Reserve Bank of India (RBI) has imposed restrictions on Mastercard Asia / Pacific Pte Ltd (Mastercard) from on-boarding new domestic customers (debit, credit or prepaid) onto its card network from 22 July 2021 for failing to comply with the central bank’s directions on Storage of Payment System Data.
RBI said Mastercard failed to comply with its directive despite the lapse of considerable time and adequate opportunities being given.
While the order will not impact existing customers of Mastercard, RBI has directed Mastercard to advise all card issuing banks and non-banks to conform to the new directions.
Mastercard is a Payment System Operator authorised to operate a card network in the country under the PSS Act.
In terms of RBI circular on Storage of Payment System Data dated 6 April 2018, all system providers were directed to ensure that within a period of six months the entire data (full end-to-end transaction details / information collected / carried / processed as part of the message / payment instruction) relating to payment systems operated by them is stored in a system only in India. They were also required to report compliance to RBI and submit a board-approved System Audit Report conducted by a CERT-In empanelled auditor within the timelines specified therein.
Foreign payment services firms, including Mastercard and Visa, have been opposing RBI’s directive and have been lobbying aggressively saying the rules would increase their infrastructure costs and hit their global fraud detection platforms, but the RBI did not relent.
The move against Mastercard comes less than three months after the RBI barred American Express and Diners Club International, owned by Discover Financial Services, from issuing new cards due to similar violations.