Back to Gateway Index
PayU logo
Payment Gateway

PayU

Prosus-owned India-focused payment aggregator with 130+ currency acceptance and a Turkey/SEA footprint

Builder Verdict

Pick PayU if you're an India-registered merchant that needs the widest cross-border currency coverage of any local gateway and is willing to navigate a heavier KYC/onboarding process — but plan for support that's slower than Razorpay and a track record of long settlement holds.

Complexity

◆◆ Moderate

Region

India + Turkey + SEA

Fees

2% + GST (domestic)

PayU is a Prosus (Naspers) company founded in 2002 and headquartered in Hoofddorp, Netherlands, with India (payu.in), Turkey (via Iyzico), and Southeast Asia (via Red Dot Payment) as its remaining core markets after the $610M sale of its Latin America and Africa Global Payment Organisation to Rapyd in March 2025. PayU India serves 4,50,000+ merchants with 100+ payment methods (cards, UPI, netbanking, wallets, BNPL, QR, EMI, NACH), supports 130+ presentment currencies (highest in the Indian market), holds a final RBI Payment Aggregator licence (granted May 2025), and is being prepared by Prosus for a 2025/2026 IPO.

Last full audit: April 24, 2026

01

Trust Score Breakdown

Account Stability

48/100

Account-stability is the weakest dimension. PayU operated under a year-long RBI onboarding embargo (Jan 2023 – April 2024) before the in-principle PA approval, during which it could not onboard new merchants. ED has frozen ~₹130 crore in PayU virtual accounts (the largest share among all 8 implicated PAs) as part of the HPZ Token / Chinese-loan-app investigations, blocking merchant settlements pending case-by-case inquiry. Public review sites consistently cite sudden settlement holds of 60–210 days with auto-closed tickets and document re-request loops.

Developer Experience

72/100

Official server-side SDKs published for Node.js, Python, PHP, .NET, plus iOS and Android. Three integration paths: PayU Hosted Checkout (lowest PCI scope), Merchant Hosted Custom Checkout (full UI control, requires SAQ-D), and Server-to-Server (S2S) with webhook callbacks. Documentation lives at docs.payu.in (current) plus legacy devguide.payu.in and developer.payumoney.com (older PayUmoney content) — the split causes recurring confusion. SHA-512 hash generation for both request and response (reverse order with pipe-delimited fields) is the most-reported integration footgun and accounts for most 'hash mismatch' tickets.

Payout Reliability

60/100

Standard T+2 business-day settlement (T+2 for international after the licensed cross-border PA approval) is predictable when an account is in good standing. However, public review sites (SoftwareSuggest, Capterra, ConsumerComplaints, PissedConsumer) carry repeated reports of settlements held for 60–210+ days citing risk/compliance review, with limited transparency on resolution timelines. Largest reported ED freeze among Indian PAs (~₹130 crore in PayU virtual accounts during HPZ Token investigation) materially affected merchant payouts in 2022–2025.

Support Quality

40/100

Most-cited weakness across review sites. Support is dashboard-ticket and email via help.payu.in, with no standard 24/7 phone line for merchants. SoftwareSuggest, Capterra, ConsumerComplaints, and PissedConsumer reviews report tickets being system-acknowledged then auto-closed without resolution, repeated document requests across multiple representatives, and multi-week silences on settlement-hold escalations. Better response times reported for integration/API issues than for risk/payout disputes.

Track Record

78/100

Founded 2002, owned by Prosus (Naspers); 23 years in market with 4,50,000+ Indian merchants and 2M+ credit customers. Holds the final RBI Payment Aggregator licence (May 2025, after in-principle April 2024 and a year-long Jan 2023 audit embargo). Successfully divested the LATAM and Africa GPO to Rapyd for $610M in March 2025 to focus on India/Turkey/SEA, with a Prosus-led IPO planned for 2025/2026. Acquired 43.5% of Mindgate Solutions (real-time payments tech) in 2025. Track record is solid as a company; merchant-facing reputation is more uneven than the corporate footprint suggests.

