Master Direction – RBI (Bharat Bill Payment System) Directions, 2024
RBI vide circular date February 29, 2024 has issued a Master Direction – Reserve Bank of
India (Bharat Bill Payment System) Directions, 2024. These Directions seek to streamline the
process of bill payments, enable greater participation, and enhance customer protection
among other changes. These Directions shall be applicable from April 01, 2024.
The provisions of these Directions shall apply to: (i)NPCI Bharat Bill Pay Limited (NBBL – a
wholly owned subsidiary of National Payments Corporation of India) and (ii)All Bharat Bill
Payment Operating Units (BBPOUs).
The direction defines Bharat Bill Pay Central Unit (BBPCU) as an entity which operates BBPS;
sets operational, technical and business standards, and also undertakes clearing and
settlement functions. NPCI Bharat BillPay Ltd. (NBBL) is the authorised BBPCU.
Bharat Bill Payment Operating Unit (BBPOUs) are the System Participants in BBPS. A BBPOU
may function either as a Biller Operating Unit or a Customer Operating Unit or both.
It further defines Bharat Bill Payment System (BBPS) as an integrated bill payment platform
which enables payment / collection of bills through multiple channels (Mobile Apps, Mobile
Banking, Physical Agents, Bank branches, etc.) using various payment modes (UPI, Internet
Banking, Cards, Cash, Prepaid Payment Instruments, etc.). The transactions facilitated
through this platform will require the bill to be fetched before payment initiation. In case of
transactions involving payments for prepaid services, the customer relationship with the
biller will be validated through the platform.
The direction outlines roles and responsibilities of Bharat Bill Pay Central Unit (BBPCU), Biller
Operating Unit (BOU) and Customer Operating Unit (COU), Escrow Account Operations,
Complaint Management and Grievance Redressal, and the supersession of earlier guidelines
and circulars related to BBPS.
Arrangements with Card Networks for issue of Credit Cards
RBI vide notification dated March 6, 2024, in exercise of the powers conferred under
Section 18 read with Section 10(2) of the Payment and Settlement Systems Act, 2007,
directs that:
(i)the card issuers shall noy enter into any arrangement or agreements with card networks
that restrain them from availing the services of other card networks.
(ii) Card issuers shall provide an option to their eligible customers to choose from multiple
card networks at the time of issue. For existing cardholders, this option may be provided at
the time of the next renewal – shall be effective 6 months from March 06, 2024 (Shall not be
applicable to credit card issuers with number of active cards issued by them being 10 lakh or
less in number)
�The above requirements shall be adhered by Card Issuers and card networks in existing
arrangements at the time of amendment or renewal thereof, and fresh agreements
executed.
However, the circular does not apply to card issuers who offer credit cards on their own
authorised card network.
Amendment to Master Direction – Credit Card and Debit Card – Issuance and
Conduct Directions, 2022
RBI vide Notification dated March 7, 2024, in exercise of powers conferred by Section 35A
Banking Regulation Act, 1949 and Chapter IIIB of Reserve Bank of India Act, 1934 amends
certain provisions of Master Direction – Credit Card and Debit Card – Issuance and Conduct
Directions, 2022
The amendments shall come into effect from March 7, 2024. The instructions relating to
credit cards shall apply to all credit card issuing Banks and NBFCs and the instructions
relating to debit cards shall apply to every bank operating in India.
It amends the existing provisions for card-issuers regarding various aspects such as
disclosure clauses, co-branding arrangements, outsourcing of financial services, and
managing risks. Additionally, card-issuers are instructed on income recognition norms, billing
cycle flexibility, reporting default status, and sharing card data with outsourcing partners
with explicit consent from cardholders.
