mastercard ban, RBI Mastercard Ban, debit cards, reserve bank of india, credit cards, visa, mastercard, rbi data localisation policy, barred, imposed regulatory restrictions

Mumbai: The Reserve Bank of India barred Mastercard Inc. from issuing new cards in India after it found the US-based payments major was storing customers’ data on servers located outside the country and also failing to erase from overseas servers the Indian leg of the transactions data within 24 hours as mandated, three sources aware of the matter told ET.

The card network may also have been non-compliant with Indian central bank’s requirement to appoint a domestic auditor certified by the country’s nodal cybersecurity agency—Indian Computer Emergency Response Team (CERT-in)—to conduct its external compliance audit, the sources added.

“Some part of the transaction data is being kept in India, but a significant part of information related to transaction processing and fraud checks is going out of the geography. Effectively, it is a dual record maintenance and that is what the regulator is not okay with,” a senior bank official aware of the matter told ET.

In response to an ET query, Mastercard said it is continuously engaging with the regulator including submitting system audit reports on a regular basis and hopes for an early resolution on the matter.

“When RBI required us to provide additional clarifications about our data localisation framework in April 2021, we engaged our government-empanelled audit firm to address those points,” Mastercard said. “That report was slightly delayed and submitted to the RBI on July 20, 2021. We are hopeful that this latest filing provides the assurances and insights required to address their concerns and move toward a resolution on the matter.”

RBI did not respond. In a media statement last week, Mastercard had said it was “disappointed” with RBI’s stance and was “fully committed to legal and regulatory obligations” in India.

The central bank last week imposed regulatory restrictions on Mastercard from onboarding new domestic debit, credit, or prepaid customers on its card network in India from July 22. The regulator’s supervisory action was citing “non-compliance with directions on Payment System Data”. To be sure, these restrictions are only on Mastercard’s new cards and not the existing ones held by customers.

As per this rule, all foreign payment operators storing card and customer related data must do so in servers physically present in India. RBI introduced the rule through a circular issued in April 2018. As per RBI’s rules, foreign payment processors can transfer card storage data abroad for smoothing flow provided this data is deleted within 24 hours.

“Inability of Mastercard to store payments data in India is what was flagged by RBI,” a person aware of the matter said. “Typically, for companies like Mastercard, there are robust fraud risk engines which collate data from various switches across the world to prevent cross jurisdiction cloning or phishing attacks,” the person said, adding that Mastercard’s insistence on storing this data abroad is what got it on the wrong side of the Indian regulations.

According to the person, Mastercard wanted the external audit to be performed by its overseas auditor appointed by the global unit. These terms were not agreed by the RBI, which invited the curbs, the person added.

“A certain part of the data on transactions processed has been moved to India and Mastercard is using that as a defence, but the RBI wants end-to-end stored locally in the country,” a third source, who is a payments industry executive, said.

“For their own internal fraud checks Mastercard is sending a copy to their international servers to weed out malicious transactions,” the person added.

Mastercard is registered as a Payment System Operator (PSO) authorised to operate a card network in the country under the PSS Act. Other leading card networks in India include US-based Visa and National Payments Corp of India’s RuPay. India has a total of 62.3 million credit cards and 902.3 million debit cards in circulation.

The Indian central bank had tightened data storage norms for PSOs in India through a notice issued to chief executives of all such licensed companies in India. ET has a copy of the notice.

As per the rules introduced in March, all PSOs from FY22 were mandated to submit detailed “compliance certificates” to the central bank twice a year, signed by the respective chief executives or managing director, confirming adherence to all RBI regulations around security and storage of payment data.

These requirements are over and above the ones mandated by the central bank in April of 2018 where it asked all PSOs to submit board-approved annual System Audit Report (SAR) by CERT-empanelled auditors.

These companies were also asked to submit a one-time compliance report with data localisation norms which mandate the data relating to payments in India will be stored in a server physically present in the country by December of 2018.

RBI had asked these certificates to be submitted on April 30 and October 31 of every year. The central bank’s decision to tighten data storage norms, earlier this year, also attracted curbs on US-based American Express and Diners Club for non-compliance with the same rule.

