News Corner: RBI's Ban on Mastercard Enforcing Data Localisation Norms

Image Source: BBC

On July 14, 2021, the Reserve Bank of India ("RBI") issued a press release announcing that it has restricted Mastercard from on-boarding new domestic customers for issuing debt, credit or prepaid cards from July 22, 2021. RBI stated that Mastercard has been non-compliant with its directions on 'Storage of Payment System Data' (in terms of its circular dated April 6, 2018) ("Directions").

For context, these Directions require payment system providers (like Mastercard) to store data relating to 'payment systems' operated by them in a system only in India, including the full end-to-end transaction details / information collected / carried / processed as part of the message / payment instruction. Additionally, there are also certain reporting and audit requirements.

In the present press release, RBI emphasized on the data localisation requirements in the Directions and took a stern step towards a major entity like Mastercard, which is the second largest credit-card issuer in India. While Mastercard is not allowed to onboard new domestic customers, RBI has clarified that its order will not impact the existing customers of Mastercard. This is a wake-up call for other payment system operators to comply with RBI's Directions and ensure that the payment system and transaction data is stored in Indian servers.

See RBI's press release: