Moneycontrol PRO
Upcoming Webinar:Join us for 'The Future Techshot' on Sept 22, 10:30am to gain insights into role of tech in streamlining businesses. Register Now!
you are here: HomeNewsBusiness

RBI bars Mastercard from onboarding new domestic customers from July 22

Notwithstanding lapse of considerable time and adequate opportunities being given, the entity has been found to be non-compliant with the directions on Storage of Payment System Data, the RBI said.

July 14, 2021 / 10:59 PM IST
MasterCard credit cards are seen in this illustrative photograph (File Image)

MasterCard credit cards are seen in this illustrative photograph (File Image)


The Reserve Bank of India (RBI) on July 14 said it has taken supervisory action on Mastercard citing non-compliance.

Notwithstanding lapse of considerable time and adequate opportunities being given, the entity has been found to be non-compliant with the directions on Storage of Payment System Data, the RBI said.







As part of the action, the RBI has imposed restrictions on Mastercard Asia / Pacific Pte. Ltd. from onboarding new domestic customers (debit, credit or prepaid) into its card network from July 22, 2021, the central bank said.









 “This order will not impact existing customers of Mastercard. Mastercard shall advise all card-issuing banks and non-banks to conform to these directions,” the RBI said.

Close

The supervisory action has been taken in exercise of powers vested in RBI under Section 17 of the Payment and Settlement Systems Act, 2007 (PSS Act), the RBI said.

Mastercard is a Payment System Operator authorised to operate a card network in the country.

In terms of the RBI circular on Storage of Payment System Data dated April 6, 2018, all system providers were directed to ensure that within a period of six months the entire data relating to payment systems operated by them is stored in a system only in India.

They were also required to report compliance to the RBI and submit a Board-approved System Audit Report conducted by a CERT-In empanelled auditor within the timelines specified therein.

Following the RBI directive, Mastercard issued a statement saying it was fully committed to its legal and regulatory obligations in the markets it operates in.

"Since the issuance of the RBI directive requiring on-soil storage of domestic payment transaction data in 2018, we have provided consistent updates and reports regarding our activities and compliance with the required stipulations. While we are disappointed with the stance taken by the RBI in their communication dated July 14, we will continue to work with them to provide any additional details required to resolve their concerns. Building on our considerable and continued investments in India, we remain committed to working with our customers and partners in advancing on the Government’s Digital India vision," Mastercard said further.

In April this year, the RBI had imposed restrictions on American Express Banking Corp. and Diners Club International Ltd. from on-boarding new domestic customers onto their card networks from May 1, 2021, citing non-compliance with the directions on Storage of Payment System Data. This order will not impact existing customers.
American Express Banking Corp. and Diners Club International Ltd. are Payment System Operators authorised to operate Card Networks in the country under the Payment and Settlement Systems Act, 2007 (PSS Act).

The supervisory action has been taken in exercise of powers vested in RBI under Section 17 of the PSS Act, the RBI said.

What is the non-compliance?

On 6 April, 2018 the RBI said it has observed that not all system providers store the payments data in India. In recent times, there has been considerable growth in the payment ecosystem in the country. Such systems are also highly technology dependent, which necessitate adoption of safety and security measures, which are best in class, on a continuous basis, the RBI had said.

“In order to ensure better monitoring, it is important to have unfettered supervisory access to data stored with these system providers as also with their service providers / intermediaries/ third party vendors and other entities in the payment ecosystem,” the RBI said.

Subsequently, the central bank said all system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India. This data should include the full end-to-end transaction details, information collected, carried, processed as part of the message and payment instruction, the RBI said, adding for the foreign leg of the transaction, if any, the data can also be stored in the foreign country, if required, the RBI said.

The RBI asked the system providers to ensure compliance within a period of six months and report compliance of the same to the Reserve Bank latest by October 15, 2018. For this, the RBI said system providers should submit the System Audit Report (SAR) on completion of the requirement at (i) above.“The audit should be conducted by CERT-In empanelled auditors certifying completion of activity at (i) above. The SAR duly approved by the Board of the system providers should be submitted to the Reserve Bank not later than December 31, 2018,” the RBI had said.

Dinesh Unnikrishnan is Deputy Editor at Moneycontrol. Dinesh heads the Banking and Finance Bureau at Moneycontrol. He also writes a weekly column, Banking Central, every Monday.
first published: Jul 14, 2021 05:43 pm

stay updated

Get Daily News on your Browser
Sections
ISO 27001 - BSI Assurance Mark