Debit card, credit card auto-payment rules change from April

  • Thread starter Thread starter Sushubh
  • Start date Start date
  • Replies Replies 16
  • Views Views 1,766
 
  1. For auto-payments from debit and credit cards or via wallets, an additional authentication by the customer will be required from 1 April. "A cardholder desirous of opting for e-mandate facility on card shall undertake a one-time registration process, with AFA validation by the issuer," RBI said.​
  2. The limit for auto-debit from cards and wallets is set at ₹5,000. For transactions above the cut-off, an additional one-time password (OTP) will be needed.​
  3. The new rule will be applicable for transactions performed using all types of cards – debit, credit, UPI and PPIs, including wallets, the central bank earlier mentioned.​
  4. The regulator earlier asked the banks to introduce additional factor authentication by 31 March, 2021. In a circular issued on 4 December, 2020, RBI said, "Processing of recurring transactions (domestic or cross-border) using cards/PPIs/UPI under arrangements/practices not compliant with the aforesaid instructions shall not be continued beyond 31 March, 2021."​
  5. The issuer has to send a pre-transaction notification to the cardholder, at least 24 hours prior to the actual charge or debit to the card. The user will have an option to choose a mode among available options (SMS, email, etc.) for receiving the pre-transaction notification, the regulator said.​
  6. To proceed the transaction, customer's consent is must. The cardholder will also have an option to "opt-out of that particular transaction".​
  7. The issuer shall provide the cardholder an online facility to withdraw any e-mandate at any point, RBI said. "No charges shall be levied or recovered from the cardholder for availing the e-mandate facility on cards for recurring transactions," the bank noted.​
  8. Banks have started informing its customers about this new rule. “In accordance with regulatory requirements, processing of e-mandates for recurring transactions, which have been registered on your credit or debit card without Additional Factor of Authentication (AFA), will be discontinued w.e.f. April 1, 2021. You may make payments directly through your card at the merchant website or application," read a communication sent by Axis Bank.​
RIP to the people who pay on int'l websites that costs more than ₹5000 without OTP 😢
 
WTF man, while these rules are good, it shouldn't be applicable on intl transactions, or at least allow people to increase the limit 5k is too low.
Just because some people get scammed not knowing how things work, does not mean I should suffer because of them.
 
i kinda like this law and that cards info cannot be saved that too is damm good
 

Threatening institutions with consequences is the new normal for getting things done these days. RBI hai ya Mafia?
 
Regulatory institution has every right to threaten and make the institutions comply with the orders in the interest of larger consumer benefits and safety. That's their job. You cannot call them mafia. Further to make things simple, you cannot call your boss a mafia agent if (s)he has threatened you with consequences provided, you're not complying with the orders within the purview of your work.
 
Haven't you read this ? Amid rising data breaches, RBI tightens supervision norms for payment firms

Also, the current data regulation in India isn't particularly clear. While RBI and Govt needs to buckle up and has to create a framework fixing accountability in these kinda breaches.

While it is true that RBI has to do a lot more but comparing a sovereign regulatory authorities activities and functions to Mafia is completely outrageous and disgraceful.
 
I am just curious. Has RBI done anything since the mobikwik leak happened? Called Mobikwik officials to explain what's going on? Issued any guidelines to banks or public on what to do about leaked data? This data is out no matter what the leakers claim about deleting it at their end. What is RBI going to do about it? Because Mobikwik does not seem to be interested in doing anything.
 
You're mixing two separate things. Mobikwik breach is separate thing and laxity of banks in complying with already issued orders is separate thing. The laxity of banks needs to be punished and for this RBI can act in any manner available within it's domain.

This is no existing Data regulation (both sensitive and non sensitve) in our country, the Govt needs to work with various stakeholders involved[For eg: SEBI, RBI, UIDAI, MoH]. We cannot simply blame RBI alone for inaction, what is Govt doing ? or what has been Meity or ministry doing?. Plus there is also CertIn organization for cybercrimes, what has been its response till date ?

The regulation is not quite clear in these things so better work with our parliamentarians in providing us with a clear data regulation on the lines of GDPR of EU. The last I read was it was work in progress and Raisina Dialogue for this is year is scheduled inviting the promoters of EU's GDPR. Further, we might not know what Govt and RBI is doing behind closed doors.
 
Tbh certin is also a joke. It's in the same state as bsnl. Where all high positions are occupied by old people who have the "sarakari naukri" attitude and don't know anything about the new tech or don't care since they know for sure they won't be fired/replaced.
 

Top