The limits on onboarding new domestic users have been eased with immediate effect, the regulator said, in light of Mastercard’s good compliance with the RBI circular dated 6 April 2018 on storage of payment system data.
On Thursday, the Reserve Bank of India (RBI) removed limitations on the international payment network Mastercard and permitted it to accept new users after it showed “sufficient compliance.” The restriction on American Express was not lifted, though.
A rule from April 2018 that required all payments data from India to be held there is at the heart of these limitations. Many businesses at first found this difficult to accept, but eventually most did. According to the Payment and Settlement Systems Act of 2007, these rules apply to all payment system providers who have been granted permission by the RBI to establish and run a payment system in India. “The restrictions imposed by order dated July 14, 2021, on onboarding of new domestic customers have been lifted with immediate effect,” the RBI said. “In view of the satisfactory compliance demonstrated by Mastercard Asia / Pacific Pte. Ltd. with the Reserve Bank of India circular dated 6 April 2018 on storage of payment system data.”On Wednesday, the Reserve Bank of India (RBI) put limits in place for Mastercard Asia / Pacific Pte Ltd (Mastercard) regarding the addition of new domestic debit, credit, or prepaid consumers to its network of payment cards. On July 22, Mastercard will no longer be able to issue new cards.
The central bank stated in a statement that “despite the passage of considerable time and ample opportunities being given, the business has been deemed to be non-compliant with the directives on Storage of Payment System Data.”
Complete end-to-end transaction details including information gathered, carried, and processed as part of the message or payment instruction are among the data that will only be held in India.
On July 30th of last year, according to a PTI report, Mastercard submitted an audit report to the regulator demonstrating compliance with local data storage standards. “We recruited government-appointed Deloitte to do a supplemental audit to help establish our compliance when RBI ordered us to offer additional explanations about our data localization policy in April 2021,” it had stated. According to the central bank’s response to a Right to Information request made by Mint, all payment system operators, with the exception of Mastercard, American Express, and Diners Club, satisfied the standard set by the central bank on data localisation in August of last year. The RBI stated that the supervisory action was carried out in accordance with the authority granted to it by Section 17 of the Payment and Settlement Systems Act, 2007 (PSS Act). This action comes less than three months after the RBI prohibited the issuance of new cards to Discover Financial Services’ American Express and Diners Club International owing to similar infractions.