The Reserve Bank of India (RBI) on Wednesday, July 14 imposed restrictions on Mastercard Asia / Pacific (Mastercard) from on-boarding new domestic customers (debit, credit or prepaid) onto its card network from July 22, 2021.  

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

The Bank took this action against the payment system operator for violating RBI's norms on the storage of payment systems data.

See Zee Business Live TV Streaming Below:

The Central Bank said: “Notwithstanding lapse of considerable time and adequate opportunities being given, the entity has been found to be non-compliant with the directions on Storage of Payment System Data.” 

However, the current order will not affect the existing customers of Mastercard. And it has been advised to inform all card issuing banks and non-banks regarding these directions. 

RBI further added: “This order will not impact existing customers of Mastercard. Mastercard shall advise all card issuing banks and non-banks to conform to these directions.”  

The supervisory action has been taken in exercise of powers vested in RBI under Section 17 of the Payment and Settlement Systems Act, 2007 (PSS Act), the Central Bank declared. 

Mastercard is a Payment System Operator authorised to operate a Card Network in the country under the PSS Act. 

Earlier, RBI had issued a circulation on Storage of Payment System Data dated April 6, 2018, saying all System Providers were directed to ensure that within a period of six months the entire data (full end-to-end transaction details / information collected / carried / processed as part of the message / payment instruction) relating to payment systems operated by them is stored in a system only in India.  

“They were also required to report compliance to RBI and submit a Board-approved System Audit Report conducted by a CERT-In empanelled auditor within the timelines specified therein,” RBI mentioned. 

In the statement on Development and Regulatory Policies of the First Bi-monthly Monetary Policy Statement for 2018-19 dated April 5, 2018, RBI had mentioned, there has been considerable growth in the payment ecosystem in the country. Such systems are also highly technology dependent, which necessitate adoption of safety and security measures, which are best in class, on a continuous basis. 

RBI had mentioned that it was observed that not all system providers store the payments data in India. In order to ensure better monitoring, it is important to have unfettered supervisory access to data stored with these system providers as also with their service providers / intermediaries/ third party vendors and other entities in the payment ecosystem.

It has, therefore, been decided that all system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India. This data should include the full end-to-end transaction details / information collected / carried / processed as part of the message / payment instruction. For the foreign leg of the transaction, if any, the data can also be stored in the foreign country, if required.