Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Almighty Buck

India Bans Mastercard From Adding New Customers (techcrunch.com) 25

Reserve Bank of India has indefinitely barred Mastercard from issuing new debit, credit or prepaid cards to customers in the South Asian market over noncompliance with local data storage rules. TechCrunch reports: The South Asian market's central bank said the new restrictions will go into effect on July 22. "Notwithstanding lapse of considerable time and adequate opportunities being given, the entity has been found to be noncompliant with the directions on Storage of Payment System Data," RBI said in a statement Wednesday. The new order won't impact existing customers of Mastercard, which is one of the top three card issuers in India, RBI said. "Mastercard shall advise all card-issuing banks and non-banks to conform to these directions," it said. This isn't the first time India's central bank has penalized a firm for noncompliance with local data-storage rules, which were unveiled in 2018 and mandated compliance within six months. The rules require payments firms to store all Indian transaction data within servers in the country. In April, RBI restricted American Express and Diners Club from adding new customers, citing violation of the same rules.
This discussion has been archived. No new comments can be posted.

India Bans Mastercard From Adding New Customers

Comments Filter:
  • Visa, Mastercard and several other firms, as well as the U.S. government, have previously requested New Delhi reconsider its rules, which they have argued are designed to allow the regulator “unfettered supervisory access.”

    It's so obvious I don't even need to point it out.

  • by presidenteloco ( 659168 ) on Wednesday July 14, 2021 @06:12PM (#61583315)
    Like if Mastercard wants to train AI against all its transactions worldwide.

    Do these laws say: "F U you can't combine Indian data with other data in some analysis server elsewhere, even if you have a copy of the data on India-resident servers?"

    Does the law say this data shall ONLY be stored on India-resident servers, or just that a copy shall be stored there?
    • by IcyWolfy ( 514669 ) on Wednesday July 14, 2021 @06:21PM (#61583339) Homepage

      The law is "Must be stored and processed only in India"

      > Do these laws say: "F U you can't combine Indian data with other data in some analysis server elsewhere, even if you have a copy of the data on India-resident servers?"
      Yes. The data must not leave the country.

      > Does the law say this data shall ONLY be stored on India-resident servers, or just that a copy shall be stored there?
      Yes. The word "only" is included.
      Chatper 7 of the law covers the limited cases in which data may be processed out-of-country, with approval from the central government, and opt-in approval from each person whose data is to be processed. The processing must be done in a region with laws compliant with requried protections outlined in the bill.

      Ref: https://www.lawfareblog.com/ke... [lawfareblog.com]
      Bill Text: https://drive.google.com/file/... [google.com]

      • That really appears to just say it has to be approved. Like "it's prohibited unless we allow it." Seems like an extortion clause to me where the Indian government just gets to choose who meets their conditions and who doesn't. My reading is that these are not "limited cases", they just have to be approved to satisfy certain security and legal jurisdiction conditions which seem open to interpretation.
      • Can someone with knowledge of Indian politics comment on whether this law is an attempt to keep Indian PII within India rather than exporting it to the US, or just an attempt to something something Indian government something?
        • by mungtor ( 306258 )

          Certainly not an expert on Indian politics, but I think it's twofold. It is an attempt to keep Indian PII within India, but I believe that the Indian government also gave themselves the rights to access any data stored within their borders. IIRC, there have been incidents where the government demanded encryption keys (Blackberry for one, not sure on others) to make sure they have access.

          So it probably is an effort to keep Indian PII in India - where the government can more conveniently troll through it

  • Is Diners Club even still a thing? Seriously.

    As far as MasterCard goes, I'm pretty sure their holdings are more valuable than the total income of India.

    • The first rule of Diners Club is that you don't talk about Diners Club. Especially not with the hoi-polloi.

    • In Ecuador, Diners Club is a big thing !!! :)
    • I'm pretty sure you're misinformed. First, Mastercard's 'holdings', whatever you mean by that have no bearing on their obligation to follow the laws of the country they endeavor to do business in. Second, even if one assumes market capitalization is what you meant, you'd be off close to an order of magnitude. As of today Mastercard's market cap is 387B whereas Indian GDP was 2.62T in 2020 https://tradingeconomics.com/i... [tradingeconomics.com]
  • An EU citizen buys a bottled water from a store while traveling in India, pays with their EU issued Mastercard...

    The rules require payments firms to store all Indian transaction data within servers in the country

    I guess we'll just keep pretending corner cases like these don't exist.

  • Shouldn't India be more focused on things like Covid, feeding people, etc., rather than whether or not KFC can open a store or MasterCard can add more customers?
    • A government is large enough to focus on multiple things at once.

    • by ami.one ( 897193 )

      And which country should NOT be more focused on Covid ? :) :)
      Australia ? UK ? All the EU ones ? Japan? Singapore? USA?

      Making excuses for large corps, or anyone for that matter, flouting the law, is a very slave mentality complex.

      I can understand if you object to a homeless guy being asked to follow some law or a struggling startup being hit with red tape or taxes etc. But even you can't flout the law you don't agree with. That's a very basic concept. Most people know it.
      Even if you are not "aware' of a law

  • It is about control.

    If your financial data is contained in the country, then your ability to use those finances are also limited to that country's rules. This might sound nice, but as we move to a "cashless" future, more government control without civilian oversight = more potential for abuse, at least life altering mistakes.

    Sure, what a citizen does abroad is probably not the government's business. But it is not the big issue here. Even with the best rules, the workers who have access to data are prone to

"I'm a mean green mother from outer space" -- Audrey II, The Little Shop of Horrors

Working...