Recurring pain

RBI must re-examine its auto-debit restrictions

The Reserve Bank of India’s (RBI’s) new rules controlling recurring payments on credit or debit cards came into force on October 1. It is unfortunate that, in spite of a lengthy period for discussion of these rules, consumers are facing considerable chaos. Many auto-debits failed for customers and smaller enterprises that depend upon online payments sharply revised their revenue estimates downward. While the RBI’s motivation in attempting to protect consumers from unwanted payments on their cards is laudable, any regulation can only be judged by its outcomes. The inability to manage a smooth transition to the new system is, in the end, the failure of the regulator.

The broad purpose of the new rules is to ensure that holders of credit or debit cards are not constantly hit by recurring charges without their consent. Pre-authorisation of debits must be clear and transparent, users should be clear where their personal data is being held, and it should be easier to cancel subscriptions through payments operators. Yet the RBI should also, as a regulator, lay out its cost-benefit analysis of the harm done by its regulation as compared to the harm it seeks to avoid. It is also unclear whether the RBI’s chosen methods — forcing all merchants seeking online recurring payments to enrol in a particular compliance format — is the best way to go about it. There are multiple other mechanisms that might be considered. For example, banks could have been mandated to keep a record of recurring payments on a customer’s net-banking portal, where they could access it and turn it on and off as desired.
 

Alternatively, the new protocols could be limited to recurring payments over a certain threshold. Currently, auto-debits are allowed under the new system without one-time passwords for payments under Rs 5,000. Why should such low-impact transactions be brought under the compliance rules in the first place? The RBI has not given any reasoning for this decision.

The broader question is whether these regulatory decisions are taken after consulting a sufficiently broad spectrum of stakeholders. Banks and large companies such as Netflix might have been part of the process. But were smaller enterprises, start-ups, and end-users given a voice in the process? Consumer-facing regulation is not easy because it involves having to understand the sources of consumer welfare and balance that against protection. By the standards of this regulation, the RBI as a consumer-facing regulator will have to work harder to expand its consultation process before introducing new rules.

Having observed the problems caused by the new rules, the RBI must swiftly respond, and work out how to make them more palatable for smaller enterprises and consumers. Much is still unclear about how banks and other payments gateways can work harder to make things easier for customers. Yet the principles underlying this regulatory action must be questioned. Officials have stated their aim is for the payments ecosystem to internalise mature practices like data transparency. Other aspects of mature payments ecosystems also allow for choice and ease of use. A system that shuts down a large proportion of payments rather than rendering their use transparent fails the maturity test.