loader image
Plastic money abstract concept vector illustration.

What are the new RBI norms with regard to recurring card payments? – All you need to know

 

Have you recently started receiving mails/SMS from various banks and service providers asking to re-register your e-mandates for automated payments such as OTT, newspaper subscriptions, etc?. This is because of the new RBI guidelines with regard to recurring transactions, coming into force from October 1, 2021. 

 

What are these new RBI norms?

 

In another step to secure digital transactions via credit/debit card, PPI or UPI, RBI has implemented the new auto debit rules. As per the new norms, all such transactions will have to be further secured with an additional factor of authentication (AFA) – 2-factor authentication. Any transaction, whether domestic or cross-border, using cards, without AFA, would be discontinued.

 

New rules for Automatic Payments – A Snapshot

 

Process
Transaction amount <= INR 5,000
Transaction amount > INR 5,000
Registration of e-mandate
A one-time registration process of card, with AFA validation, irrespective of transaction amount 
Processing of first transaction
Transaction will be processed, with AFA validation
Pre-transaction notification for subsequent transactions
  • Customer will receive a notification giving information about the debit 
  • Nothing further has to be done & the debit will be executed
  • Customer will receive a notification, at least 24 hrs prior to actual debit for approval
  • Approval through 2-factor authentication
  • Post successful AFA, card will be charged
Managing of e-mandates
The issuer to provide online facility to pause/cancel the e-mandate at any point of time, requiring AFA 

Source: RBI

 

Further to this, the bank/issuer is required to take additional information such as the validity period of the e-mandate, etc at the time of registration. And if required, the facility to modify the validity period, shall also be provided.

 

The banks also need to send a post-debit notification to the cardholder, once the auto-debit is processed. And, finally set up a redressal mechanism to address customer grievances related to this.

 

What will be its impact on payments?

 

This move is introduced in an attempt to protect consumers with regard to safeguarding of pre-stored data relating to cards and avoiding digital frauds. And especially those consumers who hastily give their consent to unnecessary automated payments and fall prey to data breaches.

 

With the new guidelines coming into implementation, all such recurring payments need to be reviewed and re-registered with respective issuing banks to avoid transaction failure.

 

However, these will only impact standing instructions (SIs) on cards. The automated instructions under UPI Autopay, e-NACH and other SIs to banks will not be impacted.

 

The directive will empower card users and will give them more control over their transactions. They can now determine and set the amount, velocity, etc, thereby managing such recurring mandates efficiently.

 

Way forward

 

For end consumers

 

Initially, this will impact customers to some extent, as the previous payment mode was meant to provide them with a seamless experience (especially for transactions above the INR 5,000 cap in B2B usage). Also, such payments may move to other alternate modes of payment such as e-NACH, UPI, etc for a better customer experience. However, in the long run with awareness they will realize that such regulations are for their benefit as it will eventually increase the security on card transactions. 

 

For Businesses

 

These guidelines will encourage businesses particularly, small & medium sized businesses to reach out to untapped customer base and build new business models in and around subscription payments and help grow this market multi-fold in the coming years.

 

To sum it up, the entire payments ecosystem is going through changes due to these regulations and all stakeholders are getting impacted in one way or the other. It will require banks/card companies/fintechs in the payments space to provide such portals to comply with the new regulations. However, there is still a long way to go as not only the banks/card companies, but the merchant/merchant aggregators’ ecosystem also needs to be in a state of readiness for its successful implementation. 

 

Learn More

Digital wallet abstract concept vector illustration.

What is PPI? How can a business benefit from PPI?

PPI stands for Prepaid Payment Instrument, PPI is a method that facilitates the purchase of goods and services against the value stored on such instruments. The value stored on such instruments represents the value paid for the holder, by cash, by debit to a bank account, or by credit card.

 

The prepaid instruments can be issued as smart cards, magnetic stripe cards, internet accounts, online wallets, mobile accounts, mobile wallets, paper vouchers, and any such instruments used to access the prepaid amount.

Some of the common examples of PPIs include Paytm and Gpay, gift cards, and debit or credit cards. In today’s piece, we take a look at three types of prepaid payment instruments.

  • Closed System PPIs
  • Semi-Close System PPIs
  • Open system PPIs

Closed System PPIs:

These are PPIs issued by an entity for facilitating the purchase of goods and services from that entity only. No cash withdrawals are permitted. These instruments cannot be used for payment or settlement for third-party services. The issuance and operation of such instruments are not classified as a payment system and do not require approval/authorization from the RBI.

