Turkey’s Banking Regulation and Supervision Agency has recently made some amendments on the Regulation on Debit Cards and Credit Cards (“Regulation”) and clarified the data storage related matters which have been raised by banks with respect to their card payment systems  Being effective since 25 September 2020, the regulation included two new terms permanent data storage instrument and the remote communication tool.

Accordingly, permanent data storage instrument is defined as all kinds of tool or instrument such as short messaging, electronic post, internet, CD, DVD, memory card etc. that enables to reach directly the information sent by the card holder or sent to the card holder, and to record the information in a way to suffice examination of the information for a reasonable time and pursuant to its purpose and to copy the information without change.

The remote communication tool is defined as all kinds of tool or medium such as post, telephone, fax, electronic mail messages, internet, short messaging services etc. that enables establishment of a contract without physical communication.

Not limited to add these new terms, the existing term “institutions that exchange information and perform clearing and deduction services” has been changed to “institutions that exchange information” by thus, institutions clearing and deduction systems are excluded from the  the Regulation.

With the recent amendment; he institutions that obtain permission to make agreements with member businesses and that are one of the other payment service providers other than banks are required to send the requested information to the Banking Regulation and Supervision Agency until the fifteenth day of April following each accounting period.

Notification with Permanent Data Storer: Article 17 of the Regulation on Debit Cards and Credit Cards stipulating the conditions of contracts has been amended, and notification requirements by card issuing institutions to card holders has been regulated.

As per the amendment, the relationship between card issuing institutions and card holders will be governed by the contracts established over an informatics and electronic communication devices using remote communication tools. Thus, in accordance with the remote communication tool used, a copy of the contract must be given to the cardholder and if any to the surety, on paper or with permanent data storer that paved the way for providing notification with a permanent data storer other than in writing, during the card delivery or before the card delivery following the card allocation.

Credit Card Limits: With the amendment card issuing institutions are enabled to determine credit card limits in case of cash, cash-like assets and accounts and precious metal and the provisions regarding total credit card limits for the first time credit card holders have been regulated. Accordingly, card issuing institutions may determine credit card limits in case of cash, cash-like assets and accounts and precious metal, without being subject to income statement and income confirmation provided that it does not exceed the equivalent amount and is subject to contract of pledge where necessary.

On the other hand, as per the amendment, the total credit card limit to be granted for credit cards obtained by an individual who will be a first-time credit card holder from all card issuing institutions, will not exceed the double of the monthly average net income for the first year and quadruple  for the second and subsequent years. However, in case that the monthly or annual average net income cannot be determined, the total credit card limit will not exceed the amount determined by the Banking Regulation and Supervision Board. Finally, total credit card limits regarding credit cards allocated against cash, cash-like assets and accounts and precious metal are excluded from the limitations stipulated with this amendment.

Member Businesses using Point of Sale (“POS”): With the recent amendment it has been compulsory to send relevant information of sub-businesses using POS for individually identifying the sub-businesses and for following-up those sub-businesses based on transactions. Accordingly, if the card acceptor agreement is established between member businesses and if the contracting member business is a paying or electronic money institution and this member business allows sub-businesses to use POS; the trade name, tax ID or citizenship number of the sub-businesses using POS must be notified to the contracting member business. Institutions intending to establish card acceptor agreement cannot establish card acceptor agreements with the institutions that do not fulfill this obligation and cannot provide POS to these institutions. As per the amendment, it is also highlighted that the information of sub-businesses within this scope cannot be used for marketing and similar purposes.

Ezgi Ceren Aydoğmuş