The Reserve Bank of India (RBI) has imposed restrictions on Mastercard Asia / Pacific Pte Ltd (Mastercard) from on-boarding new domestic customers for debit, credit, or prepaid cards onto its card network from 22 July 2021 for failing to adhere to storing data of customers in servers in India.
In a statement, RBI says, "Notwithstanding lapse of considerable time and adequate opportunities being given, the entity (Mastercard) has been found to be non-compliant with the directions on storage of payment system data."
On 6 April 2018, the central bank had asked all system providers to ensure that within a period of six months the entire data, including full end-to-end transaction details, information collected, carried, or processed as part of the message or payment instruction, related with payment systems operated by them is stored in a system only in India. "They were also required to report compliance to RBI and submit a board-approved system audit report conducted by the Indian Computer Emergency Response Team (CERT-In) empanelled auditor within the timelines specified therein," RBI says.
However, Mastercard, a payment system operator authorised to operate a card network in India under the Payment and Settlement Systems (PSS) Act, failed to follow the directions issued by RBI. This led to the central bank barring Mastercard from onboading new customers from 22nd July.
"This order will not impact existing customers of Mastercard. Mastercard should advise all card issuing banks and non-banks to conform to these directions," RBI says.