Transparency

58/100

Headline pricing (2% + 18% GST domestic, 3% + GST for Amex/Diners) is published on payu.in/pricing and the PayUmoney FAQ, with explicit 'no setup, no AMC' for the standard plan. Less transparent: international-card and EMI fees require setup + annual maintenance whose amounts are not publicly listed, chargeback/dispute fees are not on the public pricing page, and high-volume custom pricing for merchants over ₹10 lakh/month is negotiated per-account. The RBI cited PayU's 'complex corporate structure' as a reason to defer its PA license in 2023.

02

Availability Matrix

Region Countries Currencies Payout Timing
India (primary market) India — merchants must be a registered Indian entity with PAN, GST (where applicable), and an Indian current account. Operates under the trade name PayU India / PayU Payments Private Limited. INR settlement; accepts INR from domestic customers and 130+ presentment currencies from international customers (highest currency coverage among Indian PAs) T+2 business days (standard domestic). T+2 business days for licensed international/cross-border settlements.
Turkey (via Iyzico subsidiary) Turkey — merchants must be a Turkish registered entity. Operated under the Iyzico brand (acquired by PayU in 2019 for $165M). TRY settlement plus EUR/USD acceptance Per Iyzico schedule
Southeast Asia (via Red Dot Payment subsidiary) Singapore (HQ), Indonesia, Thailand, and additional ASEAN markets. Red Dot Payment holds Visa and Mastercard merchant acquiring licences for the region. SGD, IDR, THB, plus regional acceptance Per Red Dot Payment schedule
International customer acceptance (from India merchants) Cards from 150+ countries via major networks; presentment in 130+ currencies (USD, EUR, GBP, AUD, CAD, SGD, AED, JPY, CNH and more) 27 displayable local-price currencies; 130+ presentment currencies; settles to merchant in INR T+2 business days for licensed international settlements (after cross-border PA approval)
NOT Available (merchant signup) — formerly LATAM, Europe, Africa Merchants in Latin America (Argentina, Brazil, Chile, Colombia, Mexico, Peru, Panama), Africa (South Africa, Nigeria), and Europe ex-Turkey (Poland, Czech, Romania, Slovakia, Hungary) cannot sign up with PayU as of March 2025 — the Global Payment Organisation in those regions was sold to Rapyd. Use Rapyd, Stripe, dLocal, or local PSPs for those markets. N/A N/A
03

Feature Snapshot

PayU Hosted Checkout

Pre-built hosted payment page rendered by PayU. Lowest PCI scope (SAQ-A). Recommended default for new integrations.

Merchant Hosted Custom Checkout

Full UI control on merchant domain — requires SAQ-D PCI compliance and must implement 3DS 2.0 redirect handling.

Server-to-Server (S2S) Integration

API-first integration with hash-signed requests/responses. Recommended pattern for back-office reconciliation.

UPI & UPI AutoPay

Native UPI Intent, Collect, and QR flows plus UPI 2.0 AutoPay for recurring mandates. Covered under Zero-MDR for UPI; PayU platform fee applies.

Subscriptions / Recurring (Standing Instructions)

PayU Standing Instructions API supports CC/DC, UPI AutoPay, and e-NACH mandates with fixed and variable amounts, free trials, late fees, and add-on charges. Plans + Subscriptions API model.

Payment Links

Generate one-time and subscription payment links via dashboard or API. Sharable via SMS/email/WhatsApp.

EMI & No-Cost EMI

Debit-card EMI, credit-card EMI, cardless EMI, and No-Cost EMI through bank partnerships. Requires separate setup fee + AMC; rates not on public pricing page.

International / Cross-border Payments

Accepts cards from 150+ countries with presentment in 130+ currencies — broadest currency coverage among Indian PAs. Operates under PayU's RBI cross-border PA licence. Requires document submission (1-year bank statement, 2-year ITR, FSSAI/IATA where applicable).

Dynamic Currency Conversion (DCC)

Show prices in customer's local currency at checkout; settle in INR. Available for licensed international acceptance.

BNPL (Buy Now Pay Later)

Integrated BNPL via partner financing programs and PayU Finance (payufin.in) for credit products.

