Payment Compliance and Operations Checklist for D2C and E-commerce Sellers in India

India’s D2C and e-commerce ecosystem has exploded to 10M+ WhatsApp-based sellers and growing social commerce adoption. However, scaling payment collection without formal compliance creates legal, operational, and cash flow risks. Whether you’re collecting via WhatsApp payment links, managing COD logistics, offering EMI options, or handling GST obligations, regulatory requirements vary by payment method and sales channel. This checklist covers critical compliance and operational guardrails for D2C brands and marketplace sellers to maintain customer trust, avoid penalties, and optimize cash flow while scaling across UPI, cards, COD, and EMI.

Payment Collection and Gateway Compliance

Payment collection in India requires adherence to RBI regulations, PCI-DSS standards, and consumer protection rules. D2C sellers operating on WhatsApp, Instagram, and marketplace platforms must ensure their payment infrastructure meets legal standards and protects customer data. Whether using payment links, hosted checkouts, or in-app payment flows, sellers need to verify their payment aggregator’s RBI authorization status. Non-compliant payment methods can trigger account freezes, customer disputes, and regulatory action. Implementing proper payment gateway setup reduces fraud risk, improves transaction success rates, and ensures NEFT/IMPS settlement reliability.

• Verify Payment Aggregator RBI Authorization — Confirm your payment partner holds valid RBI authorization as a Category A Payment Aggregator. Check their registration number on the RBI website. Unauthorized aggregators expose your business to settlement freezes and customer chargebacks.
• Enable PCI-DSS Compliant Payment Links — Use encrypted, tokenized payment links for WhatsApp and Instagram. Avoid sharing bank details via message or collecting card data directly. Hosted payment pages reduce fraud and ensure customer data protection.
• Set Up Instant Payment Notifications (IPN/Webhooks) — Configure real-time payment confirmation webhooks to sync orders automatically. This prevents manual reconciliation errors, duplicate orders, and cash flow visibility issues on high-volume days.
• Document Payment Method Acceptance Terms — Clearly display which payment methods you accept (UPI, cards, wallets, EMI) on product pages and checkout. Consumer Protection (E-Commerce) Rules require transparency on payment options and charges.
• Enable Transaction Dispute Resolution Process — Establish a documented process for handling payment disputes, chargebacks, and refunds. RBI mandates that aggregators and merchants provide dispute resolution within 30 days for customer complaints.
• Implement UPI Recurring/Tokenization Rules — If offering subscriptions or EMI via UPI, comply with NPCI tokenization guidelines. Recurring UPI payments require explicit customer consent and one-time OTP for first transaction.
• Reconcile Daily Settlement Reports — Download and verify daily settlement statements from your payment partner. Match settled amounts against invoices to catch processing errors, deductions, and chargebacks early.

Cash-on-Delivery (COD) and Refund Operations

COD accounts for 40%+ of Indian e-commerce transactions but creates significant cash flow strain and return logistics costs for D2C sellers. Managing COD collections, return rates, and refund timelines requires operational discipline and compliance with consumer protection rules. High COD return rates reduce working capital, increase logistics costs, and delay cash inflow. Strategic COD management—including upfront verification, incentivized prepayment, and return policies—can reduce losses while maintaining customer flexibility. Sellers must also comply with RBI’s refund guidelines and transparency requirements on return windows.

• Define Clear COD Return and Refund Policy — Set explicit return windows (7-30 days standard) and refund timelines (5-7 business days) per Consumer Protection Rules. Communicate refund status via SMS/WhatsApp to reduce customer disputes and complaints.
• Track COD Return Rate and Cash Flow Impact — Monitor weekly COD return rates by product and geography. Identify high-return SKUs and adjust stocking or pricing. Calculate days sales outstanding (DSO) to measure cash flow cycle impact.
• Implement Address and Phone Verification for COD — Use automated verification or manual checks for high-ticket COD orders. Reduce failed deliveries and fraudulent orders by validating customer details before dispatch.
• Offer Prepayment Incentives to Reduce COD Volume — Create dynamic discounts or loyalty rewards for UPI/card prepayment. For D2C brands, prepayment improves cash flow and reduces logistics costs by 10-15% per order.
• Establish Logistics Partner COD Collection Standards — Brief delivery partners on COD handling, cash reconciliation, and timely remittance. Set weekly settlement cycles and audit cash remittances to prevent leakage and delays.
• Document Refund Proof and Payment Method — When issuing refunds, document whether refund is to original COD cash or to customer’s bank/UPI account. Maintain proof of refund initiation and receipt for dispute resolution.
• Analyze COD vs. Prepaid Customer Lifetime Value — Compare repeat purchase rates and average order value between COD and prepaid customers. Use data to refine acquisition and retention strategies by payment method.

