The Reserve Bank of India (RBI) on Wednesday indefinitely barred Mastercard Inc from issuing new debit, credit or prepaid cards to domestic customers for violating data storage rules, dealing a blow to the US company in a key market. The ban takes effect on July 22.
In a notification, the RBI said Mastercard had not complied with data storage rules from 2018 that require foreign card networks to store Indian payments data "only in India" so the regulator can have "unfettered supervisory access".
The RBI said that the restrictions have been imposed as inspite of lapse of considerable time and adequate opportunities being given, the entity has been found to be non-compliant with the directions on storage of Payment System Data.
"The Reserve Bank of India (RBI) has today imposed restrictions on Mastercard Asia / Pacific Pte Ltd (Mastercard) from on-boarding new domestic customers (debit, credit or prepaid) onto its card network from July 22, 2021," the central bank said in a statement.
It, however, added that the order will not impact the existing customers of Mastercard.
Mastercard will have to advise all card issuing banks and non-banks to conform to these directions. The supervisory action has been taken in exercise of powers vested in the RBI under Section 17 of the Payment and Settlement Systems Act, 2007 (PSS Act).
Mastercard is a payment system operator authorised to operate a card network in the country under the PSS Act.
As per the RBI circular on storage of payment system data dated April 6, 2018, all system providers were directed to ensure that within a period of six months, the entire data (full end-to-end transaction details/information collected/carried/processed as part of the message/payment instruction) relating to payment systems operated by them is stored in a system only in India.
They were also required to report compliance to the RBI and submit a board-approved system audit report conducted by a CERT-In empanelled auditor within the timelines specified therein.
Earlier, RBI had restricted American Express Banking Corp and Diners Club International Ltd from onboarding new domestic customers on to their card networks from May 1 for violating data storage norms.