wordpress blog stats
Connect with us

Hi, what are you looking for?

Visa has fully complied with RBI’s data localisation mandate: Report

While Visa had partially complied with the RBI mandate in 2018, it has now become the first global financial services company to begin storing user data only in India. 

Payment card network Visa has complied with the Reserve Bank of India’s 2018 circular on localising payments data, The Hindu Business Line reported. While the company has not made any public announcements on its compliance with that circular, which requires payments industry players to store all user data in India, and only in India, circumstances point to Visa being unlikely to have run afoul of the requirements. Earlier this month, RBI froze banks from issuing new Mastercard payment cards, but has not signalled that it is likely to do the same for Visa.

Why this matters: While Mastercard and Visa are a practical duopoly in many parts of the world, the payment localisation requirements seem to have thrown them off. Mastercard grumbled in 2018 that no other country in the world has such stringent data localisation norms that disallow mirroring, the practice of localising user data while also storing it in servers around the world. As long as Mastercard remains non-compliant, the Indian card payment network market is still a duopoly; but this time, the other player is RuPay, the National Payments Corporation of India’s homegrown alternative.

All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India. This data should include the full end-to-end transaction details / information collected / carried / processed as part of the message / payment instruction. For the foreign leg of the transaction, if any, the data can also be stored in the foreign country, if required. — RBI’s 2018 circular (emphasis ours)

Mastercard freeze

The RBI on July 14 said that despite three years passing since its circular, Mastercard had failed to prove that it was storing data in India only. “Notwithstanding lapse of considerable time and adequate opportunities being given, the entity has been found to be non-compliant with the directions on Storage of Payment System Data,” RBI said. This forced RBL Bank and YES Bank to find alternatives for credit cards — these banks have been issuing cards only in the Mastercard network. But that process could take months.

While RBL Bank said it obtained a deal with Visa in the days before the Mastercard ban, it said it would take at least two months to start issuing Visa cards. YES Bank reportedly said it would sign such an agreement this week, and would take at least three months to start issuing Visa credit cards.

Advertisement. Scroll to continue reading.

Compliance with RBI circular

The circular pegged the compliance time at six months, and some companies said that they had complied in 2018 itself. However, global payments companies resisted, or took time to comply with the RBI’s order. PhonePe said in 2018 that Big Tech companies like Google and Facebook were resisting the order because compliance could potentially increase their tax burden.

In October 2018, the following companies had complied with the circular:

  • October 9, 2018: WhatsApp confirms its compliance with the circular.
  • October 24, 2018: Alfred Kelly, CEO of Visa says that as of October 15, Visa is storing data locally.
  • October 30, 2018: Amazon India says it has started storing payments data locally without mirroring in overseas servers.

The circular has also led to some international pushback: the United States Trade Representative cited data localisation requirements as onerous to American businesses, and partly due to these restrictions imposed (but immediately suspended) sanctions on Indian imports to the US.

Also read

Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