top of page

RBI’s e-payments rules will create challenges for merchants, small businesses, banks, others

Payment aggregators, gateways, merchants, small businesses, banks, and others will face challenges as a result of the Reserve Bank of India's framework for processing e-mandates for recurring online transactions and guidelines related to the Payment Aggregators and Payment Gateways (PAPG) to address data security and privacy concerns, according to experts.

In a webinar to propose recommendations to enable uninterrupted payments experiences for customers, Empower India, a think tank, stated that following these guidelines could result in more fraudulent activities, transaction failures, reduced consumer choice and portability, hampered user experience and customer satisfaction, and limited product innovation. “Not only do payment aggregators and payment gateways face challenges, but so do banks, subscription-based services, a wide range of merchants and small business owners, and even consumers,” according to the research tank.

“When it comes to data privacy, unless there is a massive data breach, the regulation should not be overly strict. We have a large cash economy, and the only way to address it is through digital payments. The RBI has the authority to ensure that financial data is not stolen and that consumer data is protected, but not in the manner in which they are attempting to do so by regulating merchants,” said Dr. Aruna Sharma, former Secretary to the Government of India.

According to the RBI recommendations, banks must notify their clients before and after any recurring debit beginning September 30, 2021, and this need is agnostic of the payment channel. “However, there are some disadvantages, as the e-mandate only applies to a small portion of the merchant community. Furthermore, the RBI issued the PAPG guidelines to address data security and privacy concerns associated with holding card-on-file (COF) data, which prevents merchant sites from saving customer card details.”

These rules create an "unusual situation" for merchants and payment aggregators, who will be dealing with customer complaints but won't be able to fix them until banks and card networks adopt their solutions. While security and privacy concerns are legitimate, they must be balanced against the ease and practicality of digital transactions.

If merchants and payment aggregators are not allowed to hold card information on file, they will be unable to provide seamless payment solutions for recurring and single-click online payments, according to the think tank. This would make it impossible for end-users to manually enter information for each transaction. According to Empower India, this will make digital transactions difficult, time-consuming, and inconvenient, deterring a substantial number of customers.

“The overregulation of security and e-commerce will leave only 3-4 major players capable of complying. Overregulation in India frequently kills major business. Instead of acting like China, the Indian government should learn from other nations and how they have handled regulation of such enterprises in the digital payments field. “It is critical for India to maintain flexibility in order to grow,” stated Montek Singh Ahluwalia, former Chairman of the Planning Commission of India.


bottom of page