On Wednesday July 14, the Reserve Bank of India (RBI) banned MasterCard from onboarding new domestic customers, including debit, credit or prepaid card users on its network. The ban will take effect on July 22. The supervisory action was taken in the exercise of powers conferred on RBI under section 17 of the Payment and Settlement Systems Act 2007 (PSS Act). Pursuant to the RBI Circular on the Storage of Payment System Data dated April 6, 2018, all system providers have been ordered to ensure that, within six months, all data (full end-to-end transaction details / information collected / transported / processed as part of payment message / instruction) regarding the payment systems they operate is stored in one system only in India.
MasterCard has remained provocative. Several private sector lenders like HDFC Bank, Yes Bank, ICICI Bank, RBL Bank have links with MasterCard for debit and credit cards. However, from July 22, no bank will be able to issue new cards on the MasterCard network. According to data released by London-based payments startup PPRO, MasterCard accounted for over 30% of all card payments in India. Previously, the RBI had banned American Express Banking Corp and Diners Club International Ltd from onboarding new domestic customers to their card networks from May 1 for violating data storage standards.
Data security, the main concern
The RBI reading the riot law to card service providers may appear to be part of new government regulations on e-commerce portals and social media websites. The common thread of course is that if you want to operate in India, you have to follow Indian laws, period. But in the case of the card business, there is something more vital at stake: the security of financial data. The RBI is on the verge when it says that financial data relating to Indian users should be stored in India i.e. on servers located in India. Otherwise, this data can become a matter of commerce with anyone who can access it for free or for a fee.
The advent of co-branding has increased the possibility that its financial data will float dangerously for crooks and blackmailers. These card schemes represent 14% and 15% of the cards in circulation for Axis and ICICI, the first being the MasterCard for its partnership with Flipkart and the last Visa for its partnership with Amazon. Multinational card service providers and multinational e-commerce companies can combine to make a meal of Indian data rooted in foreign servers. And up close, ‘Alexa’, who of course, while being a big help to housewives, is irritated for her role as a low-key voyeur. For family powwows to be captured by it and discreetly transmitted to its remote data storage servers is indeed a worrying development.
Leg up to atamanirbhar
The loss of MasterCard would be the gain of Visa and the native Rupay. But Rupay, despite its impressive card market share, remains a major player in debit cards, with international payment gateways avoiding its credit card. Visa will therefore interfere in the breach left by MasterCard in the credit card space. Either way, the government’s goal is ultimately to oust foreign card providers from their dominant position, as there is a large expenditure of foreign currency towards their commission for their services, which does not It’s not exactly rocket science. The local Rupay has captured 58% of the card market (in terms of number of cards issued) with the abolition of the Merchant Discount Rate (MDR) acting as a force to make the change in its favor. The mobile applications of our fintechs also make the cards redundant pro tanto. But it would be unfair to attribute their success to the RBI reading the riot act to multinational card service providers. The security concerns are real.
Cyber warfare is too real to ignore
It is now almost obvious that nuclear war is over and cyber warfare is more powerful. The alleged Russian hack into New York’s gas system recently as well as the alleged hack of BSNL data by the Chinese are not mere products of paranoia or the feverish imaginations of overworked minds. While hackers in particular and the virtual world in general do not respect borders, people are reluctant to give their data on a platter to those with bad intentions. All Chinese people were reluctant to buy Tesla electric cars because they suspected that its cars were secretly equipped with eavesdropping devices. Well, if the devil can quote the scriptures, he can also suspect the evil behavior of others !! The short point is whether it is through brazen hacking / eavesdropping or intelligent use of data stored on servers, the key is to compromise data security.
Net-net, the RBI’s tough stance kills two birds with one stone — by tackling data security concerns and overtaking national payment platforms.
S. Murlidharan is a CA by training and writes on economic, tax and business matters. The opinions expressed in the article are his own.
First publication: STI