RBI Notification

Auto-Debit Rules of RBI have become effective for Recurring Online Transactions

Auto-Debit Rules of RBI have become effective for Recurring Online Transactions

You have most likely received many emails from your banks in the last few days informing you that any auto-debit instructions on your cards would no longer be valid after October 1 unless they comply with Reserve Bank of India (RBI) recurring payment guidelines. Customers and ecosystem participants such as banks and merchants are likely to align to the processes in the next few days, causing some inconveniences for a little while.

As with other RBI laws like Payment Aggregator (PA) and Payment Gateway (PG) guidelines, these auto-debit rules provide an opportunity for certain firms while posing challenges for others.

What are the new norms of Auto-debit about?

According to the central bank’s regulation, there would be no automated recurring payments for different services such as utility bills, phone recharge, DTH, and OTT, among others, as an additional factor of authentication (AFA) will become essential.

Banks will be required under the new auto-debit rules to notify consumers in advance of recurring payments that are due, and transactions will be carried out with the customer’s approval. As a result, the transactions would not be automated but would be carried out only after the customer’s verification or authentication.

Customers must re-authenticate any standing orders for regular payments or transactions such as subscriptions and bill payments up to Rs. 5,000, according to the rules. Customers will be paid upon additional factor authentication (AFA), and an e-mandate will be set up for future payments.

Customers will have to undergo and complete a one-time registration procedure, after which they will be able to conduct future transactions without the need for additional factor authentication (AFA). Customers may now specify the validity period for upcoming transactions or payments when registering. In addition, according to the new requirements, banks must give a one-time password (OTP) to customers/clients for regular & recurring payments over and above the value of rupees 5,000. Moreover, even customers can now use the link provided in the pre-debit message to elect out of a particular transaction or obligation.

Therefore, as per the auto-debit rules, from October 1 onwards, all types of recurring or regular payments, notably those made with credit or debit cards and with a value of Rs. 5,000 or more, will be preceded by a message sent to the consumer 24 hours in advance, informing him of the upcoming payment. The advanced alert for executing regular payments to customers given by banks is intended to request the latter’s consent for proceeding with any such transaction, in accordance with the new rules of the Reserve Bank of India.

Such transactions will not be carried out if the customer’s assent is not obtained. Recurring transactions on a customer’s credit or debit card that do not conform with this new criterion will now be refused by banks, as this system goes into effect from October 1, 2021.

These new laws will have no effect on any standing instructions recorded using bank accounts for mutual funds, SIPs, or equal monthly installments for loans.

Why was the rule implemented?

The RBI initially issued these guidelines in 2019 in an effort to safeguard customers from unauthorized recurring payments set up on their credit and debit cards. This was done in response to many instances of auto-debit transactions being completed without the customer’s knowledge or agreement.

The new guidelines were created to safeguard customers against online fraud, particularly on third-party platforms, where there has been an increase in the number of payment-related scams. By creating a form of e-mandate, the RBI hopes to give customers more control over recurring payments made using credit or debit cards.

According to the Reserve Bank of India, the AFA requirement has made digital payments in India safer and more secure, with the framework’s primary goal being to safeguard customers from fraudulent transactions while also improving user convenience.

The RBI had directed banks and other stakeholders to put the framework in place by March 31, 2021. After banks did not completely execute the instructions, the deadline was extended until September 30, 2021.

According to analysts, the goal of this improvement is to provide customers with greater control over the auto-mandate feature. Because the customer may now define and establish the quantity, velocity, and other parameters of recurring mandates. Through the web-based solutions provided by banks, one can also cancel a specific service at any time.

Can there be any disruptions?

Any of your auto-debits may decline if your bank or merchant has not completely embraced the new standards. Despite the fact that the deadline has passed, not all banks have got prepared.

Payment gateways BillDesk, Razorpay, and PayU have all launched tools to assist banks and clients in complying with the regulations. Following the issuance of the rules by the RBI in 2019, BillDesk, in collaboration with Visa, established SI Hub. The platform assists banks in meeting RBI standards by offering services such as e-mandate authentication, registrations, message consent requests, and so on. It also enables users to manage their numerous recurring e-mandates on a single platform, allowing them to add or delete any standing instructions.

PayU has established a comparable platform called Zion and is presently working with banks and issuers to integrate with it. MandateHQ is a platform developed by Razorpay and Mastercard. The technology enables banks to go live with recurring payments in seven days, allowing companies to reach a larger consumer base for their subscription-based solutions.

Netflix, Hotstar, Spotify, Amazon[1], and other entertainment sites that rely on monthly subscriptions of less than rupees 5,000 have already made steps to notify users of the new rules and educate them on alternate payment methods. The real difficulty, though, is for services that demand regular payments above the Rs. 5,000 ceiling and could be more crucial, such as B2B usage. Customers or organizations will be required to express their approval before each payment and validate it using a one-time password (OTP) each time.

Electricity bills, insurance subscriptions, web hosting providers, and SaaS companies are among the recurring payments that may be affected if they exceed Rs. 5,000. For each payment, they will all demand two-factor authentication. Customers whose payments have been running smoothly for months are not psychologically prepared to wait for an authentication request through SMS and then authorize the transaction. They must now be cautious when their payment deadlines approach.

It will have an effect on customer convenience, particularly in the case of in-app payments, which are intended to facilitate seamless transactions. However, customers will ultimately learn that the new legislation is for their advantage because it will improve the security of debit/credit card transactions.

Impact on Small businesses and start-ups

Small businesses and start-ups that function on a monthly subscription are losing clients and receiving late payments as a result of the Reserve Bank of India’s new limit on recurring payments.

The backlog has been discovered to be mostly at the banks’ end since they have yet to execute the RBI norms and directions. As the due date of a payment approaches, this makes it hard for existing clients of a business/start-up to join up and make their recurring monthly payments repeatedly.

Under the new laws, banks must notify consumers in advance of recurring payments that are due, and transactions must be completed with the customer’s approval. As a result, the transaction will not be automated but will be completed following the customer’s verification.

Experts believe that the RBI’s new payment regulation has caused huge disruptions for organizations, which were unnecessary and have affected Indian start-ups. Continuity in business is crucial for an entrepreneur. The policy’s implementation has caused chaos and has placed Indian enterprises in trouble.


The Reserve Bank of India (RBI) required new auto-debit regulations to go into effect on October 1 to improve the safety and security of card transactions. According to the RBI’s regulation, there will be no automated recurring payments for different services such as utility bills, phone recharge, DTH, and OTT, among others, as the additional factor of authentication (AFA) becomes obligatory from October 1.

Read our article:RBI announces Revised Regulatory Framework for NBFCs

Trending Posted