BQ Explains: Auto Debits Won’t Be So Automatic Anymore

On Wednesday, the RBI extended the deadline for the implementation of these rules by six months. Read here.

You know that time you subscribed to a service for that one article you wanted to read or that one series you wanted to watch? But you had to sign up for auto renewals even though you could opt out anytime. Then you forgot to do so until after the next auto debit.

If that describes you and some of your experiences with auto debits, a new set of rules which kick-in on April 1 will prove to be helpful. For many others, though, the rules will detract from the convenience of auto debits and add one more step before transactions can be completed.

What Are The New Rules?

So far, a customer would require an OTP for the first transaction and to enable the auto-debits. For subsequent transactions, the debit would take place automatically and customers would receive a message or an e-mail after being charged.

In an August 2019 circular, the RBI said that as “a risk mitigant and customer facilitation measure,” the issuer shall send a pre-transaction notification to the customer, at least 24 hours prior to the actual charge by SMS or email, as per the customer’s preferences.” On receipt of the pre-transaction notification, the customer shall have the facility to opt-out of that particular transaction or the e-mandate, the RBI said.

This provision is set to come into place from April 1.

Essentially, you need to keep a look-out for messages for upcoming auto debits. You will need to click to approve or opt-out.

Will They Apply To All Transactions?

Technically, the impact should be felt on auto-debits over Rs 5,000. As such, utility bills, subscription renewals and other items below that threshold should remain excluded. The limit of Rs 5,000 emerges from a separate rule that allows small value transactions to go through without an additional factor of authentication.

However, some confusion persists on this rule and banks have started to cancel all standing instructions.

Axis Bank, for instance, in a message to customers said that all standing instructions will be cancelled. A separate message from ICICI Bank too said that all standing instructions will be cancelled.

Why’s The RBI Making Auto Debits Tougher?

The new rules were introduced after a rise in customer complaints about third-party applications continuing to debit a customer’s account despite the customer claiming to have opted out of the arrangement, said Vivek Iyer, partner and national leader for financial services at Grant Thornton.

Also, possession of a customer’s financial information presented a data security and privacy challenge, Iyer said. Now, there’s a continuous feedback loop built-in for the customer to better protect his or her interests.

Vishwas Patel, chairman of the Payments Council of India, agrees that there were complaints. But the number of complaints are very small compared to the number of such transactions, creating a trade-off between the cost and benefit of creating the new infrastructure required to comply with the notification.

Will The Implementation Be Smooth?

Unfortunately not. In fact, the implementation may be chaotic.

Most existing e-mandates are likely to be discontinued, inconveniencing customers, said Iyer. Of course, customers can always choose to make the payment themselves instead of relying on the auto debit.

Patel also said it’s likely that auto debits will be disabled and customers will have to face inconvenience.

Iyer said banks may have been hoping for a deferral of the guidelines and hence don’t have systems in place. While an update to the IT infrastructure is the ideal solution for banks, in the absence of one they’re likely to have a back-up plan, Iyer said.

Patel explained the changes needed to existing systems are material. For instance, the issuing bank which the customer banks with does not know the customer’s details such as details of subscriptions, Patel said. Once the new regulations are enforced, the issuing bank will need to know what these are and show the details to the customer for the auto debit to take place, he said.

“That is a systematic change and requires an infrastructure that does not exist in the current scheme of things. All relevant financial players will have to come onto a common platform that enables the system to work. A system called the ‘Standing Instructions Hub’ is currently in the works and is being built by some private banks. Even here there is lack of clarity and nothing is finalised,” said Patel.

What Are The Alternatives?

One interim some solution is to use other systems such as Bharat Bill Payment System, along with online bill payment options extended by payment service providers, such as BillDesk, PayUBiz, Razorpay and Oxigen.

This, as bill payment solutions such as BBPS and BillDesk allow customers to view their bill before they make a payment, thereby complying with the central bank’s condition of two-factor authentication. “These are obvious alternative options. But these options cannot be viewed as permanent replacements for any pre-authorized auto-debit facility, which is more frictionless and automatic in nature,” said Harish Prasad, head of banking- India at technology solutions firm FIS.

The other solution that banks and customers may resort to is routing recurring payments through UPI-based payment applications such as Paytm, PhonePe and Google Pay, or using SMS alerts to inform the customers of the bill along with the payment link.

“There may be some net increases in UPI and net-banking payment volumes until all banks and billers come on board with the two-factor authentication requirements for recurring payments. Further, banks and billers will also need to actively educate their customers of the changes that will come into effect on the auto-debit options to avoid any confusion,” said Prasad.

Beware! One More Change Coming

The change in auto debits will be followed by another change in the coming months.

Come July, single-click payments that could earlier be done by just entering the card security code (CVV) will need customers to re-enter their entire card details. This, as the RBI has barred merchants and payment aggregators from storing customer card credentials within their database or servers, as per its March 2020 guidelines that come into effect this July. You can read more on that upcoming change, here.