~

Marketplace / Split Payments

Marketplace settlement is supported under enterprise contracts but no public self-serve Route equivalent like Razorpay. Implementation typically negotiated.

Webhooks (S2S Callbacks)

PayU sends an additional S2S response with SHA-512 reverse-order hash signature. Recommended as primary source of truth for transaction status (over browser redirect).

Refunds

Source-only refunds to original payment method via dashboard or refunds API. Standard 5–7 business days. The transaction fee is not returned on refund.

3D Secure 2.0

3DS 2.0 supported on Merchant Hosted Custom Checkout per card issuer/network mandate. Enables liability shift on authenticated transactions.

Tokenization (RBI CoF)

Network tokenization compliant with RBI Card-on-File guidelines (effective Oct 2022). Card number/expiry stored in PayU secure vault; CVV never stored. Merchants do not store raw PAN.

Fraud / Risk Tools

PCI-DSS gateway with rule-based fraud filters and chargeback management. CERT-IN audited annually. Less granular than dedicated fraud platforms.

Chargeback / Dispute Management

Chargeback dashboard plus Read Chargeback API for dispute lifecycle. Merchant submits evidence within bank's reply date; PayU forwards to acquiring bank.

POS / In-Person Payments

PayU POS solution offers card readers and QR code acceptance for offline/omnichannel. Pricing communicated separately.

PayU Finance (Lending)

Adjacent business at payufin.in — small-business and consumer credit serving 2M+ customers. Separate product from the gateway.

Customer Portal

No standalone end-customer self-serve subscription portal. Merchants must build subscription management UI on top of the Standing Instructions API.

04

Pricing Breakdown

Standard domestic transaction (Debit, Credit, Netbanking, Wallets, UPI) 2% + 18% GST (on the 2% platform fee)
American Express & Diners cards 3% + 18% GST
International cards Higher than domestic (typically ~3% + GST equivalent); requires one-time setup fee + Annual Maintenance Charge — amounts not on public pricing page, communicated per-merchant after document review
EMI (debit, credit, cardless, No-Cost) Separate fee plus one-time setup fee + Annual Maintenance Charge — amounts not on public pricing page, custom per merchant
Setup / AMC (standard plan) ₹0 — no setup fee, no annual maintenance charge for standard domestic processing
High-volume custom pricing Custom rates negotiated for businesses processing over ₹10 lakh/month
Refund fee Refunds processed at no additional fee, but the original transaction fee is NOT returned on refund
Chargeback / dispute fee Not publicly listed on pricing page. Arbitration costs and penalties for the losing party may be debited to the merchant via PayU per acquirer rules.
POS machine charges Hardware + per-transaction MDR communicated per-merchant; not on public pricing page
05

Security & Compliance

PCI DSS PCI-DSS compliant, audited annually by India's CERT-IN Empanelled Auditor. RBI-authorised online + offline + cross-border Payment Aggregator (final license May 2025).
ISO/IEC 27001 ISO/IEC 27001 certified for information security management. Certification regularly validated by independent third-party auditor.
Encryption TLS for transport; SHA-512 hash signing on every request and response; CVV never stored; card data stored only in tokenized form.
3D Secure 3DS 2.0 supported on Merchant Hosted Custom Checkout per issuer/network mandate. Enables liability shift on authenticated transactions.
Tokenization (RBI CoF) Network tokenization compliant with RBI Card-on-File guidelines (Oct 2022). Card number + expiry held in PayU secure vault; CVV never stored; merchants never see raw PAN.
Hash-based Request/Response Authentication SHA-512 hash on every request (forward order: key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT) and response (reverse order: SALT|status||||||udf5|udf4|udf3|udf2|udf1|email|firstname|productinfo|amount|txnid|key). Webhook S2S response includes the same hash for verification.
RBI Regulatory Status Final RBI Payment Aggregator licence granted May 2025 (after in-principle April 2024 and a year-long Jan 2023 audit embargo). Authorised to operate online, offline, and cross-border PA business in India.
06

Integration Prompt

Copy & use this 6421-char integration prompt

Production-ready prompt for Claude / GPT / Cursor — handles setup, security, webhooks & gotchas

 
You are integrating PayU India as the payment gateway for a [Django / Next.js / Node / etc.] application. PayU is India-focused — the merchant account must be a registered Indian entity with PAN, GST (where applicable), and an Indian current account. Settlement is in INR. PayU also operates in Turkey (Iyzico) and Southeast Asia (Red Dot Payment), but the SDKs and APIs below are PayU India.

