RBI tightens auto-pay rules under new digital payments framework
What's the story
The Reserve Bank of India (RBI) has announced changes to its electronic auto-pay transactions. The new guidelines, part of the 'Digital Payments - E-mandate Framework, 2026,' cover credit cards, debit cards, prepaid payment instruments (PPIs), and Unified Payments Interface (UPI). The changes will be implemented immediately across all payment systems for recurring and domestic or cross-border transactions involving cards, PPIs (wallets), and UPI.
Transaction limits
Transactions up to ₹15,000 without OTP
The RBI's updated framework allows recurring transactions of up to ₹15,000 without additional authentication like an OTP. To enable this process, users will have to register a one-time e-mandate using additional factor authentication (AFA). Once approved, subsequent recurring payments up to ₹15,000 will be processed automatically without requiring OTP each time. This includes payments for fixed deposits, mutual funds, subscriptions (Netflix), EMIs, and bills.
User control
Users can modify, pause, or revoke payment instructions
Once registered, customers can modify, pause or revoke recurring payment instructions at any time with AFA authentication. For variable payments, users can set an upper limit to avoid unexpected debits beyond a defined threshold. Most transactions above ₹15,000 will continue to need repeated OTP authentication. However, exceptions are made for recurring payments of insurance premiums, mutual fund investments, and credit card bills up to ₹1 lakh without AFA if registered under e-mandates.
Cost implications
Banks can't charge extra for e-mandate
The RBI has prohibited banks from charging customers extra for using the e-mandate facility for recurring transactions. Banks and payment providers must send pre-debit alerts at least 24 hours before a transaction, detailing the amount, debit date, and merchant name. Customers can use these alerts to opt out of or cancel the mandate if it's a wrong transaction or fraudulent.
Fraud protection
Zero-liability policy extended to e-mandates
The RBI has also extended its zero-liability policy for unauthorized electronic transactions to e-mandates. This means customers won't be liable for fraudulent debits as long as they report them in time. The central bank had also proposed new rules for digital wallets and prepaid tools last week, covering general-purpose PPI, gift PPI, transit PPI, and PPIs for non-resident Indians (NRIs).