Yes Bank on September 21 announced its partnership with Visa to offer credit cards to its customers. “The transition has been achieved within a record time of less than 60 days, ensuring ease for customers across segments,” the bank said referring to the shift from Mastercard.
All the banks’ offerings— consumer cards, business cards, and corporate cards— will now be powered by Visa.
RBI’s Mastercard ban
The Reserve Bank of India (RBI) in July barred Mastercard from onboarding new domestic customers in India onto its card network because of non-compliance with data localisation guidelines.
Based on Yes Bank’s website and information from Samsung Pay, it appears that Yes Bank previously issued cards only on the Mastercard network. As such, they were likely impacted adversely by the RBI’s supervisory action. At the end of May, Yes Bank had 967,351 credit cards, all Mastercard ones, in circulation. RBL Bank too had been issuing only on the Mastercard network and had to shift to Visa.
Earlier this year, the RBI had barred American Express and Diners Club from onboarding new customers due to non-compliance with its data localisation guidelines.
A few days after the ban, Mastercard said that it has complied with the local data storage norms laid down by the RBI and has filed a new audit report on July 20 to notify the central bank of its compliance.
The RBI’s data localisation guidelines
In 2018, the RBI had issued the following directions after it observed that not all payments companies were storing data in India:
- Entire data relating to payment systems must be stored in a system only in India
- Ensure compliance within a period of six months and report it to the RBI by October 15, 2018
- Furnish the System Audit Report (SAR) by CERT-IN empanelled auditors by December 31, 2018
However, in June 2019 following concerns raised by the industry, RBI went on to clarify the guidelines:
- The central bank elaborated on data that had to be stored in India mandatorily:
- Customer data: Name, mobile number, email, Aadhaar number, PAN number, etc.
- Payment sensitive data: Customer and beneficiary account details
- Payment credentials: OTP, PIN, passwords, etc.
- Transaction data: Origin and destination system information, transaction reference, timestamp, amount, etc.
- The norms were applicable to transactions made through system participants, service providers, intermediaries, payment gateways, third-party vendors, and other entities in the payments ecosystem apart from all the payment system providers authorised by the RBI.
- The central bank clarified that there is no ban on overseas processing of strictly domestic transactions but the data should be brought back to India within one business day or 24 hours of payment processing and be stored locally here.
Timeline of decisions taken by RBI and Mastercard
April 2018: RBI conveyed to all payments system operators in India in 2018 to ensure the storage of payments-related data within the country in six months.
October 2018: As most players rushed to comply with the order, Mastercard started storing data at a facility in Pune to comply with the guidelines but it continued to process a part of each Indian transaction through data centres abroad.
April 2021: RBI found Mastercard’s compliance with the rules unsatisfactory, and urged it to adhere to the norms without any delay.
May 2021: American Express and Diners Club were the first card network companies to be banned from issuing new cards for violating the 2018 guidelines.
July 2021: Mastercard’s ban came into force on July 22 after the central bank permitted multiple extensions to comply with the rules. The ban was imposed when Mastercard requested another extension after the one till July 9 expired. It had put Mastercard’s partner banks in a fix as they scurried to sign deals with new networks to ensure their income does not take a hit.
August 2021: Mastercard informed MediaNama that it has complied with the norms. The payments company added that it filed a new audit report on July 20 to notify the central bank of its compliance.
- Leaked Emails Reveal US Government Irked By RBI For Its Ban On Mastercard: Report
- RBI Bars Mastercard From Adding New Customers In India; Flags Non-Compliance With Data Localisation Guidelines
- Visa Has Fully Complied With RBI’s Data Localisation Mandate: Report
- RBI Warns Customers About Predatory Digital Lending Apps
- Mastercard Bets On Bank Partnerships For Indian Expansion
Have something to add? Post your comment and gift someone a MediaNama subscription.