The Reserve Bank of India (RBI) on Wednesday barred global card player Mastercard Asia/Pacific Pte Ltd from onboarding new domestic customers on its network from July 22 over non-compliance with native data storage guidelines. That makes Mastercard the third entity to be barred on these grounds after the RBI had in April told American Express and Diners Club International to not get new domestic customers.
The entity (Mastercard) has been found to be non-compliant with the instructions on storage of payment system data, however the lapse of appreciable time and adequate opportunities provided, a commentary issued by the RBI said on Wednesday.
The central bank has elucidated that the ban is only on adding new domestic customers to its network and that there will be no affect on the existing customers. It has also asked all banks and non-bank lenders working with Mastercard for issuance of debit, credit, or prepaid cards to adhere to the RBI regulations on storage of payment system data.
“The supervisory action has been taken in exercise of powers vested in the RBI under Section 17 of the Payment and Settlement Systems Act, 2007 (PSS Act),” the central bank said.
Mastercard is a payment system company, operating a card network in the country under the PSS Act. Together with Mastercard, Visa, and RuPay are the other big card issuers in the country. Visa is the largest player in the space followed by Mastercard and RuPay, according to industry estimates. But Mastercard is seen as having a premium position in the industry. RuPay, which accounts for just about 35 per cent of the cards market share, is seen as a disruptor, fast catching up with its global peers. While Visa and Mastercard are big players in the credit cards segment, RuPay has cornered a large chunk of the debit cards segment.
A banker said that while the restriction on Mastercard continues, a duopoly situation might occur. Also, the RBI action may hamper issuance of cards in the close term for private banks which have exclusive tie-ups with Mastercard for promoting spending. There is also a small hit on other income as no incremental cards may also be issued. Banks are taking inventory of the situation and preparing responses.
While the market share of the card operators isn’t in public domain, National Payments Corporation of India had earlier this year said RuPay’s market share by volume used to be at 34 per cent and by value at 30 per cent. Since public sector banks have been issuing predominantly RuPay Cards (by NPCI) in the domestic market for the previous couple of years, they is probably not impacted much by the RBI move.
The central bank, in April 2018, had told all payment system providers to store their entire data in a system located in India. They were also required to outline compliance to the RBI and submit a board-approved System Audit Outline (SAR), prepared by a CERT-In-empaneled auditor inside the timelines specified therein. The data to be stored in India included full end-to-end transaction details, information collected, carried, and processed as a part of the message, and payment instruction. The RBI had provided these companies six months for compliance.
Companies like Visa, Mastercard, American Express, PayPal, Google, Facebook, Microsoft, and Amazon, in addition to global banks, had deliberate to form industry-level foyer groups, opposing RBI’s data localisation guidelines. But nearly all payments companies complied with the guidelines and stored data in the community as the RBI stuck to its stand.
“The critical market sign here is adherence to localisation, and having it built in the broader scheme of things is very fundamental now. Policy-wise, additionally it is a global trend, as many countries are coming up similar requirements,” said Vivek Belgavi, India fintech leader, PwC India.
Mastercard has to either begin storing data inside India or shut shop, a banker said. For the reason that India is a huge market for consumer spending , ending operations is hardly a choice for a card processor, he said.
According to Mathew Chacko, Partner, Spice Route Legitimate, the RBI’s payment system data storage norms are a lot more evolved now than it used to be a couple of years ago. ‘’So, there must not be any reason for any global player to not conform. Many other major players have complied with these norms, so It’s not that i am certain why there is hesitancy”.
“It is rather lucid that companies that aren’t complying with the RBI guidelines on the storage of data are being penalized,’’ said Kazim Rizvi, Founder, The Dialogue, a public policy think tank, adding that entities should strive to conform with the norms, Rizvi said.