorisation issued by the Reserve Bank under the provisions of this Act (Section 4 of the PSS Act)

Under the PSS Act, no person may operate a payment system in India without authorisation from the RBI. A “payment system” is defined broadly to include any arrangement that enables payments to be effected between a payer and a beneficiary. This definition is technology-neutral and focuses on function rather than form. Consequently, even a novel digital arrangement may fall within the regulatory perimeter if it facilitates payment and settlement.

In addition to the PSS Act, the RBI has issued detailed regulations governing card payments, payment aggregators and payment gateways, which impose obligations relating to customer funds, escrow arrangements, settlement timelines, dispute resolution, and grievance redressal. These regulations reflect the RBI’s core concern: protecting consumers and preserving the integrity of the payment system.

From an Indian statutory and regulatory standpoint, several concerns arise if a Shopify–Coinbase-type payment infrastructure were to be used by Indian merchants or consumers.

First, there is the issue of authorisation under the PSS Act. A stablecoin-based payment system that enables Indian users to make payments would likely qualify as a “payment system” under the Act. In the absence of explicit RBI authorisation, operating such a system in India would be impermissible, regardless of its technological sophistication.

Second, there is the question of settlement in Indian Rupees. Domestic payment systems in India settle in INR through RBI-regulated channels. Online card payments made in India using Indian cards cannot be routed through foreign banks or settled in foreign currency — they must be handled by Indian banks and settled in INR.9 Also, “Wallets”, i.e., prepaid payment instruments (PPI) essentially need to be loaded in INR.10 Stablecoin settlement, particularly when denominated in a foreign currency such as the US dollar, bypasses these channels. While stablecoins may be created so as to be denominated in INR, no recognition currently exists for stablecoins as settlement instruments for domestic payments.

Third, custody and consumer protection pose significant challenges. RBI regulations require that customer funds be held with regulated entities, typically banks, and that clear mechanisms exist for refunds, reversals, and dispute resolution. Blockchain-based escrow mechanisms are governed by software rather than law, and once a transaction is final, reversing it may be impossible without voluntary cooperation by the merchant. This stands in tension with RBI’s consumer-centric regulatory approach.

Fourth, there are foreign exchange and monetary policy considerations. Stablecoins backed by foreign currency reserves raise concerns under India’s foreign exchange regime and broader monetary sovereignty objectives. RBI has repeatedly expressed caution about private digital currencies and stablecoins, citing risks to financial stability and policy transmission.11

Conclusion

The Shopify–Coinbase Payment Infrastructure represents a significant evolution in global commerce, demonstrating how technology can replicate—and potentially outperform—traditional card systems in terms of speed and cost. However, from an Indian legal perspective, innovation in payments is not evaluated solely on efficiency. It is assessed through the lens of statutory compliance, regulatory oversight, consumer protection, and monetary stability.

While the logic of authorisation and capture may be technologically reproduced through blockchain-based escrow mechanisms, the legal foundations of payment systems in India remain firmly anchored in the PSS Act and RBI regulation. Until stablecoin-based payment infrastructures are brought within this framework—through authorisation, INR settlement mechanisms, and enforceable consumer protections—their direct adoption in the Indian domestic payments landscape would face substantial legal and regulatory hurdles.

  1. Stablecoins on the Blockchain – Stablecoins offer significant advantages over traditional remittance rails, primarily through reduced fees and faster settlement. While the World Bank reports a global average cost of ~6.6% for a ~$200 remittance, and annual transaction costs exceeding $41 billion, stablecoins can cut fees dramatically, often to ~$0.01 for high-volume transactions. Beyond cost, stablecoins provide near real-time settlement, a stark contrast to traditional cross-border remittances that can take days, with additional delays from holidays or bank closures. Ref. https://www.dbresearch.com/PROD/RI-PROD/PDFVIEWER.calias?pdfViewerPdfUrl=PROD0000000000610103&rwnode=REPORT
    ↩︎
  2. Ref. https://coinspaidmedia.com/news/shopify-launches-usdc-payments-34-countries/
    ↩︎
  3. In 2025, the GENIUS Act was enacted, creating a regulatory framework specifically for payment stablecoins – https://www.congress.gov/bill/119th-congress/senate-bill/1582
    ↩︎
  4.  EU Markets in Crypto-Assets Regulation (MiCA) places stablecoins under a category of asset-referencing tokens that are allowed to circulate and be used for payments – https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng ↩︎
  5.  Amendments to Japan’s Payment Services Act define certain types of fiat-pegged stablecoins as electronic payment instruments – https://www.fsa.go.jp/en/newsletter/weekly2023/540.html
    ↩︎
  6.  The Monetary Authority of Singapore (MAS) has developed a stablecoin regulatory framework under its Payment Services Act – https://www.mas.gov.sg/news/media-releases/2023/mas-finalises-stablecoin-regulatory-framework
    ↩︎
  7. A chargeback is a consumer protection process that allows a cardholder to dispute a transaction they believe is fraudulent, unauthorized, or not as described. The cardholder requests their bank to reverse the transaction, and the funds are debited from the merchant’s account. Ref. https://razorpay.com/blog/what-is-a-chargeback/
    ↩︎
  8. Ref. https://shopify.engineering/commerce-payments-protocol ↩︎
  9.  …where cards issued by banks in India are used for making card not present payments towards purchase of goods and services provided within the country, the acquisition of such transactions has to be through a bank in India and the transaction should necessarily settle only in Indian currency, in adherence to extant instructions on security of card payments.Ref. https://www.rbi.org.in/commonperson/english/scripts/Notification.aspx?Id=1496 ↩︎
  10. PPIs shall be permitted to be loaded / reloaded by cash, debit to a bank account, credit and debit cards, PPIs (as permitted from time to time) and other payment instruments issued by regulated entities in India and shall be in INR only.https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=12156 ↩︎
  11.  Widespread adoption of stablecoins would undermine central banks’ ability to control money supply and interest rates. ‘If both an official currency and a crypto asset are used for pricing goods and services, domestic prices could become highly unstable due to the inherent volatility of the crypto asset.’ (IMF-FSB 2023). If residents increasingly hold or transact stablecoins, changes in domestic policy rates may have limited influence on economic decisions, weakening the effectiveness of monetary policy. – Keynote address by Mr T Rabi Sankar, Deputy Governor of the Reserve Bank of India, available here – https://www.bis.org/review/r251216i.htm. ↩︎

