Co-branded card fintech firm OneCard's access to credit-card customer data is believed to have driven the Reserve Bank of India (RBI) to ask a few banks to stop onboarding new customers on the platform, multiple industry executives have told Moneycontrol.
OneCard has co-branded card partnerships with Federal Bank, SBM Bank, South Indian Bank, Bank of Baroda, Catholic Syrian Bank and Indian Bank. While only Federal Bank and South Indian Bank have decided to stop onboarding new customers, others are likely to follow suit.
"In the case of OneCard, it did not have any direct access to customer data but for all the co-branded cards that the banks issued with OneCard, banks were using the credit-card software stack provided by OneCard. This gave OneCard access to customer data indirectly," a senior executive with a credit-card product company said on condition of anonymity.
According to RBI regulations, only credit-card issuers — banks — can access customer data and not their co-brand partners. For instance, in the case of Amazon Pay-ICICI Bank credit card, the e-commerce giant can’t access customer data.
"The card-issuers shall not share card data (including transaction data) of the cardholders with the outsourcing partners unless sharing of such data is essential to discharge the functions assigned to the latter. In case of sharing of any data as stated above, explicit consent from the cardholder shall be obtained. It shall also be ensured that the storage and the ownership of card data remains with the card-issuer," an RBI circular of March 7 said.
OneCard co-branded cards seem to violated this provision, the executives Moneycontrol spoke to said.
OneCard did not respond to Moneycontrol queries. The banks couldn’t be reached immediately for comments. The story will be updated once we get their responses.
The pause was most likely temporary and once OneCard starts accessing customer data in encrypted form, the banks would start issuing cobranded cards again, a card network executive said.
Credit card management software looks at various fees, charges and rewards calculations among other things. The stack also connects the software with the processing switch, which connects the credit card to card-networking companies such as Visa, Mastercard and Rupay.
OneCard has partnered with fintech M2P to develop the stack along with deploying the processing switch.
"These banks had their credit card management stack, but OneCard acted as the technology service provider (TSP) for their cobranded cards. This gave them access to customer data. Now probably RBI want banks to encrypt this data before sending it to OneCard's stack or use a different technology stack altogether," said a senior bank executive, who looks at card and digital business along with fintech partnerships.
According to the OneCard website, its co-branded credit card comes with an app that gives customers full in-app control — from real-time transaction tracking, spends management, EMI conversion to payments.
OneCard can provide all these details on a non-banking app along with other unique features because it runs its technology stack, which was its unique selling proposition (USP) in the card business.
Founded in February 2019 by Vibhav Hathi, Anurag Sinha and Rupesh Kumar, FPL Technologies, OneCard’s holding company, has raised $227 million in funding from investors like Temasek, GIC, Matrix Partners, QED Innovation, Hummingbird Ventures and Sequoia Capital.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
