Now control your auto-debit payments: RBI’s new rules explained

The Reserve Bank of India (RBI) has introduced a revised framework for e-mandates, giving users significantly more control over auto-debit payments while improving security and transparency. The updated rules are effective immediately and aim to simplify recurring digital transactions for millions of users.

In a significant relief for users, the central bank has allowed transactions such as insurance premium payments, mutual fund subscriptions, and credit card bill settlements to be processed without Additional Factor Authentication (AFA) for amounts up to ₹1 lakh per transaction.

Under the Digital Payments – E-mandate Framework, 2026, the regulator has also mandated that every e-mandate registered by an issuer must clearly define its validity period. Customers will retain full control, with the option to modify or revoke mandates at any time. Issuers are required to clearly communicate these rights at the time of registration, enhancing transparency and user autonomy in recurring digital payments.

No OTP for small auto-debits, but...

Under the new rules, recurring payments of up to ₹15,000 can now be processed without repeated OTP authentication. However, this is only after users approve a one-time e-mandate using Additional Factor Authentication (AFA), such as an OTP or PIN.

Once registered, payments within this limit will be automatically debited. Any transaction above ₹15,000 will still require additional verification.

MUST READ: ‘Second-round effects’: RBI Governor Malhotra fires warning on the impact of the West Asia war

Higher limits for key payments

The RBI has allowed a higher auto-debit limit of up to ₹1 lakh for specific categories:

> Insurance premiums
> Mutual fund investments
> Credit card bill payments

This ensures that essential, high-value payments continue smoothly without repeated interruptions.

24-hour alert

To give users better control, banks must now send a pre-debit notification at least 24 hours before the transaction.

This alert will include:

Merchant name
Transaction amount
Debit date

MUST READ: RBI ‘new rules’ for old ₹500 and ₹1,000 notes? PIB Fact Check clarifies viral claim

Users can review the details and cancel the payment if needed.

Post-payment alerts

After every transaction, users will receive a confirmation alert. Additionally, banks must provide a clear grievance redressal mechanism for issues like failed or unauthorised debits.

Pause, modify or cancel anytime

One of the biggest changes is flexibility. Users can now:

Pause auto-debits
Modify mandate details
Cancel e-mandates anytime

All changes will require authentication, ensuring security.

For variable payments, users can also set a maximum limit, preventing unexpected high deductions.

What this means for you

An e-mandate is a digital instruction that enables automatic debits for recurring payments. The RBI said the revised framework, based on stakeholder feedback, is effective immediately. Customers must complete a one-time AFA authentication, with the first transaction also requiring AFA, which can be combined if processed together.

The RBI’s updated framework shifts control firmly to users. Instead of passive auto-debits, customers now get advance visibility, flexibility, and stronger safeguards—without compromising convenience.