Card-Based eMandates Explained: How Recurring Payments on Cards Work Under RBI Guidelines
8 min read
Card-based eMandates are digital standing instructions that allow merchants to automatically charge a customer’s credit or debit card for recurring payments. These mandates remove the need for customers to manually re-enter card details or authenticate every billing cycle.
They are widely used for:
Subscriptions (OTT, gyms, education apps, SaaS)
Digital services (cloud storage, content platforms)
Utilities and telco bills
Insurance premiums
Memberships and EMI-like plans
Unlike old standing instructions that worked only on bank accounts, card-based eMandates operate directly on Visa, Mastercard, and RuPay networks, giving them broader coverage and faster customer adoption.
A card-based eMandate includes:
Customer consent
Card token / masked card details
Maximum debit amount
Debit frequency (weekly, monthly, annual, etc.)
Merchant details
Validity period
Customer’s ability to pause/modify
Once set, the mandate allows the merchant to charge the card automatically as long as the rules are followed.
How Do Card-Based eMandates Work Under RBI Guidelines?
RBI introduced a strict framework to ensure recurring payments remain secure, transparent, and customer-controlled. The process is divided into three stages:
Mandate Creation
To activate a recurring payment, the user must complete an Additional Factor of Authentication, usually an OTP. This is compulsory for the first transaction, even if the recurring amount is low. During mandate creation, the following happens:
a. Customer Provides Consent
The customer agrees to the recurring debit and reviews:
frequency
amount or amount cap
next debit date
merchant name
cancellation rules
This is often shown inside a hosted mandate page provided by the issuer or the payment gateway.
b. Initial Debit is Processed With AFA
The first charge (₹1 or the actual subscription amount) is done with full OTP authentication. This verifies that:
the customer is genuine
the card is active
the mandate is legitimate
Only after this AFA-approved initial payment can auto-debits begin.
c. Mandate Is Registered With the Card Network
Once approved, the mandate details are stored with:
issuing bank
card network (Visa/Mastercard/RuPay)
merchant’s payment partner
The mandate gets a unique Mandate ID, which will be used for all future auto-debits.
2. Recurring Payment Processing Under RBI Rules
RBI sets clear guidelines on how future payments can be charged. The most important rule is:
Auto-Debits Up to ₹5,000 (No AFA Required)
If the recurring charge is ₹5,000 or below, it will go through automatically without asking the customer for OTP because RBI considers this amount low-risk and wants to keep the subscription flow frictionless.
This allows uninterrupted renewals for:
OTT & apps
SaaS plans
digital content
memberships
monthly services
Auto-debits under ₹5,000 generally have high success rates as long as the card is active and has a sufficient limit.
Auto-Debits Above ₹5,000 (AFA Required)
If a subscription amount exceeds ₹5,000 whether it’s ₹5,001 or ₹50,000 the bank must trigger an OTP to the customer.
Examples include:
annual SaaS plans
insurance premiums
high-value services
educational subscriptions
Flow:
Bank sends pre-debit notification
Customer must authenticate via OTP
Only then the charge is completed
If the user does NOT authenticate, the payment fails automatically after a grace window. This protects customers from large unauthorized transactions.
Mandatory Pre-Debit Notification
For every recurring charge whether ₹300 or ₹30,000 the bank must send a 24-hour (or more) pre-debit alert via:
SMS
Email
Mobile app push
The notification includes:
upcoming debit amount
date
merchant name
mandate ID
option to cancel or pause
This is one of the strongest customer-protection measures in the world.
3. Mandate Management & Customer Controls
RBI guidelines ensure customers have complete command over their mandates.
a. Modify or Pause Mandate
Users can change:
maximum debit limit
validity
frequency
Merchants must reflect these changes automatically.
b. Cancel Anytime
Cancellation must be instant and cannot be delayed by merchants. If a debit occurs after cancellation, the merchant is liable.
c. Post-Debit Notifications
After every successful recurring payment, banks must notify customers again.
d. Refund Rules
If a debit was incorrect, the refund must be processed immediately as per the bank’s framework.
Why Do Card-Based eMandates Matter for Businesses?
1. Enables High-Value Recurring Use Cases (BFSI, OTT, SaaS, Insurance)
Card-based eMandates open the door to industries that depend heavily on timely, automated billing especially where transaction values can be high or variable. Sectors like BFSI, insurance, OTT platforms, and SaaS often require reliable monthly or annual collections, sometimes exceeding the limits supported by other AutoPay mechanisms.
Since card mandates operate directly on the Visa, Mastercard, and RuPay networks, they allow businesses to support higher-value recurring charges while staying fully compliant with RBI rules. This makes them ideal for premium plans, insurance premiums, SIPs, and other products that require consistent, uninterrupted billing.
2. Reduces Friction and Prevents Subscription Churn
A single failed renewal can cause customers to unintentionally drop off, hurting both user experience and revenue. Card-based eMandates significantly reduce this involuntary churn by removing unnecessary authentication for recurring payments up to ₹5,000.
