The Reserve Bank of India has introduced new rules to make digital payments safer. These rules come under the Digital Payment E-Mandate Framework 2026 and are effective immediately.
The main goal is to improve security in recurring payments by making Additional Factor Authentication (AFA), like OTP, mandatory in certain cases.
What is an E-Mandate?
An e-mandate is a simple way to automate your payments.
It allows you to give permission in advance so that money gets deducted automatically at a fixed time. This is commonly used for things like subscriptions, bills, or loan EMIs.
The payment amount can be fixed or variable. If it is variable, you can also set a maximum limit to control spending.
When is OTP Required?
The new rules clearly define when OTP (AFA) is needed:
Payments up to ₹15,000 can be done without OTP each time
If the amount is above ₹15,000, OTP is mandatory
For insurance, mutual funds, and credit card bills, payments up to ₹1 lakh are allowed without OTP
This helps balance both convenience and security.
Alerts and Notifications for Every Payment
Customers will now get better control and transparency.
At least 24 hours before every transaction, you will receive a notification. This message will include:
Merchant name
Payment amount
Date and time of deduction
You can choose to receive these alerts via SMS or email.
Rules for Changes and Cancellation
If you want to modify or stop an e-mandate, you will need OTP verification.
You also have the option to cancel any upcoming transaction. This opt-out process will also require AFA for safety.
How the First Payment Works
The first transaction under an e-mandate will always require OTP authentication.
However, if you make the payment during registration itself, both steps can be completed together, making the process faster.
When Notifications Are Not Needed
There are a few exceptions to the rule.
For auto-recharge of services like FASTag and the National Common Mobility Card (NCMC), pre-transaction alerts are not required.
