In August 2019, RBI had issued a framework for processing of e-mandates on recurring on-line transactions. Initially relevant to playing cards and wallets, the framework was prolonged in January 2020 to cover Unified Payments Interface (UPI) transactions as effectively.Auto debit rule: New deadline is September 30

After a lot hand-wringing by banks and payment companies over the March 31 deadline for activating the extra issue of authentication (AFA) framework for auto debit transactions, the central financial institution relented on Wednesday. The new deadline for implementing the framework has been set at September 30, 2021.

The Reserve Bank of India (RBI) made its displeasure with system players clear and mentioned it might concern a circular on penalties for non-compliance. “This non-compliance is noted with serious concern and will be dealt with separately. The delay in implementation by some stakeholders has given rise to a situation of possible large-scale customer inconvenience and default,” RBI mentioned, including that the deadline is being extended solely to stop inconvenience to customers.

“Any further delay in ensuring complete adherence to the framework beyond the extended timeline will attract stringent supervisory action. A circular advising the above is being issued by the Reserve Bank today,” the central bank mentioned.

In August 2019, RBI had issued a framework for processing of e-mandates on recurring on-line transactions. Initially relevant to playing cards and wallets, the framework was prolonged in January 2020 to cowl Unified Payments Interface (UPI) transactions as well.

The requirement of AFA has made digital payments in India secure and safe, RBI mentioned. In the interest of customer comfort and security in use of recurring on-line payments, the framework mandated use of AFA throughout registration and first transaction (with relaxation for subsequent transactions as much as a restrict of Rs 2,000, which was later enhanced to Rs 5,000), in addition to pre-transaction notification, facility to withdraw the mandate, etc.

“The primary objective of the framework was to protect customers from fraudulent transactions and enhance customer convenience,” RBI mentioned. That is the second time the deadline is being prolonged on the insistence of banks. Earlier, based mostly on a request from the Indian Banks’ Association (IBA) for an extension of time until March 31, 2021, to allow the banks to finish the migration, the regulator had suggested the stakeholders in December 2020 to migrate to the framework by March 31, 2021.

Banks were all set to miss the March 31 deadline, with a few of them having already despatched communications to their customers telling them that auto debits from debit and credit cards will be disabled with effect from April 1, 2021. They’ve requested customers to make recurring payments via the web sites of the respective service suppliers. This will likely still undergo for banks who’ve already begun to migrate to the brand new framework. Most customers, although, can breathe easy for the subsequent six months, industry specialists mentioned.

Some specialists imagine the AFA framework includes a playoff between safety and comfort, a stability the industry is struggling to strike. Fintech expert Parijat Garg was of the view that the RBI pointers of their present type are centered more on safety than comfort they usually may make issues more difficult for people who find themselves now habituated to the comfort of auto debits. “Part relief is for the auto-debit transactions of up to Rs 5,000, which should cover large proportion of such transactions. A better approach would have been to ensure stricter security and privacy responsibilities which will come through data protection laws as well on players who are responsible for storing this information and using it, and possibly putting in more guidelines around tokenisation,” Garg mentioned. He added that right now, the priority is across the card data being saved and getting leaked as has been seen in some current cases, where the consumer’s data was put to threat and the organisations liable for them didn’t face any motion.

Payments Council Of India (PCI) chairman Vishwas Patel informed PTI on Tuesday, “All the ecosystem players, be it banks and payment gateways, are guilty of not taking RBI directive seriously from 2019 and not being able to come on a single platform, which we should have done at least a couple of months back, so that there could have been a smooth transition to the new way of doing recurring transactions.”