Technology Law Analysis + Regulatory Hotline: Recurring Online Payments via Cards and E-Wallets now a Reality!

• E-mandates can be registered by users for recurring payments with merchants via debit / credit cards and e-wallets, subject to a limit of INR 2,000 (approx. USD 30) per transaction.
• Additional factor of authentication applicable at the first instance, and not for subsequent successive payments.
• Consumers have the option to modify or withdraw the e-mandate registered.

BACKGROUND

India is second only to China in terms of number of debit cards issued.¹ As of February this year, the number of debit cards issued stood at 944.5 million and credit cards at 46.1 million, according to the Reserve Bank of India.² On the purely digital front, the volume of e-wallet transactions stood at 334 million in June alone this year.³ The electronic and digital payments ecosystem in India has truly been thriving. However, one snag in the system was that recurring payments were neither a viable nor smoothly implemented by banks and payment service providers. This had a considerable impact on subscription-based OTT and digital services platforms that would prefer smooth, systematic and successful periodic payments to be consummated for continual provision of services to users.

RBI DIRECTIVE

The Reserve Bank of India (“RBI”), India’s apex bank has issued a directive⁴ (“Directive”) permitting e-mandates for recurring payments to be made to merchants, via debit / credit cards and e-wallets.

AFA would be required only during the e-mandate registration (or first transaction if simultaneous), or in the case of modification or revocation of the e-mandate. This should allow simple and automatic subsequent successive transactions. The offering of this e-mandate facility by an issuer would be subject to certain compliances, of which certain major ones are elucidated in the Annexure.

Importantly, the Directive is applicable to debit cards, credit cards and prepaid instruments including e-wallets. The maximum limit permitted per transaction under the e-mandate is INR 2,000 (approx. USD 30). No charges should be levied on the cardholders for availing this e-mandate facility.

POSITION PRE-DIRECTIVE

Pursuant to its introduction in 2011 and subsequent ‘reinforcement’ notifications by the RBI, all online transactions through credit / debit cards issued in India were subject to a mandatory ‘additional factor of authorization’ (‘AFA”).⁵ This ‘second factor’ authentication, as commonly known, is based on information known or available to the card holder but is not printed on the card. Since this mandate by the RBI, banks have implemented the AFA requirement primarily though one-time passwords being immediately sent to the users’ registered mobile number, or through use of internet passwords. Hence, recurring transaction payments were not smooth and required customers to undertake additional steps.

The RBI in 2016 directed⁶ that this AFA requirement may be relaxed, at the option of the consumer, for transactions of up to INR 2,000 (approx. USD 30). In such cases, AFA was conducted at the time of registration of the instruction by the user, or at the time of the first transaction, if simultaneous. However, this wasn’t fully implemented. Certain banks and card networks were not offering such a facility for debit cards and this had a considerable impact on digital platforms as credit cardholders in India are significantly lower in number as compared to debit cardholders.

ANALYSIS

One aspect that the RBI could consider is to increase the INR 2,000 limit per transaction somewhere down the line, once it is comfortable from a risk perspective. An increased limit may be conducive for less frequent but higher quantum transactions, such as in the case of yearly subscription payments. At present, the wordings of the Directive appear agnostic on the periodicity between recurring payments that can be made. Hence, recurring payments may be able to be made on a daily basis, unless specific periods are set out by banks registering the e-mandates. Further, one could argue that even if monthly subscription payments exceed the INR 2,000 limit; they could be broken down into multiple smaller transactions during the month, then each recurring payment would be below the prescribed limit and this may be permitted..

In the case of prepaid instruments,⁷ this is a first for this industry vertical and should be a big win for merchants, digital payment providers and users alike. Given the stringent wordings⁸ of the RBI Master Direction on Issuance and Operation of Prepaid Payment Instruments⁹ (“PPI Direction”), seamless recurring payments via PPIs including e-wallets were not possible as every successive payment transaction via an e-wallet is to be authenticated by the consumer via explicit consent. Given the Directive and that it may prevail over the PPI Direction in case of a contradiction, recurring payments via e-wallets should now be possible.

As a build-up, the National Payments Corporation of India (NPCI) had also recently announced that it had received approval from the RBI for implementation of e-mandates via internet banking and debit cards.¹⁰ This was to allow e-mandates for consumers, facilitated by banks towards limited purposes.¹¹ Banks had until June 30, 2019 to implement the e-mandate facility. Some banks had implemented the e-mandate facility¹² but not all banks and card providers had followed suit. Overall, this move by NPCI, although in the right direction, did not appear to benefit merchants and consumers by facilitating recurring payments. The Directive appears much broader in scope and framework for implementation.

