Technology Law AnalysisAugust 26, 2019 Recurring Online Payments via Cards and E-Wallets now a Reality!
BACKGROUND India is second only to China in terms of number of debit cards issued.1 As of February this year, the number of debit cards issued stood at 944.5 million and credit cards at 46.1 million, according to the Reserve Bank of India.2 On the purely digital front, the volume of e-wallet transactions stood at 334 million in June alone this year.3 The electronic and digital payments ecosystem in India has truly been thriving. However, one snag in the system was that recurring payments were neither a viable nor smoothly implemented by banks and payment service providers. This had a considerable impact on subscription-based OTT and digital services platforms that would prefer smooth, systematic and successful periodic payments to be consummated for continual provision of services to users. RBI DIRECTIVEThe Reserve Bank of India (“RBI”), India’s apex bank has issued a directive4 (“Directive”) permitting e-mandates for recurring payments to be made to merchants, via debit / credit cards and e-wallets. AFA would be required only during the e-mandate registration (or first transaction if simultaneous), or in the case of modification or revocation of the e-mandate. This should allow simple and automatic subsequent successive transactions. The offering of this e-mandate facility by an issuer would be subject to certain compliances, of which certain major ones are elucidated in the Annexure. Importantly, the Directive is applicable to debit cards, credit cards and prepaid instruments including e-wallets. The maximum limit permitted per transaction under the e-mandate is INR 2,000 (approx. USD 30). No charges should be levied on the cardholders for availing this e-mandate facility. POSITION PRE-DIRECTIVEPursuant to its introduction in 2011 and subsequent ‘reinforcement’ notifications by the RBI, all online transactions through credit / debit cards issued in India were subject to a mandatory ‘additional factor of authorization’ (‘AFA”).5 This ‘second factor’ authentication, as commonly known, is based on information known or available to the card holder but is not printed on the card. Since this mandate by the RBI, banks have implemented the AFA requirement primarily though one-time passwords being immediately sent to the users’ registered mobile number, or through use of internet passwords. Hence, recurring transaction payments were not smooth and required customers to undertake additional steps. The RBI in 2016 directed6 that this AFA requirement may be relaxed, at the option of the consumer, for transactions of up to INR 2,000 (approx. USD 30). In such cases, AFA was conducted at the time of registration of the instruction by the user, or at the time of the first transaction, if simultaneous. However, this wasn’t fully implemented. Certain banks and card networks were not offering such a facility for debit cards and this had a considerable impact on digital platforms as credit cardholders in India are significantly lower in number as compared to debit cardholders. ANALYSISOne aspect that the RBI could consider is to increase the INR 2,000 limit per transaction somewhere down the line, once it is comfortable from a risk perspective. An increased limit may be conducive for less frequent but higher quantum transactions, such as in the case of yearly subscription payments. At present, the wordings of the Directive appear agnostic on the periodicity between recurring payments that can be made. Hence, recurring payments may be able to be made on a daily basis, unless specific periods are set out by banks registering the e-mandates. Further, one could argue that even if monthly subscription payments exceed the INR 2,000 limit; they could be broken down into multiple smaller transactions during the month, then each recurring payment would be below the prescribed limit and this may be permitted.. In the case of prepaid instruments,7 this is a first for this industry vertical and should be a big win for merchants, digital payment providers and users alike. Given the stringent wordings8 of the RBI Master Direction on Issuance and Operation of Prepaid Payment Instruments9 (“PPI Direction”), seamless recurring payments via PPIs including e-wallets were not possible as every successive payment transaction via an e-wallet is to be authenticated by the consumer via explicit consent. Given the Directive and that it may prevail over the PPI Direction in case of a contradiction, recurring payments via