rbi: RBI lifts business restrictions on Mastercard

The Reserve Bank of India on Thursday lifted business restrictions imposed on Mastercard, almost a year after imposing it. The regulator said MasterCard had achieved “satisfactory compliance.”

“In view of the satisfactory compliance demonstrated by Mastercard Asia / Pacific Pte. Ltd. with the Reserve Bank of India (RBI) circular dated April 6, 2018 on Storage of Payment System Data, the restrictions imposed, vide order dated July 14, 2021, on on-boarding of new domestic customers have been lifted with immediate effect,” RBI said in a statement.

Last year on July 14, 2021 the regulator had imposed restrictions on Mastercard from on-boarding new domestic customers including debit, credit or prepaid onto its card network for non-compliance with the RBI circular on Storage of Payment System Data.

As per this rule, all foreign payment operators storing card and customer related data must do so in servers physically present in India. This rule was introduced by the RBI through a circular issued in April 2018, over two years ago. As per RBI’s rules, foreign payment processors can transfer card storage data abroad for smoothing flow provided this data is deleted within 24 hours.

Mastercard is registered as a Payment System Operator (PSO) authorised to operate a card network in the country under the PSS Act. Other leading card networks in India include US-based Visa and National Payments Corp of India’s RuPay.

The Indian central bank had tightened data storage norms for PSOs in India through a notice issued to chief executives of all such licensed companies in India.

Discover the stories of your interest



As per the rules introduced in March, all PSOs from FY22 were mandated to submit detailed “compliance certificates” to the central bank twice a year signed by the respective chief executives or managing director, confirming adherence to all RBI regulations around security and storage of payment data.

These requirements are over and above the ones mandated by the central bank in April of 2018 where it asked all PSOs to submit board-approved annual System Audit Report (SAR) by CERT-empaneled auditors.

These companies were also asked to submit a one-time compliance report with data localization norms which mandate the data relating to payments in India will be stored in a server physically present in the country, by December of 2018.

Stay on top of technology and startup news that matters. Subscribe to our daily newsletter for the latest and must-read tech news, delivered straight to your inbox.