Over the past few days, you would no doubt have received multiple emails from your banks warning that any auto-debit instructions on your cards will not continue beyond October 1 unless they are compliant with Reserve Bank of India (RBI) norms on recurring payments.
The coming days are expected to see some disruptions and subsequently, systems are expected to fall in place as both customers and ecosystem players like banks and merchants align to the processes.
Just as with other RBI regulations such as Payment Aggregator (PA) and Payment Gateway (PG) guidelines, these norms, too, come with a set of opportunities for some players and setbacks for others. We spoke with industry voices to understand what hits and misses to expect now that the September 30 deadline to migrate to the new framework has passed.
What are the new norms for recurring transactions?
The norms require customers to re-authenticate any standing instructions for recurring payments such as subscriptions and bill payments up to Rs 5,000. After a two-factor authentication, customers will be charged and an e-mandate will be set up for subsequent payments.
For recurring payments above Rs 5,000, customers will be required to give their consent and go through a two-factor authentication process for every payment. Read more here.
The RBI first came out with these norms in 2019 in an attempt to protect consumers against unrequired recurring payments being set up on their cards. This was done following multiple instances of auto-debit transactions being executed without the customer's initiation or consent.
Banks and other stakeholders were asked by the RBI to implement the framework by March 31, 2021. The deadline was extended to September 30, 2021, after banks failed to fully implement the guidelines.
Why there could be failures
Any of your auto-debits may fail if your bank or the merchant have not fully aligned to the new norms. While the deadline has passed, not all banks are ready.
Razorpay Co-founder and Chief Technical Officer (CTO) Shashank Kumar said that only 50 percent of the banks are prepared. The banks that are ready include the top banks, which make up a large share of the customers.
“There could be some issues for the next two months. But after that it will start becoming easier and more banks will be on board. Although end-to-end, I believe, it will take three to six months to fully stabilise,” Kumar said.
According to sources, HDFC Bank and ICICI Bank have implemented the norms for both credit and debit cards. State Bank of India, Bank of Baroda, Citi Bank and Axis Bank have only implemented the norms for credit cards until now.
Vishwas Patel, Director of Infibeam Avenues and Chairman of the Payment Council of India (PCI), sees a temporary impact on customers. “It may take a week for at least the processes to stabilise and we are working with back-end providers for that. A few customers may have to fill in card details and make payments. But in the longer term, this will be a good system for consumers to manage their e-mandate based on their consent,” he said.
However, given that the share of recurring payments in India is itself minuscule and the share of recurring payments on debit cards even smaller, the impacted transactions will be very small in number.
“The way to rightfully assess the impact is: for cards on which recurring payments had been set up as of September 30, what percentage are now compliant with the guidelines? That number is quite large, 80 percent of all cards have been covered and can be used to set up recurring payments,” said MN Srinivasu, Co-founder of BillDesk.
Payment gateways BillDesk, Razorpay and PayU have all introduced products to help banks and customers align with the norms.
BillDesk, in partnership with Visa, set up SI Hub after the RBI released the guidelines in 2019. The platform helps banks meet RBI requirements, providing services for authentication of e-mandates, registrations, message consent requests etc. It also helps customers manage their multiple recurring e-mandates on a single platform where they can add or cancel any standing instructions.
“We already have over 1.5 million new mandates on the system. September 30 was the deadline to adhere to the norms, not a start date. So, many companies were already ready with the norms,” Srinivasu said.
PayU has launched a similar platform named Zion and is working with banks and issuers to integrate with the platform currently. Razorpay, along with Mastercard, has created a platform named MandateHQ. The platform helps banks go live within seven days with recurring payments and businesses can access a wider customer base for their subscription-based offerings.
Banks are charged maintenance, development and transaction fees, making it a viable model for payment gateways. However, large banks may themselves start offering e-mandate management for customers on their own platforms.
“Banks may give an option for users to manage their e-mandates on their own in-house platforms, for the specific bank’s cards. HDFC Bank is expected to be ready with a platform soon, and the rest of the top five banks may build their own platforms,” said Patel.
Growth for the subscription-based model
These norms are expected to open up the recurring payments market in India, according to Kumar. “The norms lend regulatory clarity and now companies can start building business models on top of subscription payments. Small or mid-sized businesses — for example, rental companies that collect rent monthly — can start supporting subscription payments now,” he said.
“A lot of companies give yearly subscriptions. They may now be encouraged to break it down to monthly subscriptions, helping them access a larger customer base. I see the recurring payments market growing multi-fold. In the coming year itself I expect it to grow 5x,” he added.
Impact on payments above Rs 5,000
Netflix, Amazon, Hotstar, Spotify and other entertainment platforms that depend on monthly subscriptions below Rs 5,000 have already taken measures to inform customers about the new norms and educate them about alternative modes of payments.
But the real challenge is for services that require recurring payments above the Rs 5,000 cap and that might be more important, like for B2B usage. These payments will require the customers or organisations to give their consent before each payment and authenticate it with a one-time password (OTP) each time.
An industry executive who did not wish to be named said: “Recurring payments above Rs 5,000 that may be impacted include electricity bills, insurance premiums, web hosting platforms, SaaS providers. They will all require additional-factor authentication for each payment.”
“Customers whose transactions have been going through smoothly for months are not mentally tuned to wait for an authentication request via SMS and to then approve the transaction. They now have to be mindful near the payment dates. So, yes, we need to see how it plays out for e-mandates above Rs 5,000 and there can be some challenges there,” he said.
Many of these payments may move to using e-NACH (Electronic National Automated Clearing House), which allows institutions to set up recurring payment mandates of up to Rs 1 lakh per day, he added.