## Setup
1. Install the official server-side SDK — never roll your own hash generator:
   - Node: `npm install payu-sdk-node`
   - Python: `pip install payu-sdk-python`
   - PHP: `composer require payu/payu-sdk-php`
2. Store credentials in environment variables — never in client code:
   - `PAYU_KEY` (merchant key — the publishable identifier)
   - `PAYU_SALT` (private — server-only, NEVER ship to the browser)
   - Note your environment: `https://test.payu.in` (sandbox) vs `https://secure.payu.in` (live).
3. Validate on startup that both env vars exist and that test vs live keys match the current environment.

## Recommended Integration: PayU Hosted Checkout (lowest PCI scope)
PayU Hosted Checkout renders the payment page on PayU's domain — your server never touches card data, keeping you at SAQ-A PCI scope.

```python
import hashlib

txnid = f'order_{internal_id}'
fields = {
    'key': PAYU_KEY,
    'txnid': txnid,
    'amount': '500.00',                # rupees, two decimals — NOT paise
    'productinfo': 'Plan-Pro',          # no pipe characters
    'firstname': customer_first_name,
    'email': customer_email,
    'udf1': '', 'udf2': '', 'udf3': '', 'udf4': '', 'udf5': ''
}
hash_string = '|'.join([
    fields['key'], fields['txnid'], fields['amount'], fields['productinfo'],
    fields['firstname'], fields['email'],
    fields['udf1'], fields['udf2'], fields['udf3'], fields['udf4'], fields['udf5'],
    '', '', '', '', '',                 # five empty udf6–udf10 placeholders
    PAYU_SALT
])
fields['hash'] = hashlib.sha512(hash_string.encode()).hexdigest()
# POST `fields` as form data to https://secure.payu.in/_payment
```

The customer is redirected to PayU; on completion they land back on your `surl` (success URL) or `furl` (failure URL). Both URLs receive a POST with the response hash.

## Response Hash Verification (Critical)
Verify EVERY response — both the browser-redirect POST AND the S2S webhook — using the reverse-order hash. Never mark an order paid without a passing hash check.

```python
def verify_payu_response(post_data):
    expected = '|'.join([
        PAYU_SALT, post_data['status'],
        '', '', '', '', '', '',         # six empty placeholders (udf10 down through udf6)
        post_data['udf5'], post_data['udf4'], post_data['udf3'],
        post_data['udf2'], post_data['udf1'],
        post_data['email'], post_data['firstname'], post_data['productinfo'],
        post_data['amount'], post_data['txnid'], post_data['key']
    ])
    expected_hash = hashlib.sha512(expected.encode()).hexdigest()
    return hmac.compare_digest(expected_hash, post_data['hash'])
```

## S2S Webhook (Source of Truth)
Never rely on the browser redirect alone — networks drop, customers close tabs, mobile back-buttons fire. Configure an S2S webhook URL in Dashboard → Settings → Webhooks and treat it as authoritative.

1. Configure an HTTPS webhook URL (PayU rejects HTTP).
2. Subscribe to: payment success, payment failure, refund processed, chargeback created.
3. The webhook POST body uses the same parameters as the response redirect, including a `hash` field — verify it with the same reverse-order SHA-512.
4. Idempotency: dedupe on `txnid` against a processed-events table before fulfilling.
5. Respond 200 within 5 seconds; do fulfillment work asynchronously.