See our other resources

  1. Tokenisation of Real World Assets – The Way Ahead for Creating Securities;
  2. Cryptos: Are They Back in Business?;
  3. Security Token Offerings & their Application to Structured Finance;
  4. Decentralised Finances;
  5. Cryptocurrency on the path to Legalisation?;
  6. Cryptocurrency – A Cautionary Tale for India;
  7. Trustless System;
  8. Blockchain based lending; A peer-to-peer system;
  9. Financial Services firms foray into the metaverse.

De-novo Master Directions on PPIs

/0 Comments/in , /by

I. Introduction

The Reserve Bank of India (RBI) on August 27, 2021, issued the Master Directions on Prepaid Payment Instruments[1] (‘Master Directions’) repealing the Master Directions on Issuance and Operation of Prepaid Payment Instruments[2] (‘Erstwhile Master Directions’) with immediate effect. These Master Directions have been issued keeping in mind the recent updates to the Erstwhile Master Directions.

In this write-up we aim to cover the major regulatory changes brought about by the Master Directions.

II. Overview of key changes

1.  Classification of PPIs instruments

The Erstwhile Master Directions classified PPIs into three categories namely closed ended PPIs which could be issued by anyone and required no RBI approval, semi-closed PPIs and open ended PPIs which could be issued only by Banks. The new Master Directions have also classified PPIs in three categories i.e. Closed-ended PPI, Small PPIs and Full-KYC PPIs. However, since closed-ended PPIs are not a part of the payment and settlement system, they are not regulated by the RBI. A brief snapshot of the nature of the other two types of PPIs is presented below:

Basis Small PPI Full KYC PPIs
With cash loading facility Without cash loading facility
Issuer Banks and non-banks after obtaining minimum details of PPI holder (mobile number verified with OTP; self-declaration of name and unique identity/identification number of any OVD) Banks and non-banks after completing KYC of holder
Identification Process Verification of mobile number through an OTP

Self-declaration of name and unique identify number of any OVD as recognized in KYC Master Directions

 Video-based Customer Identification Process
Nature of PPI Reloadable and can be issued in electronic form.

 

Electronic payment transactions have been divided into two categories- transactions that do not require physical PPIs and those which require. Hence, even cards could be issued.

 Reloadable and can be issued in card or electronic form.

 

Loading/Reloading shall be from a bank account / credit card / full-KYC PPI.

 

 Reloadable and can be issued in electronic form.

 

Electronic payment transactions have been divided into two categories- transactions that do not require physical PPIs and those which require. Hence, even cards could be issued.
Maximum amount that can be loaded In a month: INR 10,000

In a year: INR 120,000

 No maximum limits
Maximum outstanding amount at any point of time INR 10,000 INR 200,000
Limit on debit during a month INR 10,000 per month No limit No limit
Usage of funds For purchase of goods and services only.

Cash withdrawal or fund transfer not permitted

 

 Transfer to source or bank account of PPI holder, other PPIs, debit or credit card permitted subject to:

 

Pre-registered benefit – maximum INR 200,000 per month per beneficiary

 

Other cases – maximum INR 10,000
Cash Withdrawal Not permitted Permitted subject to limits:

 

INR 2000 per transaction and

INR 10,000 per month
Conversion To be converted into full-KYC PPIs within a period of 24 months from the date of issue of the PPI. Small PPI with cash loading can be converted into Small PPI without cash loading, if desired by the PPI holder. Not applicable
Restriction on issuance to a single person Cannot be issued to same person using the same mobile number and same minimum details more than once. No such restriction No such restriction
Closure Funds transferred back to source or Holders bank account after complying with KYC norms

 

 Funds transferred to pre-designated bank account or

 

PPIs of the same issuer

 

The concept of ‘Small PPI’ and ‘Full-KYC PPI’ cannot be said to be a new introduction, rather, it is more of a merger of the existing variety of semi closed PPIs in Small PPI and the open ended PPI to Full KYC PPI. However, an important change that has been inserted is the recognition of non-bank PPI issuers to issue Full KYC PPI, who were earlier not allowed to issue open ended PPIs.

