The Reserve Bank of India (RBI) has lifted the restrictions imposed on Mastercard Asia/ Pacific Pte Ltd on on-boarding of new domestic customers with immediate effect.
“In view of the satisfactory compliance demonstrated by Mastercard with the RBI circular dated April 6, 2018 on Storage of Payment System Data, the restrictions imposed, vide order dated July 14, 2021, have been lifted with immediate effect,” the RBI said.
The central bank had imposed restrictions on Mastercard from on-boarding new domestic customers (debit, credit or prepaid) onto its card network from July 22, 2021 for non-compliance with the RBI regulations for storage of data in India. The RBI had given almost three years for Mastercard to comply with the regulatory directions, but it was unable to complete the process.
By the RBI circular on Storage of Payment System Data dated April 6, 2018, all system providers were directed to ensure that within six months the entire data (full end-to-end transaction details, information collected or carried or processed as part of the message or payment instruction) relating to payment systems operated by them is stored in a system only in India. They were also required to report compliance to the RBI and submit a board-approved system audit report conducted by a CERT-In empanelled auditor within the timelines specified.
However, credit and card firms with global operations have been resisting the move, citing costs, security risk, lack of clarity, timeline, and the possibility of data localisation demand from other countries.
Newsletter | Click to get the day’s best explainers in your inbox
The RBI had stipulated that data should be stored only in India and no copy — or mirroring — should be stored in other countries. Payment firms, which used to store and process Indian transactions outside the country, had contended their systems were centralised and expressed the fear that transferring the data storage to India would cost them millions of dollars.
What upset foreign players is that domestic payment companies, including e-commerce firms, which are storing the data within India, were putting pressure for data storage within the country. Firms such as Mastercard, Visa and National Payment Corporation of India (NPCI) are Payment System Operators authorised to operate a card network in India under the Payment and Settlement Systems (PSS) Act, 2007.
Under the Act, the RBI is the authority for the regulation and supervision of payment systems in India. The RBI’s payment system enables payments to be effected between a payer and a beneficiary and involves the process of clearing, payment or settlement, or all of them.
Funds transferred using debit or credit cards are routed through platforms such as Mastercard, Visa and NPCI. The RBI has decided to allow non-bank entities — Prepaid Payment Instrument (PPI) issuers, card networks, White Label ATM (WLA) operators, Trade Receivables Discounting System (TReDS) platforms – to become members of the centralised payment system (CPS) and effect fund transfer through RTGS and NEFT.