In August 2019, the RBI had issued a framework for processing of e-mandates on recurring online transactions. Initially applicable to cards and wallets, the framework was extended in January 2020 to cover UPI transactions as well. Effective 1st October, 2021, one’s automated subscriptions will change in regards to RBI guidelines on recurring payments.
As per the RBI Guidelines, if any monthly subscription amount for any service exceeds INR 5,000, then an additional factor of authentication (AFA) will become mandatory. For automated debits, one’s card issuer or bank will now need to send a notification at least 24 hours in advance.
The typical process when a cardholder makes an online transaction, one has to enter their card details on the merchant platform, and then use the One-time Password (OTP) (or their set PIN) received on their mobile to verify the transaction. This use of the OTP/ PIN by the cardholder for validation of the transaction is known as AFA.
Over the years, the RBI has made it clear that this AFA mandate is also applicable to recurring transactions based on standing instructions given to merchants by cardholders.
Keeping in mind the changing payment needs and the requirement to balance the safety and security of Card transactions with customer convenience, the RBI has introduced the Directive to permit Card issuers/Banks to:
- Process e-mandate on Cards for recurring transactions (merchant payments) by requiring the cardholders to undertake AFA validation for the first transaction (while registering for the e-mandate facility) or for modification or revocation of such e-mandate; and
- Thereafter, the subsequent successive transactions in the series can be done without any AFA.
- In other words, once a cardholder successfully completes AFA validation at the time of enabling the e-mandate facility (for recurring transactions), such cardholder is not required to undertake AFA validation for subsequent transactions – their Card will be then charged for the successive transactions automatically.
The RBI has prescribed the following key conditions for processing of e-mandate on Card Issuer’s/banks include:
- The e-mandate facility can only be used for recurring transactions and not for one-time (once only) payments.
- The maximum permissible limit for a transaction under this e-mandate is INR 5000.
- The Card issuers/Banks also need to send pre- and post-transaction notifications to the cardholders with the details of the recurring transaction as a risk mitigation measure.
The cardholder can choose to opt-out of or withdraw from the e-mandate facility for recurring transactions by undertaking the AFA validation.
The RBI guidelines on E-mandate do take a step towards ensuring consumer safety and data protection, which leads to a more digitally safer place for consumers to avoid any unapproved charges. This will also aid customers to have a seamless experience while making automated payments for repeat transactions to the merchants.