As per industry sources, Visa and Mastercard together process a significant chunk—over 70%—of India’s credit cards. For debit card issuances, NPCI’s RuPay is said to be the largest card issuer. RBI does not disclose the breakup.


Japan travel news, japan travel guides, japan holiday destinations and japan reviews

LATEST NEWS

NEWS RELATED

RBI allows loans up to Rs 5 crore to other banks' directors without board approval

The Reserve Bank of India has raised the limit on loans to be sanctioned to directors or associates without board approval for the first time in 26 years to Rs. 5 crore from Rs. 25 lakhs last set in 1996. This revision in threshold will be applicable to only personal…

Read more: RBI allows loans up to Rs 5 crore to other banks' directors without board approval

‘Mastercard’s dual record maintenance led to RBI ban’

Mumbai: The Reserve Bank of India barred Mastercard Inc. from issuing new cards in India after it found the US-based payments major was storing customers’ data on servers located outside the country and also failing to erase from overseas servers the Indian leg of the transactions data within 24 hours…

Read more: ‘Mastercard’s dual record maintenance led to RBI ban’

U GRO Capital launches Pratham, a MSME co-lending program with Bank of Baroda

U GRO Capital, a BSE listed, technology enabled small business NBFC, announced on Wedenesday the launch of a co-lending partnership for micro, small and medium enterprises (MSME) with Bank of Baroda . Termed as ‘Pratham’, the loan disbursements have commenced on the occasion of Bank of Baroda’s 114th Foundation Day.…

Read more: U GRO Capital launches Pratham, a MSME co-lending program with Bank of Baroda

HDFC Bank creates new segment to work for both India and Bharat: Chairman

HDFC Bank, largest lender by market capital, has created a new business segment of commercial and rural banking to capture the next wave of growth, said Atanu Chakraborty, the bank’s non-executive chairman, in the annual general meeting held on July 17. “This will not only reinforce your bank’s top position…

Read more: HDFC Bank creates new segment to work for both India and Bharat: Chairman

RBI’s Mastercard ban may hit Citibank India’s retail business sale

The Reserve Bank of India’s (RBI) recent regulatory ban on Mastercard has raised questions over the likely valuations of Citibank India’s retail banking business, which is up for sale. Citibank has an exclusive tie-up with the payments company for issuing debit cards and will have to stop issuing them from…

Read more: RBI’s Mastercard ban may hit Citibank India’s retail business sale

NPCI in talks to take UPI, RuPay to global markets

National Payment Corporation of India (NPCI) is in talks with several global agencies to expand the global footprint of indigenous payment networks RuPay and UPI (unified payment interface), possibly in West Asia, the United States, and Europe. “We are aiming to expand RuPay and UPI acceptance across world destinations, where…

Read more: NPCI in talks to take UPI, RuPay to global markets

Several factors still hinder monetary transmission to bank rates: RBI

Although transmission of deposit and lending rates has significantly improved in recent times, several factors continue to obstruct effective monetary transmission to these bank rates, the Reserve Bank of India (RBI) has said. The RBI Bulletin for July 2021 noted that the central bank has made several attempts to improve…

Read more: Several factors still hinder monetary transmission to bank rates: RBI

RBI working towards 'phased introduction' of digital rupee

The Reserve Bank of India is working towards a “phased introduction” of India’s Central Bank Digital Currency (CBDC) — a digital rupee — and a pilot of such a general-purpose digital currency is possible in the near future, RBI deputy governor T Rabi Shankar said during a virtual address on…

Read more: RBI working towards 'phased introduction' of digital rupee

Mastercard stops issuing new debit, credit cards from today

IBA to soon move application to RBI for setting up Rs 6,000-cr bad bank

Complied with 85% of asks on tech, ball in RBI court for lifting ban: HDFC Bank

NPCI begins pilot for voice-based payments

Failover mechanism protects us from MasterCard ban: HDFC Bank MD Sashidhar Jagdishan

ICICI Bank continues push in credit card space with new co-branded HPCL card

Will bounce back strongly after pandemic behind us: HDFC Bank MD

RBI's ban on Mastercard likely to create monopoly in India's credit card market

OTHER NEWS