## Security Best Practices
- Use PayU Hosted Checkout (not Merchant Hosted Custom) unless you have SAQ-D PCI compliance — Hosted keeps you at SAQ-A.
- Per RBI Card-on-File rules, never store raw PAN — PayU returns network tokens for recurring/refunds; use those.
- The SALT belongs server-only; never expose it in client JS, mobile bundles, public repos, or client-side hash computation.
- Use HTTPS for both `surl`/`furl` and webhook URLs; PayU rejects HTTP endpoints in production.
- Use a unique `txnid` per attempt — never reuse on retry; PayU rejects duplicates and the response hash will mismatch.
- Send amount in rupees with two decimals (`'500.00'`) — NOT paise. (This differs from Razorpay, which uses paise.)

## Subscriptions / Recurring (Standing Instructions)
For subscription billing, use the Standing Instructions API model (Plans + Subscriptions) with CC/DC, UPI AutoPay, or e-NACH mandates:

1. Create a Plan via the Plans API (amount, billing cycle, free trial).
2. Create a Subscription against the Plan; the first charge is authorized via a Hosted Checkout flow with the `si` (standing instruction) flag.
3. Subsequent charges are auto-debited per the mandate; PayU posts a webhook for each.
4. Mirror Plan + Subscription state transitions in your DB driven by webhooks — don't query PayU on every render.

## Testing
- Sandbox base URL: `https://test.payu.in/_payment`
- Test cards (sandbox): `5123 4567 8901 2346` (Mastercard success), `4012 0010 3714 1112` (Visa success). CVV `123`, expiry any future. OTP `123456`.
- Test UPI VPA: `success@payu` (captured), `failure@payu` (failed).
- Test netbanking: pick any bank → choose 'success' or 'failure' on the mock bank page.
- Always test: successful payment, failed payment, 3DS challenge, S2S webhook delivery, refund, dispute creation webhook, and a settled-then-refunded flow.

## Common Gotchas
- **Amounts are in rupees, NOT paise** (unlike Razorpay). A ₹500 charge is `amount: '500.00'`.
- **Hash mismatch is the #1 integration failure** — use the official SDK, never compute the hash in the browser, and watch the empty udf6–udf10 pipe placeholders.
- **The S2S webhook is the source of truth** — the browser redirect can drop. Always implement and verify the webhook before going live.
- **GST (18%) applies to the platform fee, NOT the transaction amount** — invoice and reconcile accordingly.
- **International card and EMI processing require separate setup + AMC fees** that are not on the public pricing page — get them in writing before signing.
- **Documentation split**: bookmark docs.payu.in as the only authoritative source — older content on devguide.payu.in and developer.payumoney.com may show different parameter names.

Replace [Django / Next.js / etc.] with your stack. Follows PCI DSS best practices and handles common edge cases.

07

Common Pitfalls

8 items
1

Settlement holds reaching 60–210+ days

The single most-reported merchant complaint across SoftwareSuggest, Capterra, ConsumerComplaints, and PissedConsumer: settlements put on hold citing risk/compliance review with limited explanation, and resolution stretching past the stated 60- or 210-day windows even after submitting all KYC and invoices. Mitigation: submit complete KYC before first transaction; avoid sudden volume spikes; keep dispute rate near zero; insist on a named account manager for higher-tier accounts; escalate via @PayU on Twitter/X for visibility on stalled tickets.

2

ED has frozen ₹130 crore in PayU virtual accounts (largest among Indian PAs)

During the HPZ Token / Chinese-loan-app investigations (2022–2025), the Enforcement Directorate froze approximately ₹130 crore held in PayU virtual accounts — the largest exposure among the eight payment aggregators implicated (PayU ₹130 cr > Easebuzz ₹33.4 cr > Razorpay ₹18 cr > Cashfree ₹10.6 cr > Paytm ₹2.8 cr). PayU has stated there are 'factual inaccuracies' in some media coverage and denies fresh investigations, but merchants whose transactions touched flagged entities had settlements blocked pending case-by-case inquiry. This is industry-wide regulatory exposure, but PayU's share is the largest.