GST, Tax Reporting, and Consumer Protection Compliance

D2C and e-commerce sellers must comply with GST registration thresholds, e-invoicing requirements, and consumer protection disclosure rules. GST compliance includes monthly GSTR-1 and GSTR-3B filings, correct HSN classification, and ITC (Input Tax Credit) documentation. E-commerce platforms require sellers to display GST compliance status, return policies, and buyer protection terms. Non-compliance risks penalty assessments, account suspension on marketplaces, and legal action under Consumer Protection Act 2019. Proper record-keeping of payment transactions, invoices, and customer data is essential for GST audits and regulatory scrutiny.

• Register for GST Based on Turnover Threshold — File GST registration if annual turnover exceeds ₹40 lakhs (₹20 lakhs for services). Obtain GSTIN and begin monthly GSTR-1 filings. Non-registration triggers penalties up to ₹25,000 per month.
• Issue E-invoices for B2B Transactions Above ₹50 Lakhs — If annual B2B sales exceed ₹50 lakhs, e-invoice via NSEF portal is mandatory. Maintain XML backup and API integration for automated invoice generation and GST compliance.
• Display Mandatory Consumer Protection Disclosures — Show GST compliance status, FSSAI license (if food), return policy, warranty details, and grievance officer contact on your website/WhatsApp catalog. Non-disclosure violates Consumer Protection (E-Commerce) Rules.
• Maintain Records of Payment Transactions for GST Audit — Retain 5 years of invoices, payment receipts, settlement reports, and delivery proofs. Organize records by HSN code and payment method for GST audits and dispute resolution.
• Classify Products Correctly by HSN Code — Verify HSN/SAC codes for accurate GST rate application (5%, 12%, 18%, 28%). Incorrect classification triggers GST mismatch penalties and ITC disallowance. Use GST portal’s HSN tool for verification.
• Report Payment Gateway TDS If Applicable — If annual credit card/e-wallet transactions exceed ₹1 crore, TDS @ 1% is deducted by payment gateways. Report TDS Certificate (Form 16A) in your tax filings and reconcile with GST Input.
• Set Up Grievance Redressal Mechanism — Appoint a grievance officer, publish contact details on website, and respond to complaints within 48 hours per Consumer Protection Act. Maintain grievance register for regulatory inspection.

Key Takeaways

• RBI-authorized payment aggregators are non-negotiable for D2C sellers—verify authorization status before onboarding to avoid settlement freezes and compliance penalties.
• COD return rates directly impact cash flow; implement prepayment incentives and address verification to reduce returns and accelerate collections.
• GST registration and monthly filings are mandatory at ₹40 lakhs turnover; maintain 5-year transaction records for audit readiness and compliance proof.
• Consumer Protection (E-Commerce) Rules require clear disclosure of return policies, payment methods, and grievance processes—non-compliance triggers fines and account suspension.
• EMI and recurring UPI payments must follow NPCI tokenization rules; document explicit customer consent for first transaction via OTP to avoid chargebacks.

Frequently Asked Questions

Do I need RBI authorization to collect payments via WhatsApp and Instagram?

You don’t need authorization personally, but your payment partner must be RBI-authorized. Using unauthorized payment aggregators exposes you to settlement freezes, customer disputes, and regulatory penalties. Always verify your partner’s RBI registration before accepting payments via WhatsApp payment links or Instagram checkout.

How can I reduce COD return rates and improve cash flow?

Offer 5-10% discounts for prepaid UPI/card orders, verify customer addresses for high-ticket items, and analyze return rates by product. Track days sales outstanding (DSO) weekly. Strategic prepayment incentives reduce COD volume by 20-30% while maintaining customer flexibility and improving working capital.

At what turnover do I need to register for GST?

GST registration is mandatory at ₹40 lakhs annual turnover (₹20 lakhs for services). Once registered, you must file GSTR-1 and GSTR-3B monthly. Non-registration attracts penalties up to ₹25,000 per month and blocks marketplace account suspension in many cases.

What consumer protection disclosures must I display on my WhatsApp catalog or website?

Display GST compliance status, return window (7-30 days typical), refund timeline (5-7 days), warranty details if applicable, and grievance officer contact. Per Consumer Protection (E-Commerce) Rules, omitting disclosures triggers fines and marketplace account restrictions.

Can I offer EMI to D2C customers via UPI or cards?

Yes. For card EMI, work with RBI-authorized payment gateways offering EMI options. For UPI recurring/EMI, comply with NPCI tokenization rules—capture explicit OTP consent on first transaction. Document consent proof to avoid chargebacks and regulatory scrutiny on recurring payments.