In view of the satisfactory compliance demonstrated by American Express Banking Corp. with circular Storage of payment system dataThe restrictions imposed on boarding of new domestic customers have been removed with immediate effect, the central bank said in a notification.
Last year, reserve Bank of India Three US-based card networks – MasterCard, American Express and Diners Club International – Issuance of new cards in India Because these companies were considered non-compliant with local data storage regulations. ban on master card was lifted in June this year, while the restrictions were imposed dinner club Was picked up in November last year.
As per RBI regulations, all foreign payment operators storing card and customer data must do so on servers physically located in India. This rule was introduced by RBI through a circular issued in April 2018. The rules give foreign payment processors latitude to move card storage data abroad to smooth the flow, provided this data is deleted within 24 hours.
All card issuers were mandated to submit detailed “certificates of compliance” twice a year to the central bank from FY22, which confirms compliance with all RBI regulations around the security and storage of payment data.
These requirements are mandated by the central bank in its 2018 circular, which asked these companies to submit board-approved annual system audit reports (SARs) by CERT-paneled auditors.
These companies were also asked to submit a one-time compliance report with data localization norms, which mandate payment related data in India to be stored in servers physically present in the country by December 2018.