Given the Directive, recurring payments via cards and e-wallets now seems a reality, as it is expressly permitted by the RBI and has the sanctity of law. This appears to be a big win for OTT and digital services platforms such as SAAS, cloud, audio and audio-video content platforms that largely depend on periodic subscription payments to be made by users. For instance, the video OTT market in India alone, which primarily comprises content streaming services – is likely to be ranked among the top 10 markets globally with a market size of USD 823 million by 2022.¹³ Hence, with the population and mobile and internet penetration in India, there is no ignoring the digital services industry and its potential. The introduction of the Directive should go a long way in improving user retention for platforms due to seamless payments that can now be made, and continued and uninterrupted service for the user.

As with most RBI directives, we must now wait for the banks and payment system players to implement!

¹ Benchmarking India’s Payment Systems; dated June 4, 2019. Available at: https://www.rbi.org.in/scripts/PublicationReportDetails.aspx?ID=923#ANE

² India had 46.1M credit cards, 944.5M debit cards in February 2019; dated April 22, 2019. Available at: https://www.medianama.com/2019/04/223-india-had-46-1m-credit-cards-944-5m-debit-cards-in-february-2019/

³ Payment companies seek better MDR deal; dated August 13, 2019. Available at: https://economictimes.indiatimes.com/industry/banking/finance/payment-companies-seek-better-mdr-deal/articleshow/70652136.cms

⁴ Directive on Processing of e-mandate on cards for recurring transactions; dated August 21,2019. Available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11668&Mode=0

⁵ Vide Notification RBI/2014-15/190 dated August 22, 2014; “Security Issues and Risk Mitigation measures related to Card Not Present (CNP) transactions”; available at: https://rbi.org.in/scripts/NotificationUser.aspx?Id=9183&Mode=0

⁶ Vide Notification RBI/2016-17/172 dated December 6, 2016; “Card Not Present transactions – Relaxation in Additional Factor of Authentication for payments up to ₹ 2000/- for card network provided authentication solutions”; available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10766&Mode=0. Our write up on this notification is available here.

⁷ Paragraph 2.3 of the PPI Direction defines ‘prepaid instrument’ as payment instruments that facilitate purchase of goods and services, including financial services, remittance facilities, etc., against the value stored on such instruments.

⁸ Paragraph 15.3(c) provides that “Issuers shall introduce a system where every successive payment transactions in wallet is authenticated by explicit customer consent.”

⁹ Available at: https://www.rbi.org.in/ScriptS/BS_ViewMasDirections.aspx?id=11142

¹⁰ RBI Approves E-Mandates For Internet Banking, Debit Cards; dated April 26, 2019. Available at: https://inc42.com/buzz/rbi-e-mandates-internet-banking-debit-cards/

¹¹ Such as B2B collections, investment and insurance products and utility payments, government payments, trade receivables, loan repayments, asset rentals and collection of education / society charges

¹² Reference: https://www.kotak.com/content/dam/Kotak/about-us/media-press-releases/2019/media-release-kotak-mandate-22042019.pdf

¹³ Video OTT market in India to be among global top 10 by 2020; touch $823 mn: Study; dated May 9, 2019. Available at: https://economictimes.indiatimes.com/industry/media/entertainment/video-ott-market-in-india-to-be-among-global-top-10-by-2020-touch-823-mn-study/articleshow/69251689.cms?from=mdr

FT Innovative Lawyers Asia Pacific 2019 Awards: NDA ranked 2nd in the Most Innovative Law Firm category (Asia-Pacific Headquartered)

RSG-Financial Times: India’s Most Innovative Law Firm
2019, 2017, 2016, 2015, 2014

Chambers and Partners Asia Pacific: Band 1 for Employment, Lifesciences, Tax and TMT
2019, 2018, 2017, 2016, 2015

Benchmark Litigation Asia-Pacific: Tier 1 for Government & Regulatory and Tax
2019, 2018

IFLR1000: Tier 1 for Private Equity and Project Development: Telecommunications Networks.
2019, 2018, 2017, 2014

Legal500: Tier 1 for Dispute, Tax, Investment Funds, Labour & Employment, TMT and Corporate M&A
2019, 2018, 2017, 2016, 2015, 2014, 2013, 2012

AsiaLaw 2019: Ranked ‘Outstanding’ for Technology, Labour & Employment, Private Equity, Regulatory and Tax

Who’s Who Legal 2019:
Nishith Desai, Corporate Tax and Private Funds – Thought Leader
Vikram Shroff, HR and Employment Law- Global Thought Leader
Vaibhav Parikh, Data Practices – Thought Leader (India)
Dr. Milind Antani, Pharma & Healthcare – only Indian Lawyer to be recognized for ‘Life sciences – Regulatory,’ for 5 years consecutively

Merger Market 2018:Fastest growing M&A Law Firm in India

Asia Mena Counsel’s In-House Community Firms Survey 2018:The only Indian Firm recognized for Life Sciences

IFLR: Indian Firm of the Year 
2013, 2012, 2011, 2010

IDEX Legal Awards 2015: Nishith Desai Associates won the “M&A Deal of the year”, “Best Dispute Management lawyer”, “Best Use of Innovation and Technology in a law firm” and “Best Dispute Management Firm”