Mandate customer bank account details

NACH Debit mandates contain the customer's bank account details.

NACH Debit mandate is created on a customer's bank account. This requires that the customer's bank account details are pre-filled in the mandate.

Fields

API eMandates

API eMandates have the following details:

• Debtor account name (not validated) - this is not validated as there is too much variation in name spelling to allow for instant validation.

• Debtor account number (validated) - account number should be 5 to 35 characters in length and alphanumeric (some account numbers contain alphabet letters).

• Debtor account IFSC - eMandate authorisation does not allow or require input of an IFSC. However the customer's bank will return an IFSC upon authorisation. This returned IFSC may be that of the customer's bank branch, or it may be that of the bank's RTGS head office. In any case the IFSC is irrelevant to the eMandate registration process and to the transaction process.

• Debtor NACH code (validated) - this is usually the first four characters of the IFSC.

• Debtor account type (validated) - Savings, Current, Cash Credit, Other - some destination banks validate the account type that they have on record.

Physical mandates and eSign eMandates

Physical mandates and eSign eMandates have the following details:

• Debtor account name (validated) - physical mandates can have up to three joint account holders.

• Debtor account number (validated) - account number should be 5 to 35 characters in length and alphanumeric (some account numbers contain alphabet letters).

• Debtor account branch IFSC/MICR (validated)

• Debtor account type (validated) - Savings, Current, Cash Credit, Savings NRE, Savings NRO, Other.

• Debtor account signature (validated) (wet signature for physical, digital signature for eSign)

Verifying bank account details

In emandate_api variant, the checkout redirection flow takes the customer via NPCI to their bank website, where that bank verifies the customer's bank account number and account type. The customer authenticates with the chosen auth mode (net-banking login or debit card and PIN or Aadhaar number). The bank checks that these details belong to the same person whose bank account number is given in the source input. If so, the customer can complete the check-out with a one-time password (OTP via SMS), and a mandate is instantly created in active status. Otherwise the request is rejected with an error regarding mismatch. In this way you can be sure that the input bank account details are correct and that they belong to the person who completed the checkout.

In physical variant and emandate_esign variant, the input submission gets sent via NPCI to the customer's bank, where that bank takes a few days to verify the customer's bank account details. To avoid mandate rejection for incorrect bank account details, you should pre-verify the input data. You can do this manually by taking bank account evidence from your customer (statement or cancelled cheque), or you can automate this with a penny-drop API from your bank.