Banks Pause Partnerships with OneCard Over Data Storage Concerns

After concerns raised by the Reserve Bank of India (RBI) regarding how data is stored, several banks have decided to stop their collaborations with the co-branded card fintech firm OneCard.

The RBI issued a circular on March 7, 2024, stressing that banks must have full control over cardholder data. It mentioned that sharing card data, like transaction details, with external partners should only happen if necessary for their specific tasks and with clear consent from the cardholder.

Following this directive, Federal Bank and South Indian Bank stopped accepting new customers for their co-branded credit cards with OneCard. They took this step to ensure they comply with the RBI’s rules on data security. While other banks partnering with OneCard haven’t taken similar actions yet, it’s expected that they might do so soon.

The worry arose from how OneCard indirectly accessed customer data through the credit card software stack it provided to partner banks. Even though OneCard didn’t directly access customer data, its involvement in providing the software stack raised concerns about potential data access.

However, experts in the industry believe that this pause in partnerships might be temporary. Once OneCard implements measures to access customer data in encrypted form, banks will likely start issuing co-branded cards again. OneCard’s technology enables features like real-time transaction tracking, spending management, EMI conversion, and payments through a dedicated app, making it a unique offering in the card business.

FPL Technologies, the parent company of OneCard, established in February 2019, has received significant funding from investors such as Temasek, GIC, Matrix Partners, QED Innovation, Hummingbird Ventures, and Sequoia Capital, totaling $227 million.