RBI regulations - context, FAQs, & next steps
1 Context
The Reserve Bank of India (RBI) has, over the past decade, put in place various safety and security measures for card payments, including the requirement of Additional Factor of Authentication (AFA), especially for ‘card-not-present’ transactions. These new measures have been put in place to protect cardholders and overall create an additional security measure for card payments.
2 Frequently Asked Questions
What are the new RBI requirements for issuers and card networks?
The measures introduced by the RBI include:
1. Banks will need to register cardholders through a one-time process along with additional factor authentication (AFA) like 3D Secure
2. Banks must alert cardholders at least 24 hours prior to changes taking place and give them the ability to opt-out of transactions
3. Mandating recurring transactions over INR 5,000 (or equivalent in other currencies) to go through AFA each time
How is the industry currently adapting to these measures?
Banks are currently in the early stages of updating their systems to comply with the RBI directives. There are over a hundred issuing banks in India and the process of fully adapting to the new requirements is expected to take several months.
What’s the likely long-term impact on business performance?
You should see no impact on one-time payments from India-issued cards as a result of this regulation. However, you’ll likely encounter disruption to your subscription lifecycle management (e.g., decreased renewal rates) due to the required re-registration of existing subscriptions and additional 3DS requirements. This disruption is industry-wide and not unique to businesses that use Cheddar.
Will this affect me if I am a business outside of India taking payments from customers with India-issued cards?
Yes, the RBI’s directive affects cross-border transactions for businesses accepting payments from India-issued cards in all currencies.
Are subscriptions in currencies other than INR exempt from these rules?
No. The regulations apply to INR as well as non-INR payments.
However, issuing banks are not able to support non-INR subscription charges to Indian cards. You must bring your customers back on-session to complete the payment with 3DS.
3 Next Steps
The following information can help you best determine what to do in the case that your business is impacted by the Reserve Bank of India's directive on the processing of e-mandates for recurring transactions, including subscriptions and bill payments.
Is the transaction being paid by a card issued by an Indian bank?
No, this is a non-India issue card > the payment is not affected.
Yes > Go to the next question.
Is the transaction off-session i.e., is the payment happening without the direct involvement of the customer, using previously-collected payment information?
No, the user is on-session and initiating the payment > the payment is not affected.
Yes > Go to the next question.
Is the transaction presented in Indian Rupees (INR)?
No, this is a non-INR transaction > You must bring the user back on-session with AFA to process this payment.
Yes > Go to the next question.
Is the transaction value greater than INR 5000?
No, the payment is < INR 5000, off-session, and with an India issued card > Currently, you must bring the user back on-session with AFA to process this payment. In the future, these payments will not need AFA.
Yes, the payment is > INR 5000, off-session, and with an IN issued card > You must bring the user back on-session with AFA to process this payment every time.
4 Learn More
You can learn more here.