Payments Council of India

Auto debit norms: Payments Council of India seeks extension for smooth transition

September 29, 2021 root Banking & Finance

[ad_1]

Read More/Less

The Payments Council of India has requested the Reserve Bank of India to extend the norms for auto debit mandates for recurring transactions by one to two months.

“It is a very positive and consumer centric move. We have written to the RBI for a short extension of one or two months to ensure a smooth transition to the new norms. All ecosystem players have been working hard but it will take some more time,” said Vishwas Patel, Chairman, Payments Council of India and Executive Director, Infibeam Avenues Limited.

At present, the new norms for processing of recurring online transactions will come into effect from October 1.

The RBI had in March this year already extended the deadline for banks to comply with norms by six months to September 30.

Patel said that while major private banks have gone live with the facility, a number of other players are still in the final stages of preparedness. State Bank of India’s debit card will be able to go live in middle of October, he said.

SBI’s credit card systems are ready to meet the norms. Lenders including HDFC Bank, ICICI Bank, Bank of Baroda, Citibank, IDFC Bank and Axis Bank are also ready and others such as IndusInd Bank, RBL Bank and Yes Bank are also geared up to meet the deadline.

However, most public sector banks are still working to meet the deadline.

According to experts, just about 60 per cent of the ecosystem is seen to be ready. “In the long run, the RBI norms are good for the ecosystem and will benefit the consumer. But in the short term, the deadline of September 30 can cause a lot of confusion for the existing mandates that are present. For all cases, where customers have put in the cards which have not migrated to the new system or banks that have not complied, these mandates will not be processed,” said Shashank Kumar, CTO and co-founder, Razorpay, adding that recurring transactions on debit cards will also be allowed.

Also read: New auto-debit rules: Banks, merchants working on a common platform

Razorpay is one of two companies that has an API product to help banks comply with these regulations.

Auto debit mandates

In order to enhance customer safety, the RBI has introduced new auto debit mandates that require an additional factor authentication for cards, wallets, prepaid instruments and UPI during registration and first transaction, as well as pre-transaction notification by banks and facility to withdraw the mandate. For recurring transactions of over ₹5,000 a month, customers will require an additional factor authentication.

[ad_2]

CLICK HERE TO APPLY

Leave a comment auto debit, bank, bank account, Debit, online payment, Payments Council of India, smooth transition

RBI against dropping card data storage clause in new rules, BFSI News, ET BFSI

August 20, 2021 root Banking & Finance

[ad_1]

Read More/Less

The Reserve Bank of India (RBI) has rejected a demand by India’s payment gateways for exemptions on select new regulatory norms that are set to prohibit merchants from storing card details and payment operators from offering one-click checkout service to consumers from January 2022, three sources aware of the matter told ET.

The new Payment Aggregator/Payment Gateways (PA/PG) rules will mandate every online merchant processing transactions for customers to only have access to a ‘tokenised’ key linked with the consumer’s cards instead of the entire card file. While authorised card operators will be allowed to store card details for seamless processing of redressals and chargebacks, the new rules will prohibit the usage of this data even by authorised operators for auto checkouts.

This means millions of card holders – both debit and credit – making payments online in 2022 may have to enter their 16-digit card numbers every time they make a payment online as opposed to just authenticating these transactions through the CVV (card verification value) and the one-time password (OTP) as is the current norm.

“The RBI’s new rules have been framed keeping security of the consumers as paramount,” said an industry official aware of the matter. “The current system, while seamless, is prone to breaches and cyber risks as customer card details are being stored in the servers of merchants not directly under the supervisory purview of the central bank.”

The Payments Council of India (PCI) lobby group has suggested alternative solutions beyond encryption through tokenisation–such as secure reference on file–to minimise customer inconvenience. They argue that as licensed aggregators are storing card data on isolated servers for chargeback references, these may be used for allowing one-click checkouts subject to consumer consent.

PCI has also sought a further extension of the deadline for compliance in its letter to the RBI.

“To allow regulated entities to develop and implement solutions that meet the criteria, as well as to ensure consumers are informed, we request sufficient time to be allowed to ensure the entire card ecosystem is prepared to handle card transactions under new solutions without adverse unintended consequences,” said the letter reviewed by ET.

To be sure, the rules were initially set to be enforced from July 2021. The RBI extended this by six months after the industry lobbied for it.

The RBI didn’t respond to queries.

The gateways say customers will see experience friction in subscription-based services that require storage of card data to bill them on a recurring basis. Without the customer data, merchants will have to ask for the card information in every billing cycle, which will result in business disruption, they say.

“While this directive from the RBI is right in intent, it leads to a blanket prohibition for service provider merchants from storing customers’ financial information, even when the said merchants may have the requisite security norms in place or may intend to have one for the same, thereby affecting smooth flow of online payments,” said Rameesh Kailasam, CEO and president of IndiaTech, an industry grouping of startups.

Earlier in the year, IndiaTech had made representations to both the RBI and the finance ministry to allow merchants with adequate security compliances to handle customer data without encryption to prevent disruption to seamless checkouts. Kailasam said IndiaTech is preparing another representation to reiterate this point to the central bank ahead of the deadline.

“It is important to understand here that from a practicality standpoint, device tokenisation may not work in all use cases, like subscription businesses and payments that are device agnostic,” he said.

ET reported Thursday that at least 30 firms including Tata Group, Amazon, Zomato and PhonePe have applied for PA/PG authorisation under the new RBI rule, which was formally introduced in March 2020. The widespread interest among internet firms to apply for an aggregator licence can also be explained by their intent to convert themselves from merchants to payment processors to ensure reduced friction in payment processing for customers.

