The Reserve Bank of India (RBI) has put curbs on Mastercard Asia-Pacific from onboarding any new domestic customers onto its card network (debit, credit or prepaid), with effect from 22 July .
The regulator announced the supervisory action against Mastercard, citing certain rule violations. Here's everything we know about RBI's crackdown on Mastercard.
RBI Restricts Mastercard: How Will It Impact Existing Customers?
1. What Happened?
The RBI in a circular issued on Wednesday, 14 July, said that Mastercard Asia/Pacific won't be able to add any new customers on its card network starting 22 July, citing non-compliance of storage of data in India.
This restriction applies to its debit, credit or prepaid customers.
Expand2. What is RBI's Concern?
The RBI had accused Mastercard for not complying with storage of payment system data, ie data localisation.
Earlier, in 2018, the RBI had mandated all system payment providers such as Visa, Mastercard to store all its India-based customer's data, including complete end-to-end transaction details and all the customer information collected, in a server located in India .
Explaining the reason for data localisation, RBI had said: "There had been considerable growth in the payment ecosystem in the country. Such systems are highly technology dependent, which necessitated the adoption of best-in-class safety and security measures on a continuous basis."
The central bank had asked the system providers report compliance by 15 October 2018. For this, the RBI said the system providers must submit a System Audit Report on completion of the requirement.
However, due to non-compliance of these rules, the central bank barred Mastercard from issuing cards to new customers.
Expand3. How Will This Move Affect Existing Customers?
Existing Mastercard customers will not be affected by the RBI's directive. All Mastercard card-issuing banks are advised to follow the guidelines by RBI.
Mastercard will no longer be able to issue new cards after 22 July. However, it will be able to serve its existing customer.
Expand4. What is Mastercard’s Response?
While RBI has accused Mastercard of not complying with data localisation rules, the company in a statement on Thursday, 15 July, said that it is disappointed with the stance taken by the RBI.
"We will continue to work with them to provide any additional details required to resolve their concerns. Building on our considerable and continued investments in India, we remain committed to working with our customers and partners in advancing on the government’s Digital India vision,” the company added.
Expand5. Which Other Foreign Companies Are Banned?
In April this year, the RBI barred American Express and Diners Club International, owned by Discover Financial Services, from issuing new cards due to similar violations.
Expand6. Why is Mastercard Hesitant to Store Data Locally?
In a 2018 statement, MasterCard CEO and President, Ajaypal Singh Banga, said that data localisation may fail to provide safety and security to Indian banks, merchants.
Banga added that more transactions give better predictability, lowering the false positives, or error in data reporting.
Meanwhile, Sharat Chandra, an emerging tech evangelist told The Quint that since there is hardly any money left to be made in payments business, payment data collected can be used by Mastercard to build new business models and revenue streams, and this can only be possible if the data is stored in a global server.
Kazim Rizvi, Founding Director of The Dialogue, said that the motivation behind localisation is to drive access to data for security and law enforcement purpose, which has been a challenge in the past.
"Companies must strive to comply with the rules and mandates. At the same time, it's important to look at more effective means to help law enforcement purpose for data access while allowing free flow of data. One such mechanism could be entering into bilateral treaties with the EU, US and the UK on data transfers, which will help the need for law enforcement purpose and provide timely data access, as the present MLAT system is not effective enough," he added.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)
Expand
What Happened?
The RBI in a circular issued on Wednesday, 14 July, said that Mastercard Asia/Pacific won't be able to add any new customers on its card network starting 22 July, citing non-compliance of storage of data in India.
This restriction applies to its debit, credit or prepaid customers.
What is RBI's Concern?
The RBI had accused Mastercard for not complying with storage of payment system data, ie data localisation.
Earlier, in 2018, the RBI had mandated all system payment providers such as Visa, Mastercard to store all its India-based customer's data, including complete end-to-end transaction details and all the customer information collected, in a server located in India .
Explaining the reason for data localisation, RBI had said: "There had been considerable growth in the payment ecosystem in the country. Such systems are highly technology dependent, which necessitated the adoption of best-in-class safety and security measures on a continuous basis."
The central bank had asked the system providers report compliance by 15 October 2018. For this, the RBI said the system providers must submit a System Audit Report on completion of the requirement.
However, due to non-compliance of these rules, the central bank barred Mastercard from issuing cards to new customers.
How Will This Move Affect Existing Customers?
Existing Mastercard customers will not be affected by the RBI's directive. All Mastercard card-issuing banks are advised to follow the guidelines by RBI.
Mastercard will no longer be able to issue new cards after 22 July. However, it will be able to serve its existing customer.
What is Mastercard’s Response?
While RBI has accused Mastercard of not complying with data localisation rules, the company in a statement on Thursday, 15 July, said that it is disappointed with the stance taken by the RBI.
"We will continue to work with them to provide any additional details required to resolve their concerns. Building on our considerable and continued investments in India, we remain committed to working with our customers and partners in advancing on the government’s Digital India vision,” the company added.
Which Other Foreign Companies Are Banned?
In April this year, the RBI barred American Express and Diners Club International, owned by Discover Financial Services, from issuing new cards due to similar violations.
Why is Mastercard Hesitant to Store Data Locally?
In a 2018 statement, MasterCard CEO and President, Ajaypal Singh Banga, said that data localisation may fail to provide safety and security to Indian banks, merchants.
Banga added that more transactions give better predictability, lowering the false positives, or error in data reporting.
Meanwhile, Sharat Chandra, an emerging tech evangelist told The Quint that since there is hardly any money left to be made in payments business, payment data collected can be used by Mastercard to build new business models and revenue streams, and this can only be possible if the data is stored in a global server.
Kazim Rizvi, Founding Director of The Dialogue, said that the motivation behind localisation is to drive access to data for security and law enforcement purpose, which has been a challenge in the past.
"Companies must strive to comply with the rules and mandates. At the same time, it's important to look at more effective means to help law enforcement purpose for data access while allowing free flow of data. One such mechanism could be entering into bilateral treaties with the EU, US and the UK on data transfers, which will help the need for law enforcement purpose and provide timely data access, as the present MLAT system is not effective enough," he added.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)