wordpress blog stats
Connect with us

Hi, what are you looking for?

RBI lifts restriction on Mastercard, allows banks to issue new cards on the network

RBI allows Mastercard to on-board new customers, after the network showed compliance with data localisation norms.

What’s the news? The Reserve Bank of India (RBI) on June 16 lifted the restriction imposed on Mastercard from onboarding new domestic customers, meaning banks can once again start issuing cards on the Mastercard network.

Why was Mastercard barred? Mastercard was barred from onboarding new customers in July 2021 for failing to comply with RBI’s data localisation norms issued in April 2018. The card network has now demonstrated satisfactory compliance, RBI said on Thursday.

How did this hurt Mastercard’s business? The restriction on Mastercard resulted in many banks shifting to Mastercard’s arch-rival, Visa, including RBL Bank and Yes Bank, which used to solely rely on Mastercard. The issue also reportedly irked the US government and a senior US trade official termed the move “draconian.” A month after it was barred, Mastercard said that it complied with the local data storage norms and has filed a new audit report, but it’s not clear why RBI took so long to remove the restrictions. It could take Mastercard a while to regain any market share it lost to Visa and home-grown RuPay, which has received significant support from the Indian government over the last couple of years.

Who continues to be barred? Mastercard was not alone in being barred. Both American Express and DinersClub were barred in April 2021, but the restrictions on DinersClub were lifted in November 2021. AmericanExpress is now the only major card network that continues to be barred. The restrictions, however, do not affect existing customers of the card network.

What are RBI’s card localisation guidelines?  In April 2018, the RBI had issued the following directions after it observed that not all payments companies were storing data in India:

Advertisement. Scroll to continue reading.
  • Entire data relating to payment systems must be stored in a system only in India
  • Ensure compliance within a period of six months and report it to the RBI by October 15, 2018
  • Furnish the System Audit Report (SAR) by CERT-IN empanelled auditors by December 31, 2018

However, in June 2019 following concerns raised by the industry, RBI went on to clarify the guidelines:

  • What data should be stored in India? The central bank elaborated on data that had to be stored in India mandatorily:
    • Customer data: Name, mobile number, email, Aadhaar number, PAN number, etc.
    • Payment sensitive data: Customer and beneficiary account details
    • Payment credentials: OTP, PIN, passwords, etc.
    • Transaction data: Origin and destination system information, transaction reference, timestamp, amount, etc.
  • Applicable to: The norms were applicable to transactions made through system participants, service providers, intermediaries, payment gateways, third-party vendors, and other entities in the payments ecosystem apart from all the payment system providers authorized by the RBI.
  • Data processed outside: The central bank clarified that there is no ban on overseas processing of strictly domestic transactions but the data should be brought back to India within one business day or 24 hours of payment processing and be stored locally here.

What next? Regulations are aplenty in the financial sector. Card networks are still dealing with the e-mandate regulations that went into effect in October 2021, but even as they’re doing that, they face a bigger hurdle: card tokenisation, which is a result of RBI’s rules on card storage that will kick in from July 1. But multiple industry sources have indicated that the ecosystem is not ready because of which online card transactions could start failing next month.

Also Read

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...


Releasing the policy is akin to putting the proverbial 'cart before the horse'.


The industry's growth is being weighed down by taxation and legal uncertainty.


Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