UPI Autopay

Aug 21, 2020 · 6 min read

Indian digital payment ecosystem has grown leaps and bounds in recent times but recurring payments have still been a laggard when it comes to growth. Some of the key reasons for this have been.

  1. Consumer confidence and security issues — India has been an AFA (Additional Factor of Authentication) market and consumers are used to authorizing payments. There is a ‘perceived risk’ when it comes to silent (without 2FA) payments.
  2. Coverage — Although mandates have been available on Credit cards for a long time, penetration of credit cards (~57 mn) is low compared to debit cards (~ 850mn). Mandates on bank account have been available offline through NACH and online through e-NACH but customer experience remains a challenge.
  3. Transparency and Visibility — Consumers typically do not have transparency on mandate duration, amount, etc. and they are only reliant on merchant interfaces. All merchants do not clearly indicate the nature of mandate (amount, frequency, start date, end date, etc.). Banks also do not have a standard interface for consumers to check existing mandates, debits scheduled.
  4. Control — Consumers are not able to readily change, revoke, pause mandates and in most cases are either dependent on the merchant or have to call banks as there are no good interfaces available for them to take actions.

UPI — A Disrupter in Digital Payments

UPI has been a game-changer for digital payments. The adoption and scale it has reached in less than 4 years are massive. One of the most awaited upgrades in UPI was version 2.0 which was supposed to have e-mandates as one of the features.

I remember even making use-cases without even looking at specs. However, the dream did not turn to reality as UPI 2.0 was launched but with only One Time Mandate feature.

This One-time-mandate feature although useful for use cases like IPO, security deposit, etc. could not see widespread adoption, as it did not fit into major use cases of subscriptions.

Fast forward August 2019, RBI came up with a circular unifying standard for e-mandates for all payment methods in India. This was to promote recurring payments and at the same time ensure that consumers have full control and key pointers to safeguard consumer interests while giving convenience. Some of the key points of circular were

  1. Amount limited to ₹2000 for recurring payments
  2. Pre-debit notification to consumers by the issuer at least 24 hours before the debit
  3. Consumers should have the facility to opt-out of a particular transaction or e-mandate

UPI 2.0 had all these semantics built except for pre-debit notification which was also solved as NPCI offered that API, making the process uniform for all parties involved in UPI transactions.

UPI 2.0 — Mandate Life Cycle


A simple flow of the mandate registration process is given below

Parameters required for setting up a UPI mandate in addition to user VPA

The registration flow can be done in the following ways:

  1. Merchant App — User can set up mandates from merchant app and the flow will be similar to collect or intent transaction
  2. PSP App — Users can also set up mandates from respective PSP apps (Mandates can be set to a person or merchant). However, some PSPs might control or stop the creation of P2M mandates from PSP Apps

Either way, for the user to set up a mandate, s/he has to authorize the mandate on the PSP app using the UPI PIN of the bank account. Upon successful registration, a unique number (token) is assigned to the mandate (UMN — e.g abcd123456@ybl). This token will become the unique identifier that can be used for debit/modification etc.

Mandate Auto-Debits: As the name suggests, autopay debits (<= ₹2,000) can be done without any user intervention.

Below steps are involved in debiting

1. Pre debit notification

2. Call Autopay debit API

Mandate update (modification): Mandate modification can only be done from the channel it was created. If a mandate is created by a merchant, then it can only be modified by the merchant. Only the amount and end date can be modified in the modification call. The mandate can however be paused (along with change amount and end date) only from the UPI/PSP app where the mandate was set up.

Mandate Cancellation: Mandate can be revoked by the consumer from the merchant app/website or his UPI app. Cancellation from UPI app will involve PIN entry. However, if canceled from merchant interface revocation will happen without a PIN.

Mandate Use-Cases

Having more Questions? These are a few which we came across

  1. What if the user wants to change the bank account?

Mandate once set is unique for merchants, acquiring PSP, Issuing PSP, and Issuer combinations. It is not possible to change the bank account once a mandate has been set. Consumers will have to set up a new mandate if the underlying bank account is to be changed.

2. What if the user revokes the mandate, how will the merchant get to know?

There will be a notification to the merchant from their respective acquiring PSP whenever a consumer revokes, pauses mandates from their UPI App

3. How do you handle failed debit attempts?

Failed mandates can be retried up to two times. If retries also fail, then mandate execution needs to be done again with pre-debit notification. Merchants will have an option to enable Auto retries at Juspay end.

4. Are there any limitations on the amount?

Users will not be asked to enter any PIN for < ₹2000 for subsequent debits. (User will need to enter the PIN for the first debit, in case no amount is debited within 1 min of mandate authentication). For amount > ₹2000, UPI PIN will be required for all subsequent debits. Maximum allowed amount per debit — up to 1 lac (can be 2 lakhs depending on merchant category)

5. Who sends the notifications to the consumer?

Merchants should trigger a notification API to the acquiring PSP/Bank at least 24 hours before execution. This notification must be sent by the issuing PSP/Bank to the consumer at least 24 hours before the debit time. Notification should be sent between a window of 48–24 hours before the mandate execution time.

6. What is the time window allowed for a debit attempt after the 24-hour notification?

Notification API needs to have details on the time of debit etc. and hence execution has to happen only at a mentioned time

7. Which apps are currently supporting recurring mandates?

BHIM App is supporting this feature as of now. More apps are expected to launch this feature in coming days

If you have more questions, please feel free to reach out to us at biz@juspay.in or visit our website.

Contributors: Ishan Sharma, Samit Barai


Juspay products