The Reserve Bank of India (RBI) released a circular yesterday, allowing the processing of e-mandate on all kinds of cards (debit, credit) Prepaid Payment Instruments (PPIs), including wallets recurring payments of low values. This will allow users to give standing instructions to service providers to charge their credit/debit cards or PPIs without additional authentication.
The circular notified stakeholders about the change in policy regarding the requirement of two factor or additional factor authentication(AFA) before any transaction through OTPs. It will come into effect from September 1.
RBI had mandated operators to put in place an additional factor of authentication for all Card Not Present (CNP) transactions to curb security issues. The Risk mitigation measures related to CNP transactions were dictated in a circular released in August 2011.
The new circular circumvents the previous notification and allows the transaction worth below Rs 2,000 to be processed without additional authentication.
However, the e-mandate arrangement on cards will be available only for recurring transactions and not for a ‘once-only’ payments. The maximum number of these recurring transactions has not been capped yet.
As per the notification, users who want to opt for the e-mandate facility on their cards will go through a one-time registration process, with AFA validation by the issuer. An e-mandate on the card for recurring transactions shall be registered only after successful AFA validation.
The registration will only be completed after all necessary information is obtained by the issuer, including the validity period of the e-mandate and other audit trail related requirements.
According to the conditions set by RBI, service providers cannot charge the customers for availing the e-mandate facility on cards or PPIs for recurring transactions. Sending a pre-transaction notification to the users, at least 24 hours before the actual charge, as well as a post charge notification, will be mandatory.
The card/PPI providers will also need to include the option to modify the validity period of the e-mandate subsequently or the option of cancelling that particular transaction on receipt of the pre-transaction notification.
AFA would be necessary for the modification or revocation of e-mandate, and during the first transaction as well. On withdrawal of the e-mandate, the service providers would need to delete all details, including payment instrument information.
Additionally, the card networks would need to establish a separate system to identify the chargebacks/dispute requests in respect of e-mandate based recurring transactions along with a dispute resolution mechanism allowing customers to lodge complaints with clearly mentioned turnaround times.