Mastercard cannot issue prepaid, debit or credit cards to new customers from July 22.
India’s Central Bank Bans Mastercard From Issuing New Cards In India
NEW DELHI — India’s central bank, the Reserve Bank of India (RBI), banned payment network processor Mastercard from onboarding new domestic customers from July 22 over non-compliance with data localization norms.
The Reserve Bank of India said the new order will not impact existing customers of Mastercard.
The company cannot issue prepaid, debit, or credit cards to new customers from July 22.
“Notwithstanding the lapse of considerable time and adequate opportunities being given, the entity has been found to be non-compliant with the directions on Storage of Payment System Data,” the Reserve Bank of India said in a statement on July 14.
“The supervisory action has been taken in exercise of powers vested in RBI under Section 17 of the Payment and Settlement Systems Act, 2007 (PSS Act).”
The Reserve Bank of India also instructed Mastercard to advise all card-issuing banks and non-banks to conform to the directions.
Mastercard is the third U.S.-based firm to face a Reserve Bank of India ban after American Express and Diners Club in April.
Notably, Mastercard is a payment system operator authorized to operate a card network in the country under the Payments and Settlement System Act.
“[The] Reserve Bank of India bans new cards from MasterCard because they refused to keep data within India,” tweeted Capital Mind India’s Founder, Deepak Shenoy.
“Current cards are fine. In general, foreign companies are getting to terms with [the] rules each country demands?”
“Reserve Bank of India bans Mastercard from onboarding new Indian customers from July 22, ‘for non-compliance with directions on storage of payment data’,” tweeted author Tamal Bandyopadhyay.
“In April 2018, RBI directed all to keep such data in India. From May, Amex India was banned from onboarding new customers for similar reasons.”
“Storing data in India is useless, 1. Database mirror can still be stored overseas, 2. The ability to access by Indian authorities can be limited by encryption, opaque structure, etc., 3. Extrapolations, models, Machine Learning training with the use of the data is still an issue,” tweeted researcher Rajeev Malhotra.
As per the Reserve Bank of India circular on Storage of Payment System Data in 2018, system providers were asked to ensure that all data relating to payment systems operated by them is stored only within India. The companies were given six months for compliance.
The data includes end-to-end transaction details, information collected/carried/processed as part of the message, and payment instructions.
The companies were also required to report compliance to the Reserve Bank of India and submit a board-approved system audit report conducted by a CERT-In auditor.
(With Inputs from ANI)
(Edited by Abinaya Vijayaraghavan and Praveen Pramod Tewari)