RBI bars Mastercard from onboarding new customers in India

The Reserve Bank of India (RBI) has barred Mastercard Asia/Pacific Pte. Ltd from onboarding new domestic customers (debit, credit or prepaid) onto its card network from July 22, 2021. The move is being made in response to the company’s non-compliance with local data storage regulations.

“Notwithstanding lapse of considerable time and adequate opportunities being given, the entity has been found to be non-compliant with the directions on Storage of Payment System Data,” the central bank said in a statement.

“This order will not impact existing customers of Mastercard. Mastercard shall advise all card-issuing banks and non-banks to conform to these directions. The supervisory action has been taken in the exercise of powers vested in RBI under Section 17 of the Payment and Settlement Systems Act, 2007 (PSS Act),” RBI said.

Advertisement

‹

EVENT

VeeamON 2026 Tour India - Delhi

A VeeamON 2026 India Leadership Series Delhi for senior public sector and government technology leaders.

📅 Fri, 19 Jun 2026

📍 Shangri-La Eros

Register Now →

EVENT

Infosec Reimagined

Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.

📅 Fri, 26 Jun 2026

📍 New Delhi

Register Now →

EVENT

Digital Senate

Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.

📅 Thu, 30 Jul 2026

📍 New Delhi

Register Now →

EVENT

CIO Prism

CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.

📅 Fri, 18 Sep 2026

📍 Goa

Register Now →

›

Mastercard is a Payment System Operator authorised by the PSS Act to operate a Card Network in the country.

Previously, the central bank barred American Express and Diners Club International from onboarding new domestic customers beginning May 1 after these companies were found to be in violation of the central bank’s instructions regarding the storage of payment system data in India.

Also, RBI rejected requests from prominent merchants such as Amazon, Microsoft, Netflix, Flipkart, and Zomato to store customer credit card data in accordance with the new payment aggregators and payment gateways (PA/PG) standards.

The central bank is making these efforts to bolster data security for Indian consumers. In April 2018, the central bank had issued a circular on Storage of Payment System Data asking all System Providers to ensure that within a period of six months the entire data (full end-to-end transaction details / information collected / carried / processed as part of the message / payment instruction) relating to payment systems operated by them is stored in a system only in India.

Companies were also required to report compliance to RBI and submit a Board-approved System Audit Report conducted by a CERT-In empanelled auditor within the timelines specified therein.