PremiumListen to this article |
MUMBAI : The Reserve Bank of India (RBI) on Thursday lifted restrictions on global card network Mastercard and allowed it to onboard customers after it demonstrated “satisfactory compliance".
RBI had restricted Mastercard from onboarding customers from July last year, citing failure to comply with its data localization norms. Two other large corporations, Diners Club and American Express, were also asked to stop issuing new cards in 2021. RBI subsequently allowed Diners Club to resume issuing cards. However, it did not lift the ban on American Express.
At the centre of these restrictions is a regulation from April 2018 that mandated all payments data from India to be stored in the country. This initially did not sit well with many companies, but most eventually complied. These guidelines are applicable to all payment system providers authorized by RBI to set up and operate a payment system in India under the Payment and Settlement Systems Act, 2007. “In view of the satisfactory compliance demonstrated by Mastercard Asia / Pacific Pte. Ltd. with the Reserve Bank of India circular dated 6 April 2018 on storage of payment system data, the restrictions imposed vide order dated 14 July 2021, on onboarding of new domestic customers have been lifted with immediate effect," the RBI said.
Data to be stored exclusively in India include complete end-to-end transaction details and information collected, carried, and processed as part of the message or payment instruction.
According to a PTI report on 30 July last year, Mastercard had submitted an audit report to the regulator showing compliance with the local data storage norms. “When RBI required us to provide additional clarifications about our data localization framework in April 2021, we retained government-empanelled Deloitte to perform a supplemental audit to help demonstrate our compliance," it had said.
Mint reported in August last year that all payment system operators except Mastercard, American Express and Diners Club had met the guideline set by the central bank on data localization, according to the central bank’s response to a Right to Information query that had been filed by Mint.
