RBI bans issuance of Mastercard from July 22

The Reserve Bank of India (RBI) has on Wednesday indefinitely barred Mastercard (Mastercard Asia / Pacific Pte. Ltd) from issuing new debit or credit cards to domestic customers in India from July 22, 2021, for violating data storage rules. Citing its circular on ‘storage of payment system data’ dated April 6, 2018, the RBI said all payment system operator providers were directed to ensure that the entire data related to their payment systems are stored on a system only in India. The data in question included full end-to-end transaction details, customer information, and payment instructions, among other key details. “Notwithstanding the lapse of considerable time and adequate opportunities being given, the entity (Mastercard) has been found to be non-compliant with the directions,” the RBI said. The failure to comply with the direction on Storage of Payment System Data compelled the regulator (RBI) to initiate action against the entity (Mastercard), it said. The supervisory action has been taken in exercise of powers vested in RBI under Section 17 of the Payment and Settlement Systems Act, 2007 (PSS Act)”, RBI said.

The banking regulator added that the above order will not impact existing customers of Mastercard and the Mastercard shall advise all card-issuing banks and non-banks to conform to these directions. The move comes less than three months after India’s central bank barred American Express (AXP.N) and Diners Club International, owned by Discover Financial Services (DFS.N), from issuing new cards due to similar violations.

In terms of RBI circular on Storage of Payment System Data dated April 6, 2018, all System Providers were directed to ensure that within a period of six months the entire data (full end-to-end transaction details/information collected/carried/processed as part of the message/payment instruction) relating to payment systems operated by them is stored in a system only in India. They were also required to report compliance to RBI and submit a Board-approved System Audit Report conducted by a CERT-In empanelled auditor within the timelines specified therein.