3

SHA-512 hash mismatch is the #1 integration failure

Most 'hash mismatch' tickets come from incorrect parameter ordering or pipe handling in the SHA-512 hash generation. The forward-order request hash and reverse-order response hash must use exactly the documented field order with five empty UDF placeholders (udf6 through udf10) between udf5 and SALT — missing pipes are the most common cause. Fix: use the official server-side SDK (payu-sdk-node, payu-sdk-python, payu-php-sdk) rather than rolling your own hash generator; never compute the hash client-side; never expose the SALT to the browser.

4

Browser redirect is unreliable — must use S2S webhook

PayU's official guidance explicitly states the browser redirect can fail (network drops, customer closes tab, mobile back-button) and merchants who treat the redirect as authoritative will under-record successful payments. The S2S webhook callback (with verified SHA-512 hash) must be the primary source of truth for marking an order paid. Mitigation: always implement the webhook handler on a publicly reachable URL configured in dashboard before going live; reconcile the redirect status against the webhook event by txnid before fulfilling.

5

International / EMI fees and chargeback fees not on public pricing page

While 2% + GST domestic and 3% + GST Amex/Diners are clearly published, international card processing and EMI both require an undisclosed setup fee + Annual Maintenance Charge that is communicated only after document submission and approval. Chargeback/dispute fees are also not on the public page. Mitigation: get the exact international/EMI/chargeback fee schedule in writing from your account manager before signing — don't assume parity with the domestic 2% headline.

6

Documentation is split between docs.payu.in and legacy devguide/PayUmoney portals

PayU's current developer documentation lives at docs.payu.in (current SDKs, current API), but legacy content at devguide.payu.in and developer.payumoney.com remains indexed and is often the top Google result for older queries. The two sets describe slightly different integration patterns and parameter names. Mitigation: bookmark docs.payu.in as the only authoritative source; treat anything on the PayUmoney portal as historical unless explicitly confirmed against the current docs.

7

Year-long RBI onboarding embargo (Jan 2023 – April 2024) blocked new merchant signups

RBI cited PayU's complex corporate structure when it asked the company to reapply for the PA license in January 2023, during which PayU could not onboard new merchants for over a year. In-principle approval came April 2024; final approval May 2025. While the embargo is now lifted, the episode shows regulatory scrutiny of the Prosus-owned cross-border structure is real and could recur. Mitigation: factor in regulatory exposure when committing to a multi-year integration plan; have a fallback PSP wired up as a backup processor.

8

Support is ticket-based with auto-closure complaints

Support is dashboard-ticket and email via help.payu.in with no standard 24/7 phone line for merchants. Reviews report tickets being system-acknowledged then auto-closed without resolution, repeated document requests across multiple representatives, and multi-day silences on settlement-hold escalations. Mitigation: use the Merchant Care Team escalation path documented at help.payu.in with explicit grievance numbers; for higher tiers insist on a named account manager.

08

Community Pulse

Indian developer sentiment on PayU is sharply split. The technical reputation is solid — multiple official server-side SDKs (Node, Python, PHP, .NET), a clear Hosted Checkout path, and the broadest international currency coverage of any Indian PA — but merchant-operations sentiment is consistently the weakest among major Indian gateways. Public reviews on SoftwareSuggest, Capterra, ConsumerComplaints, and PissedConsumer are dominated by reports of settlements held for 60–210+ days, auto-closed support tickets, and document re-request loops. PayU's largest-in-industry ED freeze (~₹130 crore in HPZ Token investigation), the year-long RBI onboarding embargo (Jan 2023 – April 2024), and the SHA-512 hash mismatch errors that account for most integration tickets are recurring talking points. Most teams that pick PayU over Razorpay do so for the wider currency coverage, the Iyzico/Red Dot subsidiary footprint, or pre-existing enterprise contracts — not for the developer or support experience.

