The Reserve Bank of India (RBI) has introduced new regulations for processing recurring transactions.
The new recurring transaction requirements for merchants include the following:
- Cardholders must receive a pre-debit notification at least 24 hours before the actual debit with an option to cancel or pause the auto-debit
- Cardholders must be provided with an online facility to cancel, pause, and manage auto-debits that have been initiated with one of their cards
- Cardholders must receive a post-debit notification once the auto-debit is processed
- Customers must be provided with the ability to approve every auto-debit that is greater than Rs. 5,000
- Merchants must provide a redressal system to address customer grievances related to auto-debits
If these requirements are not met, cardholders will not be able to use their cards for recurring debit – they will need to make their purchases directly with the merchant.
You can find more information in the RBI press release here.
The RBI regulations apply to any recurring transaction from a debit or credit card issued in India, regardless of the transaction's currency or where it is processed.
Additional Factor Authentication (AFA), commonly known as two-factor authentication (2FA) is now required for the following:
- The registration/setup of recurring transactions
- The first transaction after registration/set-up
- Recurring transactions over Rs. 5,000 (*increased from Rs. 2,000)
2FA is normally achieved by the card issuer sending the consumer a One-Time Password (OTP) through SMS.
BlueSnap is in the process of evaluating the changes needed to support the RBI’s new framework. To meet these new regulations, all payment processors that are part of the payments ecosystem in India will need to make changes. These changes are still being worked through. In the meantime, anyone processing recurring payments in India may see higher rates of failure for recurring transactions. We are actively working on meeting the new standards and will communicate once our solution is in place.
Some disruption to subscription/recurring billing is expected industry-wide. This is because an e-Mandate needs to be created and existing subscriptions need to be re-registered in order to be compliant with the RBI’s new requirements.
One-time payments will not be affected.
Once the e-Mandate is set up, every set of recurring transactions requires AFA. In addition, transactions above Rs. 5,000 will require AFA for each and every transaction (not just the initial transaction and setup).
For transactions below the Rs. 5,000 threshold, the consumer must be notified by the issuer with an option to cancel. After the first transaction/initial setup, AFA is not required.
To reduce ongoing friction, you may consider strategies to reduce your subscription charges so they are below Rs. 5,000. For example, you could increase the frequency of payment requests while reducing the charge so that each charge is under the limit(charge Rs. 3,000 every two weeks rather than Rs. 6,000 every month).
Note: Some issuers may require authentication for each and every transaction less than Rs. 5,000, depending on their fraud and risk evaluation.
Yes, this affects all recurring payments made with Indian-issued cards, irrespective of location or currency.
If you have recurring transaction failures, one potential solution is to email a payment link to your consumer or redirect to your website, where they can initiate a one-time purchase and authenticate using 3DS.
Updated about 1 year ago