Auto debit rule: New deadline is September 30

After much hand-wringing by banks and payment companies over the March 31 deadline for activating the additional factor of authentication (AFA) framework for auto debit transactions, the central bank relented on Wednesday. The new deadline for implementing the framework has been set at September 30, 2021.

The Reserve Bank of India (RBI) made its displeasure with system players clear and said it would issue a circular on penalties for non-compliance. “This non-compliance is noted with serious concern and will be dealt with separately. The delay in implementation by some stakeholders has given rise to a situation of possible large-scale customer inconvenience and default,” RBI said, adding that the deadline is being extended solely to prevent inconvenience to customers.

“Any further delay in ensuring complete adherence to the framework beyond the extended timeline will attract stringent supervisory action. A circular advising the above is being issued by the Reserve Bank today,” the central bank said.

In August 2019, RBI had issued a framework for processing of e-mandates on recurring online transactions. Initially applicable to cards and wallets, the framework was extended in January 2020 to cover Unified Payments Interface (UPI) transactions as well.

The requirement of AFA has made digital payments in India safe and secure, RBI said. In the interest of customer convenience and safety in use of recurring online payments, the framework mandated use of AFA during registration and first transaction (with relaxation for subsequent transactions up to a limit of Rs 2,000, which was later enhanced to Rs 5,000), as well as pre-transaction notification, facility to withdraw the mandate, etc.

“The primary objective of the framework was to protect customers from fraudulent transactions and enhance customer convenience,” RBI said. This is the second time the deadline is being extended on the insistence of banks. Earlier, based on a request from the Indian Banks’ Association (IBA) for an extension of time till March 31, 2021, to enable the banks to complete the migration, the regulator had advised the stakeholders in December 2020 to migrate to the framework by March 31, 2021.

Banks were all set to miss the March 31 deadline, with some of them having already sent communications to their customers telling them that auto debits from debit and credit cards will be disabled with effect from April 1, 2021. They have requested customers to make recurring payments through the websites of the respective service providers. This may still go through for banks who have already begun to migrate to the new framework. Most customers, though, can breathe easy for the next six months, industry experts said.

Some experts believe the AFA framework involves a playoff between security and convenience, a balance the industry is struggling to strike. Fintech expert Parijat Garg was of the view that the RBI guidelines in their current form are focused more on security than convenience and they might make things more challenging for people who are now habituated to the convenience of auto debits. “Part relief is for the auto-debit transactions of up to Rs 5,000, which should cover large proportion of such transactions. A better approach would have been to ensure stricter security and privacy responsibilities which will come through data protection laws as well on players who are responsible for storing this information and using it, and possibly putting in more guidelines around tokenisation,” Garg said. He added that right now, the concern is around the card information being stored and getting leaked as has been seen in some recent instances, where the consumer’s data was put to risk and the organisations liable for them did not face any action.

Payments Council Of India (PCI) chairman Vishwas Patel told PTI on Tuesday, “All the ecosystem players, be it banks and payment gateways, are guilty of not taking RBI directive seriously from 2019 and not being able to come on a single platform, which we should have done at least a couple of months back, so that there could have been a smooth transition to the new way of doing recurring transactions.”