 

Semi-Closed PPIs

These are PPIs issued by banks (approved by RBI) and non-banks (authorized by RBI) for purchase of goods and services, including financial services, remittance facilities, etc., for use at a group of clearly identified merchant locations/establishments which have a specific contract with the issuer (or contract through a payment aggregator/payment gateway) to accept the PPIs as payment instruments. These instruments do not also permit cash withdrawal, irrespective of whether they are issued by banks or non-banks.

 

Open System PPIs

These are PPIs issued by banks (approved by RBI) for use at any merchant for the purchase of goods and services, including financial services, remittance facilities, etc. Cash withdrawal at ATMs / Points of Sale (PoS) terminals / Business Correspondents (BCs) is also allowed through these PPIs.

 

How can a business benefit from PPIs?

 

Prepaid payment instruments in the form of mobile wallets, multipurpose, multicurrency, prepaid cards can accelerate sales, customer loyalty, and profitability. You can earn significant revenue for every transaction made through mobile wallet-enabled prepaid cards you issue.

Businesses must leverage PPIs to tap into the gigantic 760 million smartphone users base in India, who will most likely shop online and pay using mobile apps and wallets.

Using prepaid instruments, you can enable bank-like domestic and cross-border payments, but with greater efficiency, flexibility and security. Armed with the ground-breaking PPI reforms announced by the Reserve Bank of India (RBI), every business in India must ride the PPI wave to reap the utmost benefits.

The following are significant measures announced in the 2021 RBI monetary policy review, applicable from March 31, 2022.

  1.  PPIs can offer Real-Time Gross Settlement (RTGS) and National Electronic Funds Transfer (NEFT) facilities to their users.
  2. Interoperability of full KYC PPIs is mandatory.
  3. The maximum balance of mobile wallets doubled to INR 2 lakhs from INR 1 lakh.
  4. Cash withdrawals enabled for full-KYC PPIs of non-bank PPI issuers (in addition to bank issuers)

These reforms have the potential to level the playing field between banks and non-banks, incentivize full KYC PPIs, and drive greater financial inclusion. Businesses that accept payments and remittances through prepaid payment instruments will experience higher customer acquisition, retention, and loyalty, increased customer lifetime value, and long-term profitability.

 

Who can issue PPIs?

 

The following entities can issue PPIs post authorization/approval of RBI.

 

Non- Banking Entities

  • They must be incorporated in India
  • Minimum paid-up capital — more than INR 5 crores
  • Minimum positive net worth — INR 1 crore at all times

NBFCs

  • Maintain an escrow account with any scheduled commercial bank in India

Banks

  • Compliant with PPI eligibility criteria established by the RBI

 

RBI’s new addition to PPI-Small PPIs can have cash upto ₹10,000 loaded per month

The Reserve Bank of India on 27/Aug/2021 issued Master Directions on Prepaid Payment Instruments (PPIs) with the fresh classification of the instruments.

 

“Keeping in view the recent updates to PPI guidelines, it has been decided to issue the Master Directions afresh,” the RBI said.

 

 

No entity can set up and operate payment systems for PPIs without prior approval or authorization of the RBI, it stated.

 

The master directions classify PPIs into two categories – small PPIs and full KYC PPIs. They were earlier classified as closed systems, semi-closed systems, and open system PPIs.

 

“Small PPIs: Issued by banks and non-banks after obtaining minimum details of the PPI holder. They shall be used only for the purchase of goods and services. Funds transfer or cash withdrawal from such PPIs shall not be permitted,” the RBI said.

 

PPI Classification

 

Small PPIs can have cash up to ₹10,000 loaded per month, not exceeding ₹1.2 lakh in a year.

 

Full-KYC PPIs will be issued by banks and non-banks after completing the Know Your Customer (KYC) of the PPI holder.

 

“These PPIs shall be used for the purchase of goods and services, funds transfer or cash withdrawal,” it further said, adding that the amount outstanding should not exceed ₹2 lakhs at any point in time.

 

The RBI has also said that the PPI issuer shall have a board-approved policy for PPI interoperability.

 

Where PPIs are issued in the form of wallets, interoperability across PPIs should be enabled through UPI. Where PPIs are issued in the form of cards (physical or virtual), the cards should be affiliated to the authorized card networks, it said.

 

PPI for mass transit systems should remain exempted from interoperability, while Gift PPI issuers (both banks and non-banks) have the option to offer interoperability.

