RBI designed the new direct debit rules to protect customers from online fraud, especially on third-party platforms where payment fraud is more common. These rules are designed to give customers more control over recurring transactions, increase convenience for customers, and create transparency throughout the process. The Reserve Bank of India (RBI) has issued new guidelines for direct debit that card-issuing banks should comply with from October 1, 2021. These new rules will be introduced to regulate recurring payment transactions involving credit cards, debit cards and prepaid instruments. From 1 October, the rules for online debit and credit card payments will change. The Reserve Bank of India (RBI) has made it mandatory that all credit and debit card details used in online, point-of-sale and in-app transactions must be retained by March 30. September of this year will be replaced by tokens. Previously, the deadline was extended by three months from July. All existing transactions that use customers` bank accounts for purposes such as mutual funds, SIPs, equal monthly loan payments and insurance premiums are not affected by RBI`s new automatic debit rules.
As of October 1, online transaction rules for debit and credit cards will change for all users. To make all electronic payments safe, convenient, fast and affordable, the Reserve Bank of India (RBI) has asked all operational banks to create tokens for card details. Simply put, all online, point-of-sale, and in-app transactions made with debit and credit cards should be replaced with bank-issued tokens. Autodebit or auto-credit mandates for recurring payments for subscription renewals on digital service platforms, e-commerce website orders, utility bills, and similar transaction types will likely be affected by RBI`s new auto-debit rules. Yes, the new rules on direct debits will also affect cross-border transactions. (4.) Allow the token to be created. To complete the transaction, use the one-time password (OTP) provided by your bank on your mobile phone or email. These instructions do not cover all aspects related to credit and debit cards and should be read in conjunction with other instructions from RBI on specific aspects, such as credit and debit card technology and cybersecurity. Customers are not required to explicitly approve transactions through additional factor authentication (AFA). However, if they wish to cancel, suspend or modify the electronic mandate for recurring transactions, they can do so using the options provided in the pre-billing notice. The guidelines also specify that any form of bullying or harassment of a customer when collecting debts is not permitted.
Tokenization replaces debit or credit card details with a token issued by the operating bank. This means that now, when a user pays for something online, they don`t enter all 16 digits on their card. Banks will issue an equivalent non-sensitive token for transactions. As a result, the customer`s card information is no longer available on merchants, payment gateways, or third-party platforms. The process also hides names on the card, expiration dates, and CVV codes. Customers should complain to the relevant bank to report the case of loss, theft or any other event that may result in unauthorized use of the tokenized device. When the new rule comes into effect, a customer will have to enter all their card details when shopping online. In addition to making the transaction more secure, tokenization will also help create a smoother user experience for customers. Seven Unicorns: How Bessemer Venture Partners` Roadmap in India Has Evolved Over a Decade No telemarketer can contact customers outside a window from 10:00 a.m.
to 7:00 p.m. The country`s central bank describes tokenization as “replacing the actual card data with an alternative code called a token,” which must be unique to a combination of card, token requester, and device.” The guidelines state that interest is justified – taking into account the costs incurred and the amount of return that the card issuer could reasonably expect. Each co-branded credit/debit card must indicate that it was issued under a co-branding agreement, and the co-branded partner cannot market the card as its own. Such a partner is limited to the marketing and distribution of cards and access to goods and services. While this practice is convenient, the availability of card data for multiple entities increases the risk of theft or misuse of card data, and there have been instances where this data stored by merchants has been compromised. The buyer receives an OTP on his mobile phone or via email from the card issuer, which must be filled out on the bank side, and then the token is generated. The same token is sent to the merchant. It can register it with the customer`s phone and email address in case the transaction encounters technical problems. Similarly, urban cooperative banks (UCBs) with a net worth above Rs 100 crore may issue cards under certain policies. For example, they can only issue credit cards to members.
You may not issue co-branded credit cards, and UCB`s total unsecured loans and advances cannot exceed 10% of its assets. Credit cards must be closed within seven business days of each application, provided all fees are paid by the cardholder. Failure to comply will result in a penalty of Rs 500 per day of delay until the account is closed. The main problem remains recurring payments, which still fail in some tests. “We`re probably in the October 2021 e-mandate loop – recurring payments won`t work, which would require customers to re-enter card details every month. Moreover, merchants will suffer sales losses due to this inconvenience,” he said. This includes verbal and physical acts, including acts aimed at publicly humiliating the privacy of credit cardholders – family members, references and friends or invading the privacy of credit card holders, making threatening and anonymous calls, or making false and misleading representations. Because they eliminate the hassle of sending payment reminders and calculating late payments to customers, they have proven to be a win-win for both parties. Big Billion Push: Flipkart has many firsts this holiday season.
Some meet the target, others the sellers If a CIC is to receive information about the cardholder`s credit history and proof of repayment, the issuer must explicitly inform the customer that this information is being provided in accordance with the Credit Information Companies Act (Regulation), 2005. – Upon receipt of the pre-transaction notification, the customer (the cardholder) has the freedom to decline that particular transaction, as well as the ability to view, modify or even cancel a direct debit mandate set on their card. One of the guidelines is that card issuers cannot share credit information from a new credit card account with credit information companies (CICs) before activating the card. Credit cards that have not been used for more than one year may be closed by the issuer after notifying the cardholder and not receiving a response within 30 days. Changes to fees can only be made prospectively with one month`s notice. Cardholders could also return their card at no additional cost if they wished due to fee changes. If the payment is successful, customers will be informed in the message after the transaction of the merchant`s name, transaction amount, debit date/time, transaction reference number or electronic money order, and the reason for direct debit. Also Read: How to Use Card Tokenization and Account Aggregators to Secure Your Financial Data The guidelines, officially known as the Reserve Bank of India (Credit Card and Debit Card – Issuance and Conduct) Directions, 2022, provide a comprehensive set of instructions primarily for card issuers on issuing credit and debit cards, co-branded cards, billing and telemarketing. inter alia. As of October 1, tokens generated for transactions will be irreversible and unique. This means that no one can break through the layers of security and decrypt the payment process to get the card data. Why China`s Zero Covid-19 policy went wrong while India did better against a persistent virus Designing a working-age youth population: Here are new key choices for learning and qualification The first step in tokenization is to click on “Secure your card according to RBI guidelines” after a customer has entered all the card details for a transaction.
Once this is done, the merchant asks the operating bank to generate a unique token for a particular transaction. Once consent is given, the merchant sends the request to the card network. After tokenization, card data is not stored anywhere except in the card network. Customers can create tokenization for multiple merchants. In addition, decisions regarding the issuance of cards can only be made by the card issuer and not by direct sales or marketing agents, who are not expected to attract or serve customers.