Money & Banking

Visa, Mastercard, Amex in breach as deadline for data localisation passes

Priyanka Pani Mumbai | Updated on October 15, 2018 Published on October 15, 2018

FILE- In this June 15, 2017, file photo, credit cards are displayed in Haverhill, Mass. Visa and Mastercard say they and several banks will pay $6.2 billion to settle part of a long-running lawsuit brought by merchants over fees on credit card transactions. (AP Photo/Elise Amendola, File)   -  AP

RBI may impose penalty, but will not stop services

As the deadline for payment companies to comply with the Reserve Bank of India’s (RBI) data localisation rule ran out, major payment network players, including Visa and Mastercard, were in breach.

While there was no official word on the status from the RBI, banking industry sources said that of the 78 payment companies in the country, 15 are yet to comply with.

“The companies that are yet to comply have asked for more time to set up local data centres. Of the 15 players, four international players — American Express, Mastercard, PayPal and Visa — have shown intent to comply and submitted a roadmap to the banking regulator on how and when they intend to set up a data centre in the country,” according to top banking sources.

No impact on consumers

Though it is not clear what action the RBI may take on companies that have not yet complied with its April order, sources said there is unlikely to be any impact on consumers using these payment services.

“The RBI is likely to impose a penalty on the players that are yet to follow the rule. The central bank had indicated that services will not be stopped as it will cause inconvenience to users,” said another banking source.

Visa, Mastercard and Amex did not comment for this story. PayPal said it does not comment on regulatory aspects.

What the norm says

Under the norm, payment players, both domestic and international, are directed to store financial data of Indian users within the country by October 15 failing which the central bank might take action, including monetary fine. The directive was issued in April in the wake of issues related to instances leading to data theft and cyber financial frauds.

Most of the Indian payment companies and global tech companies offering payments — Alibaba, Amazon Pay, WhatsApp, Google Pay — have complied with the requirements.

Top banking source told BusinessLine that the central bank is examining matters on a case-by-case basis to understand why these companies had failed to comply. “The RBI is in dialogue with these companies and has assured them there would be no restrictions on companies (that have not complied) immediately as it would impact the payment ecosystem and the consumers.,” the source added.

According to RBI data, Mastercard, Visa and American Express still dominate the payment ecosystem, with transactions worth ₹94,199 crore as of June 2018, with UPI at ₹40,834 crore and wallets at ₹14,632 crore.

“Card networks account for more than 70 per cent of the payment network and they will not want to lose the business. It is understood that they will comply by October 31,” said another source.

In recent months, many international payment firms have reached out to the Ministry of Finance and the Ministry of Electronics and Information Technology (MeitY) seeking an extension of the deadline. But the RBI has been unyielding.

Boost for Indian cos

It is expected that the data localisation norm will give a boost to Indian payment gateways such as CCI Avenue, PayU, Billdesk besides government-owned card network RuPay.

“The RBI seems to have rushed the matter. Global companies should have been given at least a 12-month horizon with clarity on guidelines around data storage, how much to store, what to store and the tenure etc. It is not about putting a hardware somewhere , it is also about processes and it takes time,” said Sanchit Gogia, Chief analyst, founder and CEO at advisory firm Greyhound Research.

Published on October 15, 2018
This article is closed for comments.
Please Email the Editor