Amex, Diners barred from adding clients
Breach of RBI’s data storage norms
SATURDAY | 24 APRIL 2021 | NEW DELHI
The Reserve Bank of India (RBI) on Friday imposed restrictions on American Express Banking Corp and Diners Club International Ltd from on-boarding new domestic customers onto their card networks over non-compliance with the central bank's norms on storage of payment system data. The ban will come into effect from May 1. The ban, however, will not impact existing customers, the central bank said in a statement.
American Express Banking Corp and Diners Club International Ltd are payment system operators authorised to operate card networks in the country under the Payment and Settlement Systems Act, 2007.
Imposing the restrictions on American Express and Diners Club, the RBI said, "These entities have been found non-compliant with the directions on Storage of Payment System Data."
In April 2018, all payment system providers were directed to ensure that within a period of six months the entire data (full end-to-end transaction details / information collected / carried / processed as part of the message / payment instruction) relating to payment systems operated by them is stored in a system only in India.
They were also required to report compliance to the RBI and submit a boardapproved system audit report (SAR) conducted by a CERT-In empanelled auditor within the timelines specified.
Again, in June 2019, the
RBI said all data related to payment transactions must be stored in India and such information, if processed abroad, should be brought back within 24 hours.
"The entire payment data shall be stored in systems located only in India," the RBI said, adding, "The data should be deleted from the systems abroad and brought back to India not later than one business day or 24 hours from the payment processing, whichever is earlier."
The RBI had also clarified that the data stored in India can be accessed or fetched when required for handling disputes or so.