 

Interoperability shall be mandatory on the acceptance side as well. QR codes in all modes shall be interoperable by March 31, 2022,” it further said.

 

The RBI has also said the PPI issuer shall put in place a formal, publicly disclosed customer grievance redressal framework, including designating a nodal officer to handle customer complaints or grievances, the escalation matrix, and turn-around-times for complaint resolution.

Learn More

What’s the Next Step in the Payment Industry for addressing Security Concerns?

Card industry has seen steady growth in the last two decades from EMV chip card (use a smart microchip to store data instead of mag stripe) payments to contactless payments, but security remains a big challenge for the industry. These concerns have led to innovations towards more reliable and secure technologies such as biometric card payment. Such technologies have received significant boosters during the contagious Global pandemic of COVID-19. People started preferring contactless payment methods for payments using Mobile wallets or tap and pay cards to avoid any kind contact as precautionary measures. The main concern with the current contactless payment system is the upper cap on the transaction amount. To boost the contactless payment, RBI has increased the limit from Rs 2000 to Rs 5000 during the pandemic period. However, higher transaction limits for tap and pay cards posed bigger security concerns since no second factor is being used for payment authorisation. Biometric cards do provide a ray of hope by addressing some of the challenges faced by the card industry.

 

Biometric Cards: Innovation for Secure Payments

What are Biometric Cards? 

Biometric cards are a unique combination which uses the payment mechanism of a regular Card, authentication mechanism of biometric based payment while maintaining the safety mechanism of contactless payment. Biometric contactless cards offer more security and seamless user experience than all the other payment modes by combining their best features and avoiding their shortcomings. Each Biometric Card has a built-in fingerprint reader hence customers do not need to remember their PIN or touch any POS terminal, as all transactions are performed by touching the fingerprint reader on the card itself. Biometric payment cards ensure the same existing EMV standards and use typical safety measures like end-to-end encryption along with tokenization with additional layer of security, by adding finger size biometric reader on the card for biometric authentication. In the case of cards Lost or Stolen, chances of replicating fingerprints or stealing data from Card for fraudulent activities is implausible. Also, personal data of cardholders is stored only on the card and is neither held on the bank server nor sent to any external database. We tech savvy people always want more personalised and high technology cards and these biometric cards are the exact solution for our requirements.

 

How do Biometric cards work?

  • Once the biometric card is received, the cardholder can securely install the fingerprints data in the card by inserting the biometric card in the sleeve and following the simple procedure provided.
  • Cardholders can also configure the fingerprints by visiting their nearest bank branch.
  • Card activation is completed at the time of the first transaction at the POS terminal. 
  • At the time of making the payment, customers can place the card on the POS terminal.
  • The POS terminal reads the card details and requests for authentication.
  • Customers can authenticate the transaction by placing their finger on a biometric reader on the card thus avoiding any direct contact with the POS terminal.

 

Benefits to Stakeholders

  • Highly Safe, Secure and easy to use. 
  • Easy and quick registration of fingerprint data on card at home or by visiting bank branch
  • Instant and seamless payments authorisation.
  • No need to remember the card PIN.
  • Technical compatibility with the existing contactless or chip payments terminals
  • No additional cost for merchants to accept payments through biometric payment.
  • Self-charging – biometric sensor is powered using a terminal.
  • No queue on the checkout counter because payment processing is faster with biometric cards.

The only challenge with the biometric card is that only the cardholder can use the card because transactions get completed only after the successful fingerprint authentication and biometric technology can only capture one unique identity that can never be changed.

Way Forward

Biometric cards can bridge the gap between innovation and security concerns of the current payment system. It will gain trust of banks and service providers by providing complete customer assurance and convenience to use with no additional efforts on their part than simply putting a thumb on the card. All these benefits put together make biometric cards setting the new industry standards from a security and convenience point of view in the payment industry. According to the ABI research around 2.5 Million biometric contactless cards are expected to be issued in 2021 and growth of biometric cards is expected to soar globally in the next few years.

 

In a country like ours which is predominantly rural and agricultural based, where the illiteracy rate is very high and remembering PIN/ Password for cards is very challenging. The benefits of Biometric cards will be a real boon for us. Biometric payment cards provide all-in-one high-end technology, convenience, usability of smartphones and security assurance with reduced effort on the customer’s part. Now is the perfect time for Indian banks to start offering biometric cards to its users and  make India a cashless and digital economy.

Learn More