RBI-mandated additional factor authentication rules come into effect from October 1, 2021
What will change?
From Friday, October 1, 2021, standing instructions that you may have left with your payment provider for some recurring electronic payment Can’t be done without some extra steps.
Read also: explained | Is RBI planning a digital currency for India?
What types of transactions do these rules apply to?
For all recurring digital payments above ₹5,000 made through debit cards, credit cards, prepaid payment instruments – including wallets – and the Unified Payments Interface (UPI) facility, additional factor authentication rules apply. For example, these apply to recurring digital payments made. For services like mobile phone recharge, utility payments and dues to OTT (over the top) providers like Netflix and Disney Hotstar.
What to expect from your provider?
This means that your provider will send you an alert about the impending transaction – at least 24 hours before the transaction – in the form of email or SMS. A one-time password (OTP) will be sent to the user to help authenticate the transaction. In other words, without the approval of the consumer, no amount will be debited from his account.
The rules apply to new transactions as well as existing standing instructions left by the consumer with the payment provider.
What are the options with the consumer while registering for e-mandate?
The consumer has the option to provide the validity period of the e-mandate. The central bank has said that the facility to modify the validity period of the e-mandate, if required, will also have to be provided at a later stage.
As per RBI circular issued in August 2019, pre-transaction notification to the user, at least, he will be given the name of the merchant, transaction amount, date and time of debit, reference number of the transaction and reason for debit, i.e. e-mandate registered by the consumer. . Further, he/she should have the option to change the mode of receiving pre-transaction notification, i.e. through email or SMS.
The circular states: “On receipt of the pre-transaction notification, the cardholder shall have the facility to opt out of that particular transaction or e-mandate. Any such opt-out will require AFA verification by the issuer. On receipt of intimation of such opt-out, the issuer shall ensure that the particular transaction is not affected / further recurring transactions are not affected (as the case may be). A confirmation intimation to this effect will be sent to the cardholder.”
The e-mandate regime will be applicable only for recurring transactions and not for ‘one time only’ payments.
The user will also have the option to provide an e-mandate for a pre-specified fixed price of a recurring transaction or a variable value of a recurring transaction.
What is the background of development?
The Reserve Bank of India (RBI) in August 2019 had mandated that all banks, non-banking financial companies and payment gateways that offer digital payments through recurring transactions – domestic or international – service only on cards and prepaid payment instruments. will be allowed to continue. If they were compliant with Additional Factor Authentication (AFA) regulations. The extent to which these transactions could have taken place without the AFA was ₹2,000, which was later revised to ₹5,000. This was said to protect the security interests of the paying consumer.
In January 2020, this order was extended for such payments made using the Unified Payments Interface (UPI).
The Reserve Bank has said that the rules mandating AFA have made digital payments safe and secure. With the added layer of security, the system aims to protect the consumer from fraudulent transactions. However, citing lack of readiness on the part of payment providers, the central bank had extended the deadline several times, with the latest moratorium extending it from March 31 to September 30.
In its circular in March, it had said, “However, it is noted that the framework has not been fully implemented even after the extended deadline. This non-compliance has been noted with serious concern and will be dealt with separately. The delay in implementation by some stakeholders has led to potential large-scale customer inconvenience and default. In order to avoid any inconvenience to the customers, the Reserve Bank has decided to extend the time limit for the stakeholders to migrate to the framework by six months i.e. till September 30, 2021. Any further delay in ensuring full adherence to the framework beyond the extended time-frame would attract stringent supervisory action. “
For the past few days, payment providers have been messaging their customers about the new rules. For example, Citibank said in its message: “Please note that from October 1, RBI’s guidelines on recurring payments will apply…. As a result, we will only pay those recurring payments (standing instructions) on your credit or debit cards.” You can either pay using your card directly or set up a new recurring instruction on the merchant app/website as per the new guidelines.
.