2. Validity of Registration

Earlier, the Certificate of Authorisation was valid for five years unless otherwise specified and was subject to review including cancellation of the same. However, under the Master Directions, the authorisation is granted for perpetuity (even for existing authorisation which becomes due for renewal) subject to compliance with the following conditions:

  1. Full compliance with the terms and conditions subject to which authorisation was granted;
  2. Fulfilment of entry norms such as capital, net worth requirements, etc.;
  3. No major regulatory or supervisory concerns related to operations, as observed during onsite and / or offsite monitoring;
  4. Efficacy of customer grievance redressal mechanism;
  5. No adverse reports from other departments of RBI / regulators / statutory bodies, etc.

Also, the concept of ‘cooling period’ was introduced in December 2020[3], for effective utilisation of regulatory resources. PPI issuer whose CoA is revoked or not-renewed for any reason; or CoA is voluntarily surrendered for any reason; or application for authorisation has been rejected by RBI; or new entities that are set-up by promoters involved in any of the above categories; will have a one year cooling period. During the said cooling period, entities shall be prohibited from submission of applications for operating any payment system under the PSS Act.

3. Cross border transactions in Indian denomination

The Erstwhile Master Directions provided that Cross Border Transactions in INR denominated PPIS was allowed only by way of KYC compliant semi-closed and open PPIs which met the conditions specified therein. However, under the Master Directions, such issuances have been permitted only in the form of Full-KYC PPI and other conditions as prescribed earlier have not been altered.

4. Maintenance of Current Account

Apart from maintaining an escrow account with a scheduled commercial bank, non-bank PPI issuer that is a member of the Centralised Payment Systems operated by RBI i.e. non-bank issuers as covered under Master Directions on Access Criteria for Payment Systems[4] which have been allowed to access Real Time Gross Settlement (RTGS) System and National Electronic Fund Transfer (NEFT) Systems and any other such systems as provided by RBI, shall also be required to maintain a current account with the RBI.

Transfer from and to such current account is permitted to be credited or debited from the escrow account maintained by the PPIs.

5. Ensuring additional safety norms

  • To ensure safety and security, PPIs issuers are now required to put in place a Two Factor Authentication (2FA) in place for all wallet transactions involving debit to wallet transactions including cash withdrawals. However, it is not mandatory in case of PPI-MTS and gift PPIs.
  • The Erstwhile Master Directions required PPI issuers to put in place a mechanism to send alerts to the PPI holder regarding debit/credit transactions, balance available /remaining in the PPI. In addition to the same, the Master Directions now require issuers to send alerts to the holder even in case of offline transactions. The issuer may send a common alert for all transactions as soon as the issuer receives such information. Separate alerts for each transaction shall not be required.

6. Miscellaneous

  • In case of co-branding, additionally it has been specified that the co-branding partner can also be a Government department / ministry.
  • The Erstwhile Master Directions provided banks and non-banks a period of 45 days to apply to the Department of Payment and Settlement Systems (DPSS) after obtaining the clearance under the Payment and Settlement Systems Act, 2007. The same has now been reduced to 30 days from obtaining such clearance.
  • In addition to the satisfactory system audit report and net worth certificate, RBI also requires issuers to submit a due diligence report for granting final Certificate of Authorisation (CoA).
  • Transfer of funds back to source account in case of Gift PPIs has been allowed after receiving the consent of the PPI holder.
  • To improve customer protection and grievance redressal, the Master Directions have provided customers of non-bank PPI issuers to have recourse to the Ombudsman Scheme for Digital Transactions.

7. Effect on existing issuers

The timeline for complying with the minimum positive net-worth of 15 crores by non-bank PPI issuers has been extended and shall now be met with by September 30, 2021 instead of March 31, 2020. Non-bank issuers shall submit the provisional balance sheet indicating the positive net-worth and CA certificate to the RBI on or before October 30, 2021, failing which they may not be permitted to carry on their business.

III. Conclusion

In this write-up we have aimed to cover the gist of changes introduced in the Master Directions as compared to the Erstwhile Master Directions. The changes made in the regulatory framework for the PPIs have created a level playing field for banks and non-banks, especially, with respect to issuance of full KYC PPIs. Comparatively, the new directions are way more liberal than the earlier one, which only indicates how bullish the regulator must be with respect to PPIs.

 

[1] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=12156#MD

[2] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11142

[3] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12001&Mode=0

[4] MD51170116C65788DE8A564165B74D5FECE0626A73.PDF (rbi.org.in)