Recently, RBI has imposed restrictions on Mastercard Asia from issuing new domestic customers (debit, credit or prepaid) in India, citing non-compliance with guidelines for storage of data in India.
Reasons for the ban
- According to the Reserve bank, the U.S. card-issuer has failed to comply with the local data storage rules announced by the central bank in 2018.
- The RBI had given almost three years for Mastercard to comply with the regulatory directions, but it was unable to complete the process.
- Payment firms like Visa and Mastercard, which currently store and process Indian transactions outside the country, have said their systems are centralised and expressed the fear that transferring the data storage to India will cost them millions of dollars.
What is the data localisation policy of RBI?
- The RBI’s circular dated April 6, 2018, on storage of payment system data had asked all system providers (operating a card network in India under the Payment and Settlement Systems Act, 2007) to store all end-to-end transaction data related to their Indian operations in a system located in the country.
- This meant that foreign card companies had to store complete information about transactions made by Indian customers in servers located within India. Companies were initially required to comply with these rules within six months.
- The reason offered by the RBI to back up its data localisation rule was that local storage of consumer data is necessary to protect the privacy of Indian users and also to address national security concerns.
- Governments also believe that mandating foreign companies to set up local infrastructure can boost their local economies.
- The data includes full end-to-end collected information, processed or carried information, payment instructions in part or full, transaction details among others.
- The central bank wanted a single common data source to enforce the law and empower authorities to access an efficient and effective data storage system in the wake of growing digital transactions and frauds.
- All such card companies had to file a compliance report and an audit compliance report (as per system approved by the board) by the CERT-In empanelled auditor within a specified time-period.
Ban on other card firms
- RBI had imposed restrictions on American Express Banking Corp and Diners Club International Ltd from enrolling new domestic customers onto their card networks from May 1, 2021
- According to RBI data, there were 96.47 crore cards in India, including 90.23 crore debit cards and 6.239 crore credit cards as of May 2021.
Impact of the ban
- Though the ban, existing Mastercard customers, however, can continue to use their cards.
- Indian banks that are currently enrolled in the Mastercard network are expected to make alternative arrangements with other card companies.
- Mastercard owns about one-third of the market share in India, and the RBI’s ban is likely to significantly benefit its competitors.
- Similarly, the ban on American Express and Diners Club earlier this year benefited the Indian card network RuPay.
- The card payments sector may end up being restricted to a few domestic companies, which in turn can lead to reduced competition.