We re-enabled payments to Heroku in India! At the start of August, we resumed accepting credit and debit cards issued by Indian financial institutions.
From the engagement on our public roadmap, we know that there are many developers in India eager to get back on the platform. We want to address the work done to re-enable this functionality, and why Heroku stopped accepting payments from India in the first place.
We started by enabling 3D Secure (3DS) on our platform. 3D Secure is a protocol that prompts a user to use a dynamic authentication methods such as biometrics or token-based authentication to confirm their purchases.
3D Secure is the additional factor of authentication that establishes e-mandates now required by the Reserve Bank of India. An e-mandate is a form of authorization provided by cardholders to issuing banks that grants permission for collecting recurring payments. For Heroku, e-mandates allow us to charge the payment method on file for our Indian customers while the user is off-session, as they are not on our website when their card is charged.
It’s important to call out that while most e-mandate webhooks are returned quickly, in some cases it can take up to 30 minutes. Because Heroku users can’t provision resources until their payment method is verified, we built out a series of email and Heroku Dashboard notifications. These notifications ensure that users are alerted as soon as their card is verified or if they need to take an action.
Heroku Adopts RBI Regulations
On October 1, 2021, new Reserve Bank of India (RBI) regulations came into effect. These new rules stated that automatic, off-session recurring payments using India-issued credit cards now require an e-mandate via an additional factor of authentication, for example, 3D Secure. For Heroku, enabling 3DS allows us to charge the payment method on file for Indian customers while the user is off-session.
Due to the unexpected administrative and technical burdens associated with complying with this unique mandate, Heroku had to make the tough decision to temporarily suspend the acceptance of India-issued debit and credit cards for Heroku customers.
We want to acknowledge the most common feedback we have received from our customers with respect to this change: “This is taking too long!” They’re right, and we completely agree. The solution was not as simple as just enabling this functionality in a dashboard or with a few lines of code. We did the work to support 3DS and establish e-mandates for our users which took time. Getting it right was important to us, and had to be done before we could bring back our Indian customers.
In addition to adopting the RBI regulations, utilizing 3DS also allows us to meet the Strong Customer Authentication (SCA) requirements in Europe. We already rolled out 3DS support to all EU, UK, and Australian customers on our platform. We will continue to monitor this rollout and expand the security 3DS provides to our customers in additional countries.
Trust in Heroku
We are so grateful to our customers for their patience with us throughout this process. With the re-launch of payments from our Indian customers, as well as the recent expansion of Private Spaces to Mumbai, our customers can trust that Heroku continues to keep their privacy, safety, and security needs a top priority.