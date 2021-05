Subscriptions have become an integral part of our daily lives, both for offline and online services. And the trend is expected to become even stronger in coming years. According to a Gartner report, 75 percent of the organisations selling direct to consumers will offer subscription services by 2023. This should not come as a surprise: recurring revenue is a no-brainer given it provides a company with greater financial resilience and predictability. Banks, merchants and credit card providers alike have been paying close attention to this trend exactly for this reason.

In recent times, with the evolution of the modern digital payment ecosystem, traditional models based on one-time payment have been replaced by partial or full subscription models with recurring payments. In the future, the impact will go far beyond just electricity bills and movie streaming; we’re talking everything from pet food to cosmetics, enterprise software to consulting, and even banking services. Everyone will find it hard to resist the growing convenience of subscriptions.

What’s the catch?

Consider this; one of the OTT platforms is screening a new series starring your favourite actor. You take a three-month subscription to watch all the episodes at a leisurely pace. Similarly, you have subscribed to various online services including music streaming apps, photo editing or productivity apps, health and fitness apps and more. All these subscriptions are auto-renewed, giving you the convenience and peace of mind of not having to pay and renew all these services manually. But, this is only possible because your payment information is saved with the platform – the merchant. Now if one of these many platforms faces a data breach, and your sensitive payment information is leaked, resulting in a fraudulent transaction? What do you do now? Who do you go to with your grievance—the platform or your bank? Such breaches are not new and are only expected to increase, leaving sensitive payment information at risk of misuse.

To minimise the risk of such data breaches for consumers, RBI issued guidelines in 2019 permitting the processing of e-mandate or subscription on cards for recurring transactions with Additional Factor Authentication (AFA). That is, providing an option to the issuer bank to seek the customer’s approval at the time of registration, modification, and revocation of a subscription plan. Give more power and freedom in the hands of the customer and the responsibility in the hands of the issuer bank, while reducing the exposure risk for merchants by storing sensitive payment information and owning the responsibility for a recurring payment mandate.

What changes with the more recent RBI’s guidelines?

To begin with, the new guidelines issued by RBI are not, in fact, new. These are the same guidelines issued in 2019 for processing e-mandate on cards for recurring transactions with AFA. What is new is the fact that this time around, RBI has extended the deadline for having the infrastructure in place by six months, to September 2021. RBI’s guidelines intend to do is place the responsibility on the issuer bank, essentially to say that banks need to keep track of all mandates by a customer on a card and provide flexibility to customers to stop payments or make changes to the payment schedule. It is important to note, however, that this is a pivotal shift from the way card payments work. Basically, this arrangement assigns clear ownership and rights in the hands of banks and customers respectively—bringing all the entities onto a unified platform—a Standing Instructions Hub (SI Hub).

With the recent push for implementing these guidelines, RBI seeks to expediate the process of providing safety and control to the customer on various aspects. Once implemented, the SI Hub will improve transparency, since customers will receive an intimation from the issuer bank on the recurring transaction 24 hours ahead of the debit. Furthermore, it will empower the customer with the facility to cancel the subscription before the debit to the card. And lastly, customers will be able to provide a validity period for the e-mandate or subscriptions. That is, if the customer wants to set the end date for a subscription, to say an OTT platform, they can do so beforehand, and the merchant will not be able to charge the bank post this period. Ultimately, the bank can provide a range of more customer-centric personal finance management options to its retail customers. This could extend to tailored offers that help customers cover their payments across multiple merchants, for example with instalment plans.

What is in it for the banks and the merchants?

SI Hub is largely set up for the issuer banks, upon whom RBI has bestowed compliance and accountability. It facilitates issuer banks to address the e-mandate or subscription registration and payment transaction processing in total compliance with the RBI’s requirements. The system is merchant agnostic and once set up, banks can automate payments for any merchant category with recurring payment workflows. Furthermore, one of the biggest advantages for the banks is the fact they can leverage their existing IT systems to incorporate the SI Hub functionality, allowing them the flexibility to deploy enterprise-grade fraud management solutions to manage risks. As for the merchants—the biggest benefits are reduced exposure and liability in the event of fraud or a data breach.

The balancing act: convenience and security

There have been some arguments around how the new RBI guidelines are detrimental to digital payments adoption and are skewed in favour of certain digital payment methods over others. But we must remember that the choice between convenience and security is a balancing act; it is important for the payments ecosystem to put customer security at the forefront. To borrow from Franklin, the bitterness of falling victim to fraud is bound to remain long after the sweetness of convenience is forgotten.