wordpress blog stats
Connect with us

Hi, what are you looking for?

RBI allows Diners Club to start reissuing credit cards in India, Mastercard and Amex continue to be barred

The RBI had imposed these bans after observing that not all payments companies were storing data in India.

Following the demonstration of “satisfactory compliance” with the data localisation norms, the Reserve Bank of India (RBI) on November 9 lifted the restrictions imposed on Diners Club in April, allowing the company to restart onboarding new credit card customers in India.

Although Diners has a paltry market share in India’s credit card space, its compliance with the regulations currently makes it the only other international card issuer in India along with Visa because both, American Express and Mastercard, continue to be under the RBI’s restrictions.

MediaNama has reached out to Diners Club and HDFC Bank, which is the sole issuer of Diners Club cards in India, asking details on when they will start reissuing cards and the proposed plan to make up foregone market share. We will update this report once we receive a response.

American Express and Mastercard are still under restrictions

Along with Diners Club, RBI had also imposed restrictions on American Express in April this year. Then in July, RBI imposed the same restrictions on Mastercard.

At the time, an American Express spokesperson told MediaNama that the company is in regular dialogue with RBI about the data localisation requirements and has demonstrated its progress towards complying with the regulation.

Advertisement. Scroll to continue reading.

Meanwhile, Mastercard in August said that it has complied with the local data storage norms laid down by the RBI and has filed a new audit report:

“When RBI required us to provide additional clarifications about our data localization framework in April, 2021, we retained government-empaneled Deloitte to perform a supplemental audit to help demonstrate our compliance. We have been in a continued dialogue with the RBI from April through the report’s submission on July 20, 2021,” Mastercard’s statement read.

The restrictions on Mastercard resulted in many banks shifting to Visa, including RBL Bank and Yes Bank, which used to solely rely on Mastercard. The issue also reportedly irked the US government and a senior US trade official termed the move as “draconian.”

In an issue unrelated to data localisation, RBI had also barred HDFC Bank from issuing new cards in December 2020 but lifted this restriction in August this year.

What are the data localisation norms of RBI?

In April 2018, the RBI had issued the following directions after it observed that not all payments companies were storing data in India:

  • Entire data relating to payment systems must be stored in a system only in India
  • Ensure compliance within a period of six months and report it to the RBI by October 15, 2018
  • Furnish the System Audit Report (SAR) by CERT-IN empanelled auditors by December 31, 2018

However, in June 2019 following concerns raised by the industry, RBI went on to clarify the guidelines:

  • What data should be stored in India? The central bank elaborated on data that had to be stored in India mandatorily:
    • Customer data: Name, mobile number, email, Aadhaar number, PAN number, etc.
    • Payment sensitive data: Customer and beneficiary account details
    • Payment credentials: OTP, PIN, passwords, etc.
    • Transaction data: Origin and destination system information, transaction reference, timestamp, amount, etc.
  • Applicable to: The norms were applicable to transactions made through system participants, service providers, intermediaries, payment gateways, third-party vendors, and other entities in the payments ecosystem apart from all the payment system providers authorized by the RBI.
  • Data processed outside: The central bank clarified that there is no ban on overseas processing of strictly domestic transactions but the data should be brought back to India within one business day or 24 hours of payment processing and be stored locally here.

Also Read

Have something to add? Post your comment and gift someone a MediaNama subscription

Advertisement. Scroll to continue reading.
Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