The Reserve Bank of India (RBI) on Wednesday barred global card player Mastercard Asia/Pacific Pte Ltd from onboarding new domestic customers on its network from July 22 over non-compliance with local data storage guidelines. That makes Mastercard the third entity to be barred on these grounds after the RBI had in April told American Express and Diners Club International to not get new domestic customers.
The entity (Mastercard) has been found to be non-compliant with the directions on storage of payment system data, notwithstanding the lapse of considerable time and adequate opportunities given, a statement issued by the RBI said on Wednesday.
The central bank has clarified that the ban is only on adding new domestic customers to its network and that there will be no impact on the existing customers. It has also asked all banks and non-bank lenders working with Mastercard for issuance of debit, credit, or prepaid cards to adhere to the RBI regulations on storage of payment system data.
“The supervisory action has been taken in exercise of powers vested in the RBI under Section 17 of the Payment and Settlement Systems Act, 2007 (PSS Act),” the central bank said.
Mastercard is a payment system company, operating a card network in the country under the PSS Act. Along with Mastercard, Visa, and RuPay are the other big card issuers in the country. Visa is the largest player in the space followed by Mastercard and RuPay, according to industry estimates. But Mastercard is seen as having a premium position in the industry. RuPay, which accounts for nearly 35 per cent of the cards market share, is seen as a disruptor, fast catching up with its global peers. While Visa and Mastercard are big players in the credit cards segment, RuPay has cornered a large chunk of the debit cards segment.
A banker said that while the restriction on Mastercard continues, a duopoly situation might arise. Also, the RBI action may hamper issuance of cards in the near term for private banks which have exclusive tie-ups with Mastercard for promoting spending. There could also be a small hit on other income as no incremental cards can be issued. Banks are taking stock of the situation and preparing responses.
While the market share of the card operators is not in public domain, National Payments Corporation of India had earlier this year said RuPay’s market share by volume was at 34 per cent and by value at 30 per cent. Since public sector banks have been issuing predominantly RuPay Cards (by NPCI) in the domestic market for the last few years, they may not be impacted much by the RBI move.
The central bank, in April 2018, had told all payment system providers to store their entire data in a system located in India. They were also required to report compliance to the RBI and submit a board-approved System Audit Report (SAR), prepared by a CERT-In-empaneled auditor within the timelines specified therein. The data to be stored in India included full end-to-end transaction details, information collected, carried, and processed as part of the message, and payment instruction. The RBI had given these companies six months for compliance.
Companies like Visa, Mastercard, American Express, PayPal, Google, Facebook, Microsoft, and Amazon, as well as global banks, had planned to form industry-level lobby groups, opposing RBI’s data localisation guidelines. But almost all payments companies complied with the guidelines and stored data locally as the RBI stuck to its stand.
“The critical market signal here is adherence to localisation, and having it built in the broader scheme of things is very essential now. Policy-wise, it is also a global trend, as many countries are coming up similar requirements,” said Vivek Belgavi, India fintech leader, PwC India.
Mastercard has to either begin storing data within India or shut shop, a banker said. Given that India is a large market for consumer spending , ending operations is hardly a choice for a card processor, he said.
According to Mathew Chacko, Partner, Spice Route Legal, the RBI’s payment system data storage norms are much more evolved now than it was a few years ago. ‘’So, there should not be any reason for any global player to not conform. Many other major players have complied with these norms, so I am not sure why there is hesitancy”.
“It is very clear that companies that are not complying with the RBI guidelines on the storage of data are being penalized,’’ said Kazim Rizvi, Founder, The Dialogue, a public policy think tank, adding that entities must strive to comply with the norms, Rizvi said.
Disclaimer: This post has been auto-published from an agency/news feed without any modifications to the text and has not been reviewed by an editor.