“The central bank is firm on its stand to not allow any more extensions as of now as the ecosystem has seen several high-profile breaches, mostly at the end of merchants and unauthorised payment aggregators,” said the chief executive of a payment gateway present at the meeting with RBI representatives earlier this month. This year has seen high-profile cyberattacks such as those on JusPay, Mobikwik, Air India and Upstox.

[ad_2]

CLICK HERE TO APPLY

Leave a comment card data, card details, credit card, debit card, payment aggregator/payment gateways, payment gateways, Payments Council of India, RBI, reserve bank of india, storage

Automatic recurring payment to comply with RBI direction from April 1, BFSI News, ET BFSI

March 31, 2021 root Banking & Finance

[ad_1]

Read More/Less

Come April there will be no automatic recurring payment for various services including recharge and utility bill as RBI has made Additional Factor of Authentication (AFA) mandatory after March 31.

However, banks and payment gateways are seeking additional time to comply with the RBI directive on automatic recurring payment.

On December 4, RBI had directed all banks including RRBs, NBFCs, and payment gateways that the processing of recurring transactions (domestic or cross-border) using cards or Prepaid Payment Instruments (PPIs) or Unified Payments Interface (UPI) under arrangements/practices not compliant with AFA would not be continued beyond March 31, 2021.

As part of risk mitigation measure, RBI announced this step to bolster safety and security of card transactions.

Non-readiness of some of the players could impact recurring payment such as of utility bills, recharge of phone, DTH and OTT, among others, post March 31.

Recently, RBI enhanced the limit for contactless card transactions and e-mandates for recurring transactions through cards (and UPI) from Rs 2,000 to Rs 5,000 from January 1, 2021 with a view to further the adoption of digital payments in a safe and secure manner.

Under the new norms, banks will be required to inform customers in advance about recurring payment due and transaction would be carried following nod from the customer. So the transaction would not be automatic but would be done after authentication from the customer.

For recurring payments above Rs 5,000, banks are required to send one-time password to customer as per the new guidelines.

“All the ecosystem players, be it banks and payment gateways, are guilty of not taking RBI directive seriously from 2019 and not being able to come on a single platform, which we should have done at least a couple of months back, so that there could have been a smooth transition to the new way of doing recurring transactions,” Payments Council Of India (PCI) Chairman Vishwas Patel said.

So, the Reserve Bank of India (RBI) requested to consider giving at least one month extension so that players meet RBI directives, Patel, who is executive director of Infibeam Avenues, said.

“Everybody has understood the seriousness of it because it is Rs 2,000 crore a month business, as per PCI estimates. We hope that the cycle is not broken and the end consumers and merchants are not inconvenienced,” he added.

A senior executive at an e-commerce company said the industry is not prepared to implement the e-mandate framework issued by RBI.

Starting April 1, customer e-mandate transactions will be declined by banks, if further extension is not granted by RBI, the official said, adding, this will cause major disruption to recurring transactions and will erode customer trust in digital payments.

[ad_2]

CLICK HERE TO APPLY

Leave a comment Additional Factor of Authentication, Automatic recurring payment, banks, Payments Council of India, reserve bank of india, unified payments interface

Do not ban cryptocurrency, Internet and Mobile Association appeals to government

March 10, 2021 root Banking & Finance

[ad_1]

Read More/Less

The Internet and Mobile Association of India (IAMAI) on Wednesday appealed to the government not to ban cryptocurrency, and instead proposed that robust mechanisms should be developed to regulate the ecosystem.

“Cryptocurrency has been generating jobs across a variety of functions — legal, compliance, tech, marketing, business development, finance — in India and abroad. Given the scale and diversity, the good governance and regulation of the cryptocurrency ecosystem in India is critical and will give impetus to the government of India’s Digital India vision,” IAMAI said in a statement.

Digital assets

It also pointed out that the country is witnessing a considerable rise in digital assets.

“The crypto community consists of over one crore crypto holders holding over $1 billion worth crypto assets, over 300 start-ups generating tens of thousands of jobs and hundreds of millions of dollars in revenue and taxes. There’s a daily trading volume of $350-500 million,” IAMAI added.

The comments come in the wake of the government listing the Cryptocurrency and Regulation of Official Digital Currency Bill, 2021 for introduction, consideration and passing in the current session of Parliament.

Nishith Desai, Founder, Nishith Desai Associates, noted that countries such as the US, Japan and other developed countries have a positive outlook towards crypto and are considering setting up regulations for the currency.

Finance Minister Nirmala Sitharaman has said the government will take a “calibrated” approach to crypto trading and that “negotiations and discussions” are going on with the Reserve Bank of India on how to regulate cryptocurrency in India. IAMAI members welcomed the statement but have raised concerns against the proposed ban of cryptocurrency.

Naveen Surya, Chairman, Fintech Convergence Council, and Chairman Emeritus of Payments Council of India (PCI), said: “Through AML/CFT and KYC-related compliances, the government can ensure a safe and secure crypto market for investors.”

[ad_2]

CLICK HERE TO APPLY

Leave a comment bitcoin India, crypto market, Cryptocurrency and Regulation of Official Digital Currency Bill, cryptocurrency India, crytocurrency India ban, digital india, Fintech Convergence Council, IAMAI, Internet and Mobile Association of India, Payments Council of India, PCI, RBI, reserve bank of india