In a first such action, the Reserve Bank of India barred American Express Banking Corp. and Diners Club International from on-boarding new credit card customers in India from May 1 for non-compliance with norms that require storing transaction data locally.
“These entities have been found non-compliant with the directions on Storage of Payment System Data,” the regulator said in a statement published on its website on Friday. “This order will not impact existing customers.”
The RBI introduced the data localisation norms in April 2018 and these were to come into effect from October that year. The norms require entities to store domestic customer transaction data in servers located in India and certify compliance through a system audit report submitted to the RBI. Multiple international payments firms such as Mastercard and Visa have, however, have sought extensions.
American Express and Diners Club conduct credit card business in India under the Payment and Settlement Systems Act. The RBI is empowered to take supervisory action against them.
As of February, American Express had 15.59 lakh cards in circulation in India, according to data available with the RBI. Its monthly spends were at Rs 2,324 crore at point-of-sale terminals. Diners Club operates in India through a tie-up with HDFC Bank Ltd. since 2011. Both AmEx and Diners Club offer credit card services to an affluent and high-net-worth clientele.
In December, the RBI had also barred HDFC Bank from on-boarding new credit card customers after the bank reported multiple system outages. The regulator has ordered a third-party audit of HDFC Bank’s IT infrastructure and would review its order only after it is satisfied that adequate efforts have been made to prevent system failures.