RBI Lifts Ban on Mastercard; Allows it to Onboard New Customers in India
Moneylife Digital Team 17 June 2022
The Reserve Bank of India (RBI) has lifted the restrictions imposed on Mastercard Asia Pacific Pte Ltd on on-boarding of new domestic customers with immediate effect.
 
“In view of the satisfactory compliance demonstrated by Mastercard with the RBI circular dated 6 April 2018 on Storage of Payment System Data, the restrictions imposed, vide order dated 14 July 2021, have been lifted with immediate effect,” the RBI said.
 
The central bank had imposed restrictions on Mastercard from on-boarding new domestic customers (debit, credit or prepaid) onto its card network from 22 July 2021 for non-compliance with the RBI regulations for storage of data in India. The RBI had given almost three years for Mastercard to comply with the regulatory directions, but it was unable to complete the process.
 
The RBI circular on Storage of Payment System Data dated 6 April 2018, directed all system providers to ensure that within six months the entire data (full end-to-end transaction details, information collected or carried or processed as part of the message or payment instruction) relating to payment systems operated by them is stored in a system only in India. They were also required to report compliance to the RBI and submit a board-approved system audit report conducted by a CERT-In empanelled auditor within the timelines specified.
 
However, credit and card companies, with global operations have been resisting the move, citing costs, security risk, lack of clarity, timeline, and the possibility of data localisation demand from other countries.
 
The RBI had stipulated that data should be stored only in India and no copy — or mirroring — should be stored in other countries. Payment companies, which used to store and process Indian transactions outside the country, had contended their systems were centralised and expressed the fear that transferring the data storage to India would cost them millions of dollars.
 
Foreign players were especially upset that domestic payment companies --including e-commerce firms, which are storing the data within India, were putting pressure for data storage within the country. 
 
Under the Act, the RBI is the authority for the regulation and supervision of payment systems in India. The RBI’s payment system enables payments to be effected between a payer and a beneficiary and involves the process of clearing, payment or settlement, or all of them.
 
Funds transferred using debit or credit cards are routed through platforms such as Mastercard, Visa and NPCI. The RBI has decided to allow non-bank entities — prepaid payment instrument (PPI) issuers, card networks, white label ATM (WLA) operators, trade receivables discounting system (TReDS) platforms – to become members of the centralised payment system (CPS) and effect fund transfer through real time gross settlement system (RTGS) and national electronic funds transfer (NEFT).
Comments
uday.bhaskar
2 months ago
For most of us from IT industry, we get yearly trainings on the rules of Europe (GDPR), US , California(CCPA) and other such regulations that we must be aware of and adhere to.
Its funny that a giant like Mastercard sought to ignore a similar law in India using pathetic arguments. I liked the action taken.
Free Helpline
Legal Credit
Feedback