Mastercard has been Banned from issuing New Cards in India.
Mumbai (BT) - Mastercard has been ordered to stop taking new customers in India, as authorities there say it violated the country's rules on how data should be stored.
Starting next Thursday, the company will be banned from issuing new debit, credit or prepaid cards, according to the Reserve Bank of India (RBI). It did not stipulate how long the restrictions would last.
In a statement Wednesday, the central bank said that Mastercard had been given "considerable time and adequate opportunities" to comply with a mandate announced in 2018.
Banks that solely depend on Mastercard will take at least two months to move their business to either Visa, the sole global survivor so far, or homegrown RuPay.
This is not the first time that something like this has occurred. Previously, RBI had barred American Express Banking Corp. and Diners Club from onboarding any more new customers onto their platform from May 1.
The reason behind this was cited as something similar to the reasoning behind Mastercard’s ban. RBI claimed that the entities were non-compliant with the directives and guidelines given on the storage of payment systems data. These stringent measures by RBI come in light of the 2018 mandate wherein the banking entity made it clear that all service providers must store and process data related to their respective payment systems that are only in India.
What is the RBI’s data localization policy?
In 2018, the Indian central bank had issued a circular ordering card companies such as Visa, Mastercard, and American Express to store all Indian customer data locally so that the regulator could have “unfettered supervisory access”. This meant that foreign card companies had to store complete information about transactions made by Indian customers in servers located within India.
Companies were initially required to comply with these rules within six months. The reason offered by the RBI to back up its data localization rule was that local storage of consumer data is necessary to protect the privacy of Indian users and also to address national security concerns.
Since the order, Mastercard, Visa and other foreign card companies have lobbied to dilute the rules. But the RBI has remained strict that companies must comply with its data localization rules. Consequently, Mastercard deleted Indian customer data from its foreign servers and promised to invest in building local servers in India to store local customer data. The RBI, however, has not been impressed. It has banned Mastercard from issuing new cards to customers from July 22.
Mastercard as having said it was “disappointed” with the RBI’s decision and it had provided regular updates on its compliance with the rules since 2018. The company was quoted as saying it would continue to work with the Indian central bank to provide any additional details required to resolve its concerns.
Earlier this year, American Express and Diners Club International were also banned by the RBI from issuing new cards after they failed to comply with the 2018 circular. American Express had more than 1.5 million cards in circulation locally as of February, according to central bank data. However, an industry source with direct knowledge said the financial impact of the ruling could be limited as India makes up only “a very small” percentage of the company’s global business.
While data for Diners Club was not immediately available, the card network has a tie up with HDFC Bank that has the largest share of India’s credit card market.
The central bank in December 2020 stopped HDFC Bank, India’s largest private lender, from adding new credit card customers or launching digital businesses after its digital payment services were hit by a power failure.