💬 PayU Reviews 2026 — Pros & Cons from Verified Users SoftwareSuggest · 2026
💬 PayU Reviews 2026 — Verified Reviews, Pros & Cons Capterra · 2026
💬 PayUMoney Complaints & Reviews ConsumerComplaints.in · 2026
💬 ED Freezes ₹500 Cr Kept With Paytm, Razorpay, Others (PayU largest at ₹130 cr) Inc42 · 2025
💬 PayU Secures Final Payment Aggregator License from RBI as IPO Nears Elets BFSI · 2025
💬 Rapyd Completes $610M Acquisition of PayU LATAM and Africa GPO Rapyd Newsroom · 2025
💬 PayU India: Official Grievance Redressal & Escalation Protocol ComplaintHub Citizen Community · 2025

Sentiment last updated: April 2026 · We summarize — never copy — community content. Links go to original threads.

09

Changelog

  1. logo

    Added brand logo: downloaded official PayU dark green PNG (PAYU_dark_green.png) from PayU corporate Brand Portal — refreshed brand identity revealed at Global Fintech Fest 2024 with February 2026 brand book update. Final dimensions 303x152, 5KB, RGBA transparent. Average opaque-pixel brightness 23.5 (dark) — logo_bg left empty so default cream card applies.

  2. pricing

    Initial population: 2% + 18% GST domestic (cards/UPI/netbanking/wallets), 3% + GST Amex/Diners, ₹0 setup/AMC for standard, custom rates over ₹10 lakh/month. International cards, EMI, chargeback fees, and POS pricing marked unverified — not on public pricing page; communicated per-merchant after document review.

  3. availability

    Initial population: India primary (450k+ merchants, 130+ presentment currencies — broadest among Indian PAs), Turkey via Iyzico, SEA via Red Dot Payment (Singapore HQ + Indonesia/Thailand). NOT-available row added for LATAM, Europe ex-Turkey, and Africa following March 2025 sale of Global Payment Organisation to Rapyd ($610M).

  4. features

    Initial population: 20 features verified — Hosted Checkout, Custom Checkout, S2S, UPI AutoPay, Standing Instructions (Subscriptions), Payment Links, EMI, International (130+ currencies), DCC, BNPL, Webhooks (SHA-512), Refunds, 3DS 2.0, RBI CoF Tokenization, Fraud/Risk, Chargeback Management, POS, PayU Finance lending. Marketplace marked partial (no public Route equivalent); Customer Portal marked no.

  5. security

    Initial population: PCI-DSS (CERT-IN audited), ISO/IEC 27001, TLS, SHA-512 hash signing on requests/responses, 3DS 2.0, RBI CoF tokenization (CVV never stored), final RBI Payment Aggregator licence May 2025 (online + offline + cross-border).

  6. pitfalls

    Initial population: 8 pitfalls — settlement holds (60–210+ days), ED freeze of ₹130 crore (largest among Indian PAs), SHA-512 hash mismatch as #1 integration failure, browser-redirect unreliability (must use S2S webhook), undisclosed international/EMI/chargeback fees, split documentation (docs.payu.in vs legacy devguide/PayUmoney), year-long RBI onboarding embargo, ticket-only support with auto-closure complaints.

  7. community

    Initial community_pulse written: technical reputation solid (multiple SDKs, broadest currency coverage), merchant-ops sentiment weakest among major Indian gateways. Themes: 60–210-day settlement holds, auto-closed tickets, ED freeze, SHA-512 hash mismatch errors, RBI embargo. 7 threads linked across SoftwareSuggest, Capterra, ConsumerComplaints, Inc42, Rapyd, Elets BFSI, ComplaintHub.

  8. trust_score

    Initial scoring: overall 61. payout_reliability 60, account_stability 48, developer_experience 72, transparency 58, support_quality 40, track_record 78. Weighted overall = 60.5 → rounded 61. Lowest dimensions: support_quality (40) and account_stability (48), reflecting consistent merchant-ops complaints and ED-freeze exposure.

  9. integration_prompt

    Generated integration_prompt covering Hosted Checkout (recommended for SAQ-A scope), forward-order request hash and reverse-order response hash with SHA-512, S2S webhook as source of truth, Standing Instructions for subscriptions, rupees-not-paise amount convention (differs from Razorpay), test cards/UPI handles, and gotcha summary.

Back to Gateway Index

LearnWithHasan.com · Payment Gateway Index · No affiliate links · Builder-first