IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Mastercard banned from taking on new customers in India after flouting data rules

The country’s reserve bank found that the payment provider did not comply with a data policy established in 2018

The Reserve Bank of India (RBI) has banned Mastercard from taking on new customers from 22 July following a dispute over the company's failure to abide by data storage policies.

In April 2018, the RBI released a Storage of Payment System Data notice which stipulated that payment system providers should store payment data in India to ensure “better monitoring”. This includes the full end-to-end transaction details and information collected or carried as part of the message or payment instruction.

However, for the “foreign leg” of the transaction, the data can also be stored in the foreign country if required.

Payment system providers were given six months to implement this change, which should have been completed by 15 October 2018, and report compliance to the RBI, as well as submitting an audit report to the bank by December. Mastercard is said to be still in breach of these terms, according to the RBI.

“Notwithstanding lapse of considerable time and adequate opportunities being given, [Mastercard] has been found to be non-compliant with the directions on Storage of Payment System Data,” said Yogesh Dayal, chief general manager at the RBI.

Related Resource

Aberdeen Report: How a platform approach to security monitoring initiatives adds value

Integration, orchestration, analytics, automation, and the need for speed

White text against a pink-red background - whitepaper from IBMFree download

The RBI has now placed a freeze on the onboarding of new Mastercard customers across the country, and Mastercard must advise all card-issuing banks and non-banks to conform to these directions.

A spokesperson from Mastercard said it is "fully committed" to its legal and regulatory obligations in the markets it operates in.

"Since the issuance of the 2018 directive requiring on-soil storage of domestic payment transaction data, we have worked closely with the RBI to ensure that we comply with the requirements," said the spokesperson. "While we are disappointed with the stance taken by the RBI today (July 14), we will continue to work with them and provide any additional details needed to resolve their concerns."

The 2018 policy change emerged following a recognition that the payment ecosystem in India had expanded “considerably” with the emergence of new payment systems, players, and platforms.

“Ensuring the safety and security of payment systems data by adoption of the best global standards and their continuous monitoring and surveillance is essential to reduce the risks from data breaches while maintaining a healthy pace of growth in digital payments,” the bank stated.

In order to have “unfettered access” to all payment data for “supervisory purposes”, the RBI decided that all payment system operators had to ensure that data related to payment systems operated by them should be stored only inside the country.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

India to roll out 6G by end of decade
Network & Internet

India to roll out 6G by end of decade

18 May 2022
Data centres that switch from HDDs to SSDs use 70% less power
data centres

Data centres that switch from HDDs to SSDs use 70% less power

16 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022
Australia pledges $5 million to create tech skills passport
Careers & training

Australia pledges $5 million to create tech skills passport

11 May 2022

Most Popular

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
ransomware

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022