The Reserve Bank of India (RBI) has issued updated directions under the E-mandate framework for digital payments, aimed at strengthening the safety, transparency, and customer control over recurring transactions. These provisions apply to all Payment System Providers (PSPs) and participants processing recurring payments—both domestic and cross-border—through instruments such as cards, prepaid payment instruments (PPIs), and UPI.
1. Registration and Revocation of E-Mandates
Customers opting for the e-mandate facility must complete a one-time registration process, which requires validation through an Additional Factor of Authentication (AFA), alongside standard authentication procedures.
Each registered mandate must clearly specify its validity period. Customers are entitled to modify or revoke the mandate at any time, and this facility must be transparently communicated during registration.
E-mandates can be set for:
- A fixed amount, or
- A variable amount, subject to RBI-prescribed limits
For variable mandates, customers can define a maximum transaction value to maintain control over recurring debits.
Additionally, customers must be given the option to choose their preferred mode (such as SMS or email) for receiving notifications. Any modification or cancellation of a mandate requires AFA validation.
2. Processing of Transactions
The first transaction under an e-mandate must always be authenticated using AFA. If the first transaction occurs during mandate registration, a single AFA validation may suffice for both steps.
Subsequent recurring transactions can proceed without additional customer intervention, subject to prescribed limits and safeguards.
3. Pre-Transaction Notifications
To enhance transparency, issuers must send a pre-transaction notification at least 24 hours before the debit.
This notification should include:
- Merchant name
- Transaction amount
- Date and time of debit
- E-mandate reference number
- Purpose of debit
Customers must also be provided with an option to opt out of a specific transaction or the entire mandate, with such actions requiring AFA validation.
However, pre-transaction notifications are not mandatory for auto-replenishment of balances in FASTag and National Common Mobility Card (NCMC).
4. Post-Transaction Alerts
After every transaction, issuers are required to send a post-transaction notification containing:
- Merchant details
- Transaction amount
- Date and time
- Reference numbers (transaction and mandate)
- Reason for debit
- Grievance redressal information
This ensures that customers remain informed and can quickly act in case of discrepancies.
5. Transaction Limits and Authentication Rules
The framework defines thresholds for AFA requirements:
- Recurring transactions up to ₹15,000 can be processed without AFA
- Transactions exceeding ₹15,000 require AFA
- For specific categories such as:
- Insurance premiums
- Mutual fund subscriptions
- Credit card bill payments
transactions up to ₹1,00,000 may be processed without AFA
6. Dispute Resolution and Customer Protection
Issuers are required to establish an efficient grievance redressal mechanism for handling customer complaints.
Importantly, RBI’s existing guidelines on limiting customer liability in unauthorized transactions will also apply to e-mandate-based recurring payments, offering additional protection.
7. Additional Provisions
- Customers shall not be charged for using the e-mandate facility
- Existing mandates linked to cards can be transferred to reissued cards
- Acquirers must ensure that merchants comply with all RBI directions
1. Bank Compliance Note
The updated e-mandate framework issued by the Reserve Bank of India reinforces the principles of explicit customer consent, transparency, and enhanced security in processing recurring digital transactions.
Banks are required to ensure:
- Valid Registration of e-Mandates: Mandates must be created only with explicit customer consent supported by Additional Factor Authentication (AFA).
- Pre-Debit Notifications: Customers must be notified at least 24 hours prior to debit, clearly indicating transaction details and providing an opt-out option.
- Customer Control Mechanism: Facilities for modification, pause, or cancellation of mandates must be made easily accessible through digital channels.
- Transaction Authentication: AFA is mandatory for the first transaction and for subsequent transactions exceeding prescribed limits.
- Audit Trail & Record Maintenance: Complete logs of mandate registration, modification, and execution must be maintained for audit and regulatory review.
These measures are intended to strengthen customer protection, minimize unauthorized debits, and enhance trust in digital payment ecosystems. Strict adherence to the framework is essential to ensure regulatory compliance and mitigate operational and reputational risks.
2. Customer Explainer
The Reserve Bank of India has made recurring online payments (like subscriptions, EMIs, and utility bills) safer and more transparent for you.
Here’s what it means:
- Your Permission Comes First
No automatic payment can be set up without your clear approval. - Advance Alerts Before Every Debit
You’ll receive a notification before money is deducted, so there are no surprises. - Full Control in Your Hands
You can easily pause, modify, or cancel any auto-debit instruction anytime. - Extra Security for Higher Amounts
For certain transactions, you may need to approve the payment again for added safety.
Overall, these rules are designed to give you better control, more visibility, and greater confidence while using automatic payment services.
Conclusion
The RBI’s updated e-mandate framework reflects a strong emphasis on customer consent, transparency, and security in recurring digital payments. By mandating timely notifications, flexible controls, and robust authentication, the guidelines aim to build greater trust in automated payment systems while safeguarding customer interests.
