back to article India bans Mastercard from signing up new customers

India’s Reserve Bank yesterday barred credit card giant Mastercard from signing up any new customers in the nation. A notice from the bank said Mastercard “has been found to be non-compliant with the directions on Storage of Payment System Data”. Those directions were issued in April 2018, and gave banks and payment systems a …

  1. ecofeco Silver badge

    That's how you do it

    I love nations that hold giant corporations' feet to the fire.

    1. elsergiovolador Silver badge

      Re: That's how you do it

      Those directions were issued in April 2018, and gave banks and payment systems a deadline of October 15, 2018,

      It's 2021 today. That sounds like tickling rather than holding to fire.

    2. big_D Silver badge

      Re: That's how you do it

      The EU is much the same, all data in the EU or in a land with equivalent data protection, like Iceland, Japan etc., but not the USA...

      1. JWLong

        Re: That's how you do it

        In the USA we hold all of our data on the dark web

        Seems to be more safe there than on secure systems since secure systems don't exist on the port 80 web.

  2. D. Evans

    No local issues?

    Why would a local financial institution have issues with data being sent outside of India since most IT outsources are in India. Oh wait....

    I hope nobody is implying a cloud endpoint in the US constitutes data traveling outside of India. :-)

  3. Anonymous Coward
    Anonymous Coward

    Similarly I hope US data is not being subject to leakage by being accessible in India. For example it could lead to criminals posing as support personnel to execute confidence scams.

    1. LDS Silver badge

      You mean like US banks processing transaction among US entities in India - like this:

      https://www.theregister.com/2021/02/19/citibank_money_mistake/

      US needs to a law that such data should never be transferred to India for processing... although CityBank already learnt a $500M lesson...

  4. rjed
    IT Angle

    MasterCard babbling with response

    Seems MasterCard just didn't care. The mandate given by govt was to comply in 6 months and were given 3 years. If this is not good enough for MasterCard, I don't know what is. MasterCard needs to gets its house in order.

    1. PTW
      Coffee/keyboard

      Re: MasterCard babbling with response

      Hubris! They thought they were so big that India would never dare do anything like they just have. Now I'm sure the Indian government are more likely doing it to spy on their citizens than for any idea of data protection.

      But, I'm so glad it's happened.

      1. MrReynolds2U

        Re: MasterCard babbling with response

        Actually it appears in part of their desire to ensure continuing western investment in the IT infrastructure.

        India doesn't want to be the cheap option, they want to raise prices and quality but not lose investment as they level-up with western nations.

        It will also come in handy for the security services, and for investigations into tax avoidance among multinationals (including MasterCard).

    2. elsergiovolador Silver badge

      Re: MasterCard babbling with response

      to gets its house in order.

      House of cards

      1. Anonymous Coward
        Anonymous Coward

        Re: MasterCard babbling with response

        Call me Daddy.

  5. jmarkhus

    Irony of ironies

    Indian's tata company owns infosys Uganda's number one provider of core bank solutions. They produce an app called finnacle.

    Uganda has a law that all customer banking data must be stored within 5 miles of the central bank. That is why all banks that work in the country open a branch in the capital city.

    But finnacle is an app that's run online out of India for bank of baroda. So this is a case where data isn't domiciled in the country.

    Equity bank purports to run their core banking out of Kenya but I suspect its the same thing. Same with standard bank out of South Africa.

    Barclays is the same thing. I have no idea where standard chartered bank is served out of but I suspect its another product from a server in Chenai.

    If our cowardly central bank laid down the law, there would be alot of business going to India for migration jobs but the visa and immigration issues that would ensue as well as the politics of foreign labour would drive them nuts.

    1. Dan 55 Silver badge
      WTF?

      Re: Irony of ironies

      Uganda has a law that all customer banking data must be stored within 5 miles of the central bank. That is why all banks that work in the country open a branch in the capital city.

      But... doesn't that make it easier for groups who want to target a bank as they know where to look?

    2. BOFH in Training Bronze badge

      Re: Irony of ironies

      If all customer data has to be within stored within 5 miles of the central bank, that will mean all the core data centers for the bank must be all in one area.

      Wonder if they are allowed to keep data backed up in a different location. If not all it needs is some major disruption / disaster in the city and all the banks could be screwed.

      I don't think a normal bank branch keeps all the data anyway.

      1. elsergiovolador Silver badge

        Re: Irony of ironies

        When the government is caught in a huge corruption scandal etc. it's just convenient to have all potential evidence in one place.

        The great financial reset is probably within a reach of a text message to generals.

    3. eldakka Silver badge

      Re: Irony of ironies

      Irony of ironies

      Indian's tata company owns infosys Uganda's number one provider of core bank solutions. They produce an app called finnacle.

      Uganda has a law that all customer banking data must be stored within 5 miles of the central bank. That is why all banks that work in the country open a branch in the capital city.

      I'm not sure how 1 country enforcing it's laws, India, which pertains to data on its citizens, when another country isn't enforcing its laws, Uganda, is in any way ironic. India is under no obligation to enforce a foreign goverments laws, only its own.

  6. big_D Silver badge
    Paris Hilton

    Logical...

    The Register cannot find evidence that any local bank or payment system has found itself in trouble.

    Well, duh! If they are local, chances are good that their data is stored locally to start with!

  7. Anonymous Coward
    Anonymous Coward

    Digital Sovereignty

    This is going to become more of an issue in the coming decade. More countries are going to insist that data generated within their borders stays with those borders & anything that doesn't comply with local regulations is kep out. You can sre this with Ofcom's blocking powers in the Online Safety Bill. I think more countries will follow this.

  8. Anonymous Coward
    Anonymous Coward

    This seems like the pot calling the kettle black. I've always found Indian banks to be paragons of security and reliable employees, as long as I buy the $399.99 a year platinum protection plans.

  9. Anonymous Coward
    Anonymous Coward

    Anon because i'm leading a team that is building a payment processing platform in India to comply with India data sovereignty laws....

    The Indian government has its hands in Rupay, an Indian competitor and maybe one day hoped for replacement for Visa, Mastercard, Amex and so on.

    https://en.wikipedia.org/wiki/RuPay

    I'm sure leaning into Mastercard is all about a level playing field and not offering advantage to their own payment scheme.....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like