The Reserve Bank of India (RBI) has extended the deadline to September 30, 2021, for implementing a framework that requires an additional factor of authentication (AFA) for processing online transactions using credit cards, UPI, debit cards, and other prepaid payment instruments (PPIs).
RBI noted in a press release that the framework has not been fully implemented, which has given rise to a situation of possible large-scale customer inconvenience, which is the reason why the deadline has been extended the second time.
“To prevent any inconvenience to the customers, Reserve Bank has decided to extend the timeline for the stakeholders to migrate to the framework by six months, i.e., till September 30, 2021,” as per the press release. To recall, the RBI issued the framework in August 2019 and set the deadline for stakeholders to migrate to it by March 31, 2021, which has now been extended by six months.
So, what is RBI’s framework for processing of e-mandates on recurring online transactions? We take a look:
What is RBI’s e-mandate on cards for recurring transactions?
RBI said in August 2019 that recurring online transactions will need an additional factor of authentication (AFA) for transactions performed using all types of cards including debit, credit, and Prepaid Payment Instruments (PPIs), including wallets as well as platforms enabling UPI-based payments.
This means users will need to authenticate transactions above Rs 5,000 via an e-mandate such as OTP (One-time password).
What is the RBI e-mandate deadline?
RBI has extended the original deadline of March 31, 2021, to September 30, 2021. After the deadline, users will require an AFA for recurring online transactions using debit and credit cards, PPIs, and UPI-based payments.
How to set an additional factor of authentication (AFA)?
The cardholder will need to undertake a one-time registration process, with AFA validation by the issuer. The maximum permissible limit for the transaction was set at Rs 2,000 per transaction initially, which was later raised to up to Rs 5,000. This means any transaction above Rs 5,000 will require an AFA.
“While registering e-mandate on the card, the cardholder shall be given facility to choose a mode among available options (SMS, email, etc.) for receiving the pre-transaction notification from the issuer in a clear, unambiguous manner and in an understandable language. The facility for changing this mode of receiving pre-transaction notification, shall also be provided to the cardholder,” as per RBI.
How and when will the cardholders be notified?
As per the RBI framework, those offering recurring transactions including banks and payment platforms will need to send a pre-transaction notification to customers, at least 24 hours prior to the actual charge/debit to the card.
The notification will contain information such as the name of the merchant, transaction amount, date/time of debit, reference number of transaction/e-mandate, and reason for debit.
What does this mean for cardholders?
Once cardholders get a notification for pre-transaction, they can either opt-out of that particular transaction or the e-mandate. The issuer will then send a confirmation intimation to the cardholder.
Issuers are required to send a post-transaction alert/notification to the cardholder. The notification will need to include the name of the merchant, transaction amount, date/time of debit, reference number of transaction/e-mandate, reason for debit.