Once the initial mandate is authenticated, subsequent renewals run smoothly in the background without OTP prompts or user involvement. This eliminates the common reasons for failed payments, missed OTPs, expired sessions, and customer distraction resulting in higher renewal success rates and a more reliable subscription lifecycle.
3. Fully Compliant With RBI Guidelines
RBI’s recurring framework ensures that card-based eMandates offer the perfect blend of automation and safety. The system mandates AFA for the initial charge, pre-debit notifications before every charge, and OTP authentication for amounts above ₹5,000.
Customers can pause, modify, or cancel their mandates anytime, ensuring complete transparency and control. For businesses, this compliance layer reduces regulatory risk and provides a stable, predictable environment for managing subscription billing without operational uncertainty. By staying within this well-defined framework, merchants can scale confidently.
4. Higher Acceptance for Premium Customers
Many high-value users prefer credit cards due to benefits like reward points, cashback, EMI eligibility, and billing cycle advantages. By offering card-based AutoPay, businesses can capture a segment of customers that actively seeks convenience and financial flexibility.
This not only improves conversion during signup but also supports longer retention, as cardholders tend to stay subscribed for extended periods. For digital-first companies targeting urban or premium audiences, enabling card-based recurring payments becomes an important part of maximizing customer lifetime value.
5. Ideal for Businesses With Predictable Billing Cycles
If your business charges users on a weekly, monthly, quarterly, or annual basis, card eMandates streamline this schedule into a hands-off, automated billing engine. The merchant defines the amount and frequency, and the system handles every subsequent debit with minimal intervention.
This predictable automation reduces operational overhead, eliminates manual reminders, and ensures that revenue flows remain steady. For subscription-first companies, predictable billing is critical not just for cash flow but also for product planning, forecasting, and scaling.
How Do Card-Based eMandates Work?
1. Customer Selects Card-Based AutoPay at Checkout
The flow begins when the customer chooses the recurring payment option on the merchant’s checkout page and selects AutoPay using their credit or debit card. At this stage, the customer is informed that future charges will be automated and tied to the subscription or service they are signing up for. This ensures clarity and upfront consent before the mandate is created.
2. Customer Enters Card Details and Completes One-Time Authentication
Once the customer proceeds, they provide their card details on a secure input form. To activate the mandate, the issuing bank requires a one-time authentication typically an OTP or 3DS challenge. This step validates both the cardholder and the initial transaction, ensuring that the mandate is set up only after the customer confirms the agreement.
3. Mandate Is Registered With the Issuing Bank and Card Network
After the initial authentication succeeds, the mandate information such as the customer’s card token, mandate reference ID, and billing rules is registered with the issuing bank and relevant card network (Visa, Mastercard, or RuPay). This registration creates a persistent authorization that allows future debits as long as they follow the rules defined during setup. From this point onward, the customer doesn’t need to re-enter card details.
4. Merchant Configures Billing Amount and Frequency
Once the mandate is active, the merchant’s system associates the subscription or billing plan with that mandate. This includes defining the amount to be charged and how often the debits should occur, such as monthly, quarterly, or annually. The mandate acts as the authorization layer, while the merchant’s billing logic determines when each debit request is triggered.
5. Subsequent Debits Are Processed Automatically
When the next billing cycle arrives, the merchant sends a debit request through the payment gateway. If the charge falls within the permitted limits and matches the mandate rules, the issuing bank processes the payment automatically. The customer does not need to take any action unless the transaction amount crosses the RBI-defined threshold requiring additional authentication. This automated flow keeps renewals seamless and maintains subscription continuity.
6. Pre-Debit and Post-Debit Notifications
Before every renewal, the issuing bank sends a pre-debit alert informing the customer of the upcoming charge. This alert gives them transparency and the opportunity to intervene if needed. After the payment is processed, the bank sends a confirmation notification. These alerts form a mandatory communication layer that keeps customers aware of ongoing subscriptions without disrupting the automation.
7. Customer Controls: Pause, Modify, or Cancel Anytime
At any point, the customer can manage their mandate through their banking app or portal. They can pause upcoming debits, adjust mandate limits, or cancel the mandate entirely. These controls ensure that customers remain in full command of their recurring payments, while merchants benefit from a system that maintains trust and minimizes disputes.
Conclusion
Card-based eMandates have become a dependable way for businesses to maintain steady, interruption-free revenue while giving customers a payment experience that feels effortless. They remove unnecessary steps, keep renewals running on time, and provide customers with full control whenever they need it.
For businesses looking to simplify recurring billing and avoid the usual drop-offs that come with manual renewals, PhonePe PG’s Subscription IQ offers an intelligent, automated layer that handles tracking, retries, reminders, and performance insights. It helps you keep subscriptions active, improve renewal success, and deliver a smooth experience from the very first charge to every renewal that follows.