New provisions added by the amendment in the Master Direction are:
i. Total Amount Due is the total amount (net of credit received during the billing cycle, if
any) payable by the cardholder as per the credit card statement generated at the end of a
billing cycle.
ii. Interest shall be levied only on the outstanding amount, adjusted for
payments/refunds/reversed transactions.
iii. Card-issuers shall provide the list of payment modes authorised by them for making
payment towards the credit card dues, in their websites and billing statements. Further,
card-issuers shall advise cardholders to exercise due caution and refrain from making
payments through modes other than those authorised by them.
iv. Any debit to the credit card account shall be done as per the authentication framework
prescribed by the Reserve Bank from time to time, and not through any other
mode/instrument.
v. For business credit cards wherein the liability rests fully with the corporate or business
entity (principal account holder), timeframe provided for payment of dues and adjustment
of refunds may be as agreed between the card-issuer and the principal account holder.
vi. In case card-issuers, at their discretion, decide to block/deactivate/suspend a debit or
credit card, it shall be ensured that a standard operating procedure is followed as
approved by their Board. Further, it shall also be ensured that
blocking/deactivating/suspending a card or withdrawal of benefits available on any card is
�immediately intimated to the cardholder along with reasons thereof through electronic
means (SMS, email, etc.) and other available modes.
Empanelment Of Cloud Service Offerings Of Cloud Service Providers (CSPs)
MeitY has empaneled the Cloud Service offerings of major CSPs for ease of Cloud
procurement for the Government Departments. Presently, Cloud Services from prominent
CSPs have been empaneled by MeitY and a Bouquet of Cloud Services has been formed
consisting of three categories of Cloud Services defined as under: (i)Basic Cloud Services
(ii) Advanced Cloud Services and (iii) Managed Services. The procurement of Cloud Services
can easily be done through the GeM platform. The step-wise guide on how to procure the
MeitY empaneled Cloud Services from GeM has been provided by MeitY.
MeitY invites applications from the CSPs to empanel the Cloud Service Offerings of the:
CSPs (whose services are not yet empaneled by MeitY), and to empanel additional service
offerings and / or new Data Centres of CSPs whose services are currently empaneled with
MeitY
Cloud service offerings of CSPs are empaneled with MeitY for three Cloud deployment
models, namely: Public Cloud, Virtual Private Cloud (VPC), and Government Community
Cloud (GCC); and three service models: Infrastructure as a Service (IaaS), Platform as a
Service (PaaS) and Software as a Service (SaaS). The step-wise guide on the process of how
to empanel the Cloud Service offerings of Cloud Service Providers (CSPs) has been provided
by MeitY.
The Notification contains the Audit status and other details of CSPs empaneled by Meity.
CLOUD GUIDLINES
Various document has been prepared by Cloud Management Office (CMO) under MeitY.
These document are advisory in nature and aim to provide information in respect of the GI
Cloud (MeghRaj) Initiative:
GI Cloud Reference Architecture : This document has been designed to assist the
Government Departments to build their Cloud deployment architecture with components,
activities and actors as relevant in the GI Cloud ecosystem. The GI Cloud Reference
Architecture is intended to facilitate the understanding of operational intricacies in cloud
computing.
Cloud Security Best Practices : This document is prepared to assist the Government
Departments in easier understanding & navigating through the best practices for Cloud
Security Best Practices. The document has primarily been segmented into 3 sections of
which the first section shall deal with the approach and need of cloud security. The second
section shall compare the aspects of traditional vs cloud security along with best practices of
cloud security broken down across the various layers of Cloud. The final section elaborates
on the shared responsibility model of Cloud Security.
�Disaster Recovery (DR) Best Practice : This document has been put together to assist User
Departments in understanding prevalent best practices while designing suitable protocols in
terms of disaster recovery and business continuity for their respective departments. It allows
an organization/department to quickly resume mission-critical functions and services after a
disaster.
End-User guide for the adoption of Cloud service: This document should be used by a
Government Department which is in the process of adopting Cloud services. The document
discusses the Cloud Adoption and Enablement Lifecycle in a stepwise manner, while
navigating through the various standards, frameworks, guidelines, and templates that may
be useful.
