Mastercard banned from taking on new customers in India after flouting data rules

The country’s reserve bank found that the payment provider did not comply with a data policy established in 2018

The Reserve Bank of India (RBI) has banned Mastercard from taking on new customers from 22 July following a dispute over the company's failure to abide by data storage policies.

In April 2018, the RBI released a Storage of Payment System Data notice which stipulated that payment system providers should store payment data in India to ensure “better monitoring”. This includes the full end-to-end transaction details and information collected or carried as part of the message or payment instruction.

However, for the “foreign leg” of the transaction, the data can also be stored in the foreign country if required.

Payment system providers were given six months to implement this change, which should have been completed by 15 October 2018, and report compliance to the RBI, as well as submitting an audit report to the bank by December. Mastercard is said to be still in breach of these terms, according to the RBI.

“Notwithstanding lapse of considerable time and adequate opportunities being given, [Mastercard] has been found to be non-compliant with the directions on Storage of Payment System Data,” said Yogesh Dayal, chief general manager at the RBI.

Related Resource

Aberdeen Report: How a platform approach to security monitoring initiatives adds value

Integration, orchestration, analytics, automation, and the need for speed

White text against a pink-red background - whitepaper from IBMDownload now

The RBI has now placed a freeze on the onboarding of new Mastercard customers across the country, and Mastercard must advise all card-issuing banks and non-banks to conform to these directions.

A spokesperson from Mastercard said it is "fully committed" to its legal and regulatory obligations in the markets it operates in.

"Since the issuance of the 2018 directive requiring on-soil storage of domestic payment transaction data, we have worked closely with the RBI to ensure that we comply with the requirements," said the spokesperson. "While we are disappointed with the stance taken by the RBI today (July 14), we will continue to work with them and provide any additional details needed to resolve their concerns."

The 2018 policy change emerged following a recognition that the payment ecosystem in India had expanded “considerably” with the emergence of new payment systems, players, and platforms.

“Ensuring the safety and security of payment systems data by adoption of the best global standards and their continuous monitoring and surveillance is essential to reduce the risks from data breaches while maintaining a healthy pace of growth in digital payments,” the bank stated.

In order to have “unfettered access” to all payment data for “supervisory purposes”, the RBI decided that all payment system operators had to ensure that data related to payment systems operated by them should be stored only inside the country.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Tesla Megapack goes up in flames at Australian battery site
Hardware

Tesla Megapack goes up in flames at Australian battery site

30 Jul 2021
Microsoft mulls investment in Indian hotel startup Oyo
Cloud

Microsoft mulls investment in Indian hotel startup Oyo

30 Jul 2021
The IT Pro Podcast: Bringing cricket into the digital age
Data & insights

The IT Pro Podcast: Bringing cricket into the digital age

30 Jul 2021
Podcast transcript: Bringing cricket into the digital age
Data & insights

Podcast transcript: Bringing cricket into the digital age

30 Jul 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021