Paying your recurring bills is set to change. RBI recently asked all the banks to use two-factor authentication for auto-debit transactions on their credit and debit cards. While earlier the deadline was set at March 31, it later got extended to September 30 (2021). 

Let’s understand how it will affect your online transactions going forward. 

Auto debit rule

What is the ruling?

Auto-debit transactions done using credit card, debit card, PPI (Prepaid Payment Instrument), UPI (Unified Payment Interface) including e-wallets will have to follow the two-factor authentication by the given deadline of September 30. In case of two-factor authentication, the user will, first of all, get an option to choose a mode among available options (say email, SMS) for receiving the pre-transaction notification well in advance. 

And while transacting, there will be an additional approval required from the customer in the form of OTP (One Time Password) on his mobile or related authentication. Only after the OTP is entered successfully, does the transaction goes through.

Such a process will be applicable for all transactions done on third-party merchant websites. However, you can continue to use the auto-debit feature on the bank websites as usual – to pay your utility bills, credit card bills, broadband, DTH and EMIs on your loans. Thankfully, even your SIPs on mutual funds using the auto-debit feature will stay intact. 

What’s the issue actually?

The RBI, the banking regulator, is concerned about the fact that auto-debit transactions on third-party merchant websites are susceptible to fraud. Sometimes the debits are done despite the customers opting out of service. To safeguard the interest of customers and to make sure all payments are secure, RBI is mandating two-factor authentication. 

Two circulars in this regard were issued to banks – one in August 2019 and another in December 2020 and they were given a deadline of March 31st to adhere to the new rule. However, the RBI decided later to extend the deadline to September 30 as the banks weren’t ill-prepared for its implementation.

How will it affect me?

First of all, two-factor authentication is a safety feature and it will ensure you don’t make any unapproved payments. From Oct 1, for any recurring payments done through third-party websites, one has to send a communication to the customer five days in advance and at least one day before the due date informing him about the scheduled payment. Additionally, it will provide an option to either pay/part-pay or opt-out of it. On the due date, OTP or any other authentication mode will be active and the customer will accordingly make the payments. 

So, if you have subscribed to services like Amazon Prime, Netflix, Spotify, iTunes, Google, Gaana (including utility bill payments and insurance premiums) using recurring payments on your credit or debit card, then it will not be allowed from 1st October 2021 onwards. However, existing subscriptions will also not be cancelled.

Does it affect all transactions?

It has been specified that the new rules apply only for transactions in excess of Rs 5,000. So, if you have any subscriptions or bills in excess of Rs 5,000, then such an amount will not be auto-debited. It will require your prior approval.  However, for those transactions below Rs 5,000, the recurring card payments will continue as before.

What should I do?

If you are already registered with banks giving standing instructions to pay your utility, mobile payments or any subscriptions continue doing so. This ruling does not affect bank-related auto- debit transactions. 

However, if you have been using third-party merchant websites to auto-pay your bills, you might have to re-register after the deadline is over. However, by then, their online platform should also be compliant with the new RBI norms. Then, you can either continue using their auto-debit feature (with the new two-factor authentication) or directly make payments on their website. 

Lastly, you also have the option to use the online platforms of online bill payment firms such as Billdesk and Bharat Bill payment system. They allow customers to view bills generated by the registered billers. They already comply with the RBI’s two-factor authentication process by sending reminders on your emails about the bill and by authenticating payments. 

Takeaway

RBI’s new two-factor authentication mandate will secure your auto-debit transactions on third-party merchant platforms. However, those transacting on the banking platforms need not bother.