Mastercard will not be allowed to on-board customers in India from July 22.(AP File Photo)
Mastercard will not be allowed to on-board customers in India from July 22.(AP File Photo)

Mastercard barred from adding clients

  • The multinational card network will not be allowed to on-board new credit, debit or prepaid card customers in India beginning July 22, an RBI press release said, adding the order will not affect existing Mastercard customers.
By Gopika Gopakumar, Mumbai
PUBLISHED ON JUL 14, 2021 11:39 PM IST

Barely three months after cracking the whip on American Express and Diners Club for non-compliance with local data storage norms, the Reserve Bank of India (RBI) on Wednesday barred Mastercard Asia from signing up new card customers on similar grounds.

The multinational card network will not be allowed to on-board new credit, debit or prepaid card customers in India beginning July 22, an RBI press release said, adding the order will not affect existing Mastercard customers. The regulator asked all card-issuers to follow its directions.

“Notwithstanding the lapse of considerable time and adequate opportunities being given, the entity has been found to be non-compliant with the directions on Storage of Payment System Data,” it said.

MasterCard did not respond to an email seeking comments till the time of going to press.

In April 2018, RBI set a six-month deadline for all system providers to store all their payments data solely in India. They were also required to report compliance to RBI and submit a board-approved system audit report conducted by a CERT-In (Indian Computer Emergency Response Team)-empanelled auditor within specified timelines. The regulator said this was to ensure improved oversight over licensed entities in case of fraud or money laundering.

Several entities had resisted this rule on the grounds that much of their processing was centralized and it was not feasible to restructure global operations.

RBI later clarified that while data can be stored only locally, it can be sent overseas during the day for processing but should be deleted from offshore servers in 24 hours.

“This 2018 regulation came about after law enforcement and regulatory agencies faced difficulties in getting data from such entities for investigative purposes. RBI gave enough time and opportunity to the entities for complying with the new regulations. Despite this, if these companies have not been able to achieve the requirement, the regulator found such punitive actions necessary,” an official aware of the matter said on condition of anonymity.

In April, RBI barred American Express Banking Corp. and Diners Club International Ltd from on-boarding new domestic customers from 1 May, citing the same reason.

RBI has recently handed out stiff punishment to banks and other entities for violating regulations.

The central bank had barred the country’s largest private sector lender, HDFC Bank Ltd, from issuing credit cards after it witnessed repeated outages across two years.

In a Mint editorial on Wednesday, Deep Mukherjee, a risk management professional, noted that RBI has started charging hefty penalties on banks.

RBI had levied a penalty of 10 crore on HDFC Bank following a whistleblower complaint about irregularities in HDFC Bank’s vehicle loan division.

SHARE THIS ARTICLE ON
Topics
Close
SHARE
Story Saved
OPEN APP