e-wallets should now be possible. As a build-up, the National Payments Corporation of India (NPCI) had also recently announced that it had received approval from the RBI for implementation of e-mandates via internet banking and debit cards.10 This was to allow e-mandates for consumers, facilitated by banks towards limited purposes.11 Banks had until June 30, 2019 to implement the e-mandate facility. Some banks had implemented the e-mandate facility12 but not all banks and card providers had followed suit. Overall, this move by NPCI, although in the right direction, did not appear to benefit merchants and consumers by facilitating recurring payments. The Directive appears much broader in scope and framework for implementation. Given the Directive, recurring payments via cards and e-wallets now seems a reality, as it is expressly permitted by the RBI and has the sanctity of law. This appears to be a big win for OTT and digital services platforms such as SAAS, cloud, audio and audio-video content platforms that largely depend on periodic subscription payments to be made by users. For instance, the video OTT market in India alone, which primarily comprises content streaming services - is likely to be ranked among the top 10 markets globally with a market size of USD 823 million by 2022.13 Hence, with the population and mobile and internet penetration in India, there is no ignoring the digital services industry and its potential. The introduction of the Directive should go a long way in improving user retention for platforms due to seamless payments that can now be made, and continued and uninterrupted service for the user. As with most RBI directives, we must now wait for the banks and payment system players to implement! – Aaron Kamath, Vivek Kathpalia & Gowree Gokhale You can direct your queries or comments to the authors 1 Benchmarking India’s Payment Systems; dated June 4, 2019. Available at: https://www.rbi.org.in/scripts/PublicationReportDetails.aspx?ID=923#ANE 2 India had 46.1M credit cards, 944.5M debit cards in February 2019; dated April 22, 2019. Available at: https://www.medianama.com/2019/04/223-india-had-46-1m-credit-cards-944-5m-debit-cards-in-february-2019/ 3 Payment companies seek better MDR deal; dated August 13, 2019. Available at: https://economictimes.indiatimes.com/industry/banking/finance/payment-companies-seek-better-mdr-deal/articleshow/70652136.cms 4 Directive on Processing of e-mandate on cards for recurring transactions; dated August 21,2019. Available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11668&Mode=0 5 Vide Notification RBI/2014-15/190 dated August 22, 2014; “Security Issues and Risk Mitigation measures related to Card Not Present (CNP) transactions”; available at: https://rbi.org.in/scripts/NotificationUser.aspx?Id=9183&Mode=0 6 Vide Notification RBI/2016-17/172 dated December 6, 2016; “Card Not Present transactions – Relaxation in Additional Factor of Authentication for payments up to ₹ 2000/- for card network provided authentication solutions”; available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10766&Mode=0. Our write up on this notification is available here. 7 Paragraph 2.3 of the PPI Direction defines ‘prepaid instrument’ as payment instruments that facilitate purchase of goods and services, including financial services, remittance facilities, etc., against the value stored on such instruments. 8 Paragraph 15.3(c) provides that “Issuers shall introduce a system where every successive payment transactions in wallet is authenticated by explicit customer consent.” 9 Available at: https://www.rbi.org.in/ScriptS/BS_ViewMasDirections.aspx?id=11142 10 RBI Approves E-Mandates For Internet Banking, Debit Cards; dated April 26, 2019. Available at: https://inc42.com/buzz/rbi-e-mandates-internet-banking-debit-cards/ 11 Such as B2B collections, investment and insurance products and utility payments, government payments, trade receivables, loan repayments, asset rentals and collection of education / society charges 12 Reference: https://www.kotak.com/content/dam/Kotak/about-us/media-press-releases/2019/media-release-kotak-mandate-22042019.pdf 13 Video OTT market in India to be among global top 10 by 2020; touch $823 mn: Study; dated May 9, 2019. Available at: https://economictimes.indiatimes.com/industry/media/entertainment/video-ott-market-in-india-to-be-among-global-top-10-by-2020-touch-823-mn-study/articleshow/69251689.cms?from=mdr DisclaimerThe contents of this hotline should not be construed as legal opinion. View detailed disclaimer. |
|