RBI has revamped Digital Payments - E-Mandate Rules, allowing recurring transactions of up to Rs 15,000 per transaction and higher limits of up to Rs 1 lakh per transaction without additional factor authentication (AFA), commonly known as OTP. Transactions exceeding this threshold will continue to require authentication.

Key Highlights

• RBI allows auto-debits up to Rs 15,000 without OTP, ensuring seamless recurring payments with security safeguards.
• Higher Rs 1 lakh limit without OTP for insurance, SIPs, and credit card bill payments.

The move is aimed at making digital payments more seamless while maintaining adequate safeguards against fraud.

In a major relief for consumers, the RBI has permitted higher limits of up to Rs 1 lakh per transaction without OTP for specific categories such as:

• Insurance premium payments
• Mutual fund subscriptions (SIPs)
• Credit card bill payments

This reflects the essential and typically higher-value nature of such financial commitments.

Under the new framework, customers must complete a one-time e-mandate registration process with AFA. The first transaction will also require authentication, which can be combined with the registration step. Subsequent eligible recurring payments within the prescribed limits can then be processed automatically.

The RBI has strengthened user control by mandating that every e-mandate must clearly specify its validity period, while customers can modify, pause, or withdraw mandates at any time, with any such changes requiring AFA validation

Pre and Post Transaction Alerts 

To enhance transparency and prevent unexpected debits, issuers must send pre-transaction notifications at least 24 hours before a debit. These alerts will include:

• Merchant name
• Transaction amount
• Date and time
• Reference number
• Purpose of debit

Customers will also have the option to opt out of specific transactions, with requests authenticated via AFA. However, FASTag and NCMC auto-replenishments are exempt from pre-debit alerts.

The central bank has made it mandatory for issuers to send post-transaction notifications containing key details and grievance redressal mechanisms. Additionally, issuers must establish robust dispute resolution systems, and existing rules on limiting customer liability for unauthorised transactions will continue to apply.

Also Read: RBI Proposes One Hour Delay on Digital Payments Above Rs 10,000

The RBI clarified that no charges will be levied on customers for using the e-mandate facility, while existing mandates can be mapped to reissued cards for continuity. Acquiring banks have also been directed to ensure merchant compliance with the updated rules.

According to reports, the new framework is designed to make recurring digital payments “simpler, safer and more user-centric”, while promoting a consent-driven autopay ecosystem.