Reserve Bank of India (RBI) on Tuesday introduced a consolidated e-mandate framework for digital payments, effective immediately. Under the new rules, recurring transactions of up to ₹15,000 can be processed without the need for additional authentication, such as an OTP.
After the update, users can register a one-time e-mandate using additional factor authentication (AFA). Once approved, subsequent recurring payments up to ₹15,000 will be processed automatically without requiring OTP each time. However, transactions above this threshold will continue to require authentication, RBI said in the report.
This framework replaces all previous circulars, bringing uniform rules for recurring transactions across payment systems, according to the apex bank. It also streamlines auto-debit payments for services like subscriptions. utility bills and EMIs, while retaining safeguards for higher-value transactions that will continue to require extra verification.
The RBI has extended the framework to cover cross-border recurring payments, expanding its scope beyond domestic transactions. The central bank has also prohibited banks from imposing additional charges on customers for availing the e-mandate facility for recurring transactions.
Exceptions to the cap
In the announcement, RBI also outlined exceptions to the cap for certain financial categories. Recurring payments for insurance premiums, mutual fund investments and credit card bill payments can go up to ₹1 lakh without AFA, provided they are registered under e-mandates. These exceptions reflect the higher ticket size and essential nature of these commitments.
The RBI is doubling down on user safety across India’s fast-growing digital payments ecosystem. The latest e-mandate rules come shortly after the apex bank introduced stricter two-factor authentication norms and even proposed a “cooling-off” period for high-value transactions to give users time to reverse mistaken and fraudulent payments.
You can cancel a mandate now, before the payment is processed
The framework also tightens transparency norms. The RBI has mandated that banks and payment providers must send pre-debit alerts at least 24 hours before a transaction, specifying the merchant name, amount and debit date. These alerts will allow customers to opt out or cancel the mandate before the payment is processed, in the case of a wrong transaction or fraud.
In addition, post-transaction notifications, along with formal grievance redressal systems, are now compulsory.
The changes also aim to give users full control over their mandates. Customers can now modify, pause or revoke recurring payment instructions at any time, with changes authenticated through AFA. For variable payments, users can set an upper limit to avoid unexpected debits beyond a defined threshold.
To further strengthen safeguards, the RBI has extended its zero-liability policy for unauthorized electronic transactions to e-mandates, ensuring that customers are not held responsible for fraudulent debits, subject to timely reporting.
The customer should mandatorily be given the option to choose or change the mode among available options, such as SMS, email, and others, for receiving the pre-transaction notification from the issuer, the central bank said.
