New Delhi: The Reserve Bank of India (RBI) has issued consolidated guidelines for e-mandates in digital payments, mandating an additional factor of authentication (AFA) to enhance the security of recurring transactions.
These Directions to be called the “Digital Payments - E-mandate Framework, 2026” will be effective immediately, Reserve Bank of India has said.
The provisions of these Directions shall be applicable to all Payment System Providers and Payment System Participants in respect of processing of recurring transactions, domestic or cross-border, using cards / PPI / UPI.
Registration and revocation of E-Mandate
The central bank has said that a customer desirous of opting for e-mandate facility shall undertake a one-time registration process. The mandate shall be registered only after successful validation of additional factor of authentication (AFA), in addition to the normal process required by the issuer.
Every e-mandate registered by the issuer shall specify the validity period of the e-mandate. The issuer shall provide the customer with a facility to modify the validity period or withdraw the e-mandate at any point of time. Information about this facility shall be clearly communicated to the customer at the time of registration.
The e-mandate may be for either a pre-specified fixed amount or for a variable amount subject to the overall cap fixed by the RBI. In the case of variable e-mandates, the issuer shall provide the customer with a facility to specify the maximum value of any recurring transaction.
The customer shall be given a facility to choose or change a mode among available options (SMS, email, etc.) for receiving the pre-transaction notification from the issuer. Any modification in, or withdrawal of, an existing e-mandate shall require AFA validation by the issuer.
Payments up to Rs 15000 without OTP, but what happens to high value payments?
(a) All recurring transactions may be authorised without AFA or OTP up to 15,000 per transaction. Transactions above this amount shall be subject to AFA.
(b) Payment of insurance premiums, subscription to mutual funds, and credit card bill payments may be made without AFA up to Rs 1 lakh per transaction.
Processing of first transaction and subsequent recurring transactions
RBI says that the first transaction under an e-mandate shall require AFA validation. If the first transaction is processed along with registration of the e-mandate, then AFA validation may be combined.
Payments under e-mandates shall not be subject to any other limits / controls set by the customer.
Pre-transaction Notification
-- An issuer shall send a pre-transaction notification to the customer, at least 24 hours prior to the actual charge / debit.
-- The pre-transaction notification shall, at the minimum, inform the customer about the merchant’s name, transaction amount, date / time of debit, reference number of e-mandate, reason for debit, i.e., e-mandate registered by the customer.
-- The issuer shall provider a customer with a facility to opt-out of any particular transaction or the e-mandate. Any such opt-out shall be validated by the issuer using AFA. An intimation to this effect shall be sent to the customer.
-- Pre-transaction notification is not required for e-mandates registered to auto-replenish balances of FASTag, and National Common Mobility Card (NCMC).