Getting Emails from Your Bank about Automatic Payments? Here Is Why

RBIHave you received messages from your bank that the standing instructions on your credit card will not be honoured from April 1, 2021? And that you must make payments to the service  providers/merchants directly. Thus, if you have automated your payments to streaming service providers (Netflix, Disney Hotstar, Sony Liv etc) or for utility payments (mobile bills, electricity bills etc), you will likely face a problem.

Why Did This Happen?

If you want to set up automatic bill payments, you need to set up a bank mandate (or an e-mandate if you want to set this up digitally). With an e-mandate, you tell your bank to allow a particular service provider to debit your debit card or credit card on a regular or as and when basis. Once the mandate is set, when the service provider wants you to make a bill payment, it simply sends the request to your bank (through payment gateway) and gets paid. Automatic.

Now, RBI set some rules for e-mandates on your debit/credit cards, wallets, or UPI accounts. If the bank did not follow the rules, they could not offer e-mandate service to customers. RBI allowed time until March 31, 2021 to comply with the rules. The banks could not comply. Or they were hoping for an extension from RBI. They waited until very late. RBI did not relent. Thus, the banks were forced to inform their customers and sent such e-mails.

Fortunately (or ironically), the RBI did relent on March 31 and extended the deadline to September 30, 2021 with certain caveats. So, while the banks can continue to honour existing mandates until September 30, 2021, they are not allowed to register new ones until they comply. It is possible that the banks will send another round of emails to tell you that the existing arrangement can continue for a little longer. So, that’s the background.

Now, let us look at the regulations. Before we get there, let us first look at how recurring payments happen now and how these will happen going forward.

How Recurring Payments Happen Now?

  1. You go to a website/app. Enter your credit card details.
  2. A token amount is charged on your credit card. The amount is later reversed to your bank account. OR you are charged the first installment. For domestic sites, an OTP is needed to effect the first transaction. No such OTP requirement for payment on international websites. Subsequent payments happen automatically.
  3. In fact, you may not even notice that you are setting up a recurring transaction. You do a regular purchase transaction. On the merchant site, this information (that you are setting up a recurring payment) is provided in small font. I have experienced that it is not always easy to cancel such recurring payments.
  4. The only communication you receive from the bank is when your card is charged. No other communication.

This is going to change effective October 1, 2021.

How Recurring Transactions/Autopay Will Happen Going Forward?

  1. To register an e-mandate, there will be a one-time Additional factor of authentication (AFA) validation. AFA refers to any information that is not present on the credit/debit card.  OTP (one-time password) is a form of AFA. Once an e-mandate is set up, the subsequent payments/transactions will be automatic (will not require OTP validation).
  2. The e-mandate limit is Rs 5,000 per transaction. This limit was Rs 2,000 but was increased to Rs 5,000 vide RBI circular dated December 4, 2020Thus, you cannot set up an e-mandate for amounts exceeding Rs 5,000. For such amounts exceeding Rs 5,000, you must do a manual payment (which will require OTP or AFA validation).
  3. The e-mandate shall have a validity period. Thus, you cannot set up an e-mandate forever. There shall be a facility to modify the validity period later.
  4. The e-mandate shall be either for recurring transactions of fixed value (in case of OTT services such as Netflix, Disney Hotstar, etc) or variable value (mobile bills). For variable value, the user shall specify the maximum limit for such transaction, subject to a cap of Rs 5,000.
  5. If the first transaction is being done along with registration of e-mandate, the OTP or AFA validation can be combined.
  6. These rules apply to all types of cards including credit card, debit card, prepaid instruments (including wallets) and even UPI payments.

Pre-Transaction and Post-Transaction Notifications

Your bank must send a pre-transaction notification for the debit, at least 24 hours prior to the actual charge/debit to the card. The notification can be in the form of SMS, e-mail etc. The mode of such notification is specified by you at the time of registration of e-mandate. The pre-transaction notification shall contain at least the following information: Merchant name, transaction amount, date/time of debit, e-mandate reference number and the reason for debit. You can opt out of the particular transaction or even the e-mandate before the transaction happens. So, if you want, you can stop the impending payment or cancel the e-mandate altogether. Such action shall require AFA validation (OTP etc).

The bank shall send a post-transaction alert/notification to the user with details such as name of merchant, amount, date/time of debit/ transaction reference number, reason of debit etc.

Modification and Withdrawal of E-Mandate

  • AFA/OTP validation is needed to make any changes, including cancellation, to registered e-mandate.
  • You need AFA validation to change validity period, transaction limit etc.      
  • At the time of e-mandate registration, the user shall be clearly told about the facility to withdraw the e-mandate at any point of time.
  • Once the e-mandate is withdrawn, the merchants must delete payment instrument details (card details) from the system.

Where Was the Problem?

As I understand, the problem is not the requirement of AFA/OTP validation to register a mandate. That happens even today, at least for domestic transactions. The real problem is the associated framework and the communication. Perhaps, the banks or the merchants were not ready for it yet. Or they were already expecting some relaxation from RBI. Anyways, expect them to fall in line soon.

What about Recurring Payments on International Websites?

RBI has specified that the new rules for e-mandates for recurring transactions apply to both domestic and cross-border transactions.

However, for international payments, OTP is not needed to make a payment (charge your card). On-card details such as CVV and expiry date are sufficient. For recurring subscription payments on international websites too, your card is easily charged. OTP is not needed there either. As I understand, there is no mandate set-up for such transactions (or the bank has no info about such recurring payment).

I am not completely sure how this will work going forward. After all, how does the bank differentiate between a one-time or a recurring transaction? We have to wait and see how these regulations affect recurring payments on international websites.

Author’s Disclaimer: There may be deficiency in my understanding about how payments are processed.

Additional Reading

Leave a Reply