RBI has issued the following guidelines for issuing banks to authorise mandates and collect recurring payments on credit cards, debit cards, and prepaid instruments. RBI has announced this step to make card transactions safer and secure.
- All mandate registrations must go through Additional Factor of Authentication (AFA). AFA is a process wherein a customer receives an OTP or card PIN during modification or revocation of the mandate and the first transaction.
- AFA is mandatory for registering mandates on cards. The maximum limit for registering mandates is ₹15,000. You can refer to the .
- At the time of registration, banks should provide customers with the option to choose the communication medium (SMS or email) to which the pre-debit notifications will be sent.
- Banks should send customers a pre-debit notification at least 24 hours before the actual debit. The notification must contain all the information regarding the upcoming debit. Customers should be provided with an option to opt-out of the particular debit or the mandate.
- Banks should also send a post-debit notification to the customers. This notification should contain all the information regarding the debit.
- Banks must provide customers with an online facility through which customers can withdraw from any e-mandate at any point in time. The customers will have to perform the AFA at the time of withdrawal.
- For all such withdrawn e-mandates, the acquiring banks should ensure that the respective businesses delete all customer payment information.
- Banks should set-up redressal system to address customers grievances. Card networks should also have in place a dispute resolution mechanism.
Handy Tips
You do not need to make any integration changes at your end. The circular applies to the issuing banks, and the banks need to implement the changes mentioned above.