The Reserve Bank of India has barred Mastercard from onboarding new domestic customers—debit, credit or prepaid—onto its card network in India from July 22, for non-compliance with the country’s data localisation norms.
The RBI’s action came after it found Mastercard non-compliant with the Storage of Payment System Data guidelines laid down by the apex bank in 2018 despite “lapse of considerable time and adequate opportunities being given”.
In a statement on Wednesday, the bank said that this order will not impact existing users of Mastercard. The apex bank also directed the company to advise all card issuing banks and non-banks to conform to these directions.
“The supervisory action [against Mastercard] has been taken in exercise of powers vested in RBI under Section 17 of the Payment and Settlement Systems Act, 2007 (PSS Act),” the RBI said in a statement.
We have reached out to Mastercard for comment and will update the story when they respond.
According to RBI’s Storage of Payment System Data circular, which was released on April 6, 2018, all system providers were directed to ensure that within a period of six months the entire data—full end-to-end transaction details collected, carried, processed —relating to payment systems operated by them is stored in a system only in India.
Under the 2018 guidelines, they were also required to report compliance to RBI and submit a Board-approved System Audit Report conducted by a CERT-In empanelled auditor within the timelines specified therein.
A year after this circular, the RBI issued clarifications in 2019 where it said that while processing of payment transactions outside India was permitted, the payments system operators will have to ensure the data is brought back to India within one business day or 24 hours of payment processing and is stored locally.
In April this year, RBI had barred American Express and Diners Club from onboarding new domestic customers onto their card networks for violating the same data localisation norms.