New OneCard Applications Suspended Across Banks: Everything We Know

• December 9, 2025

Last updated on Dec 9, 2025

RBI has asked for clarification on the co-branded arrangements, especially about user data sharing.

News & Updates

Table of Content

FPL Technologies’ OneCard co-branded credit card partnerships are currently halted from issuing new cards following a Reserve Bank of India (RBI) directive to partner banks to suspend new onboarding. The move is part of the RBI’s call for greater clarity on data-sharing norms in these co-branded arrangements.

OneCard Suspension: At a Glance

Who is involved: FPL Technologies’ OneCard and partner banks, including Federal, SIB, BOB Cards, SBM, Indian Bank, and CSB.
What: RBI directed to suspend issuance of new co-branded credit cards (One Card).
Why: Lack of clarity on how customer and transaction data is shared, stored, and consented under existing rules.
Effect: No new OneCard applications will be processed; existing cards continue to be serviced.

What Exactly Happened at OneCard?

According to multiple people cited by The Economic Times, RBI has issued letters to all banking partners of OneCard (operated by FPL Technologies) directing them to halt issuance of new cards until specific regulatory issues are addressed.

The affected partner banks include BOB Cards (Bank of Baroda’s credit card arm), Federal Bank, South Indian Bank, SBM Bank, Indian Bank, and Catholic Syrian Bank.
The RBI is seeking clarity on how data is shared between banks (card issuers) and OneCard (managed by FPL Technologies), especially in light of the rules governing the storage, ownership, and disclosure of cardholder and transaction data.

Key Regulatory Provisions Cited By RBI

Master Direction	What It States
Master Direction on Credit Card and Debit Card Issuance and Conduct: amended March 7, 2024	Card issuers must retain ownership and storage of cardholder and transaction data. Sharing such data with co-branding or outsourcing partners only if essential, and only with express consent from the cardholder. Co-brand partners must not access data beyond what’s needed for their defined functions.
Clause on Customer Confidentiality (RBI Circular RBI/2015-16/31 DBR.No.FSD.BC.18/24.01.009/2015-16)	Banks or NBFCs must not reveal customer information obtained during account/card opening to others without specific consent. Consent forms must explain the purposes of data use and the parties involved. Sharing with DSAs or agents is allowed only to the extent necessary; personal info not needed for their duties must not be shared.

“The central bank has issued letters to all banking partners of FPL Technologies asking them to stop issuing cards with OneCard until certain issues raised by the regulator are addressed.” — The Economic Times

Recent Precedents & Industry Moves

Federal Bank and South Indian Bank were earlier instructed by RBI in March 2024 to stop onboarding new customers for their OneCard co-branded cards, citing similar regulatory deficiencies.
Scapia, another fintech partner of Federal Bank, reorganised its partnership framework and received RBI approval to resume its co-branded card issuance later in 2025.

A Little Background and Strategic Implications

Co-branded credit cards: the ones where a fintech partner handles customer acquisition and branding and a bank issues the card have become more common in India.

Fintech companies like OneCard have been able to offer technology-driven app features, rewards, metal card designs, and real-time spend tracking.

However, the RBI has, over recent years, pushed stricter norms governing these partnerships.

The March 7, 2024 amendments emphasized customer data ownership and consent.
Mandatory requirement to clearly display the issuer bank’s name on co-branded cards and marketing materials.

These norms arise from concerns that some co-brand partners may, through technology stacks or platform control, gain de facto access to customer or transaction data. Under RBI directions, the data must stay with the card-issuing bank unless very tightly controlled.

What does the OneCard Crackdown mean for You?

The suspension of OneCard’s issuance underlines how seriously the RBI is enforcing its co-branding and data privacy norms. Financial technology players that rode the wave of fintech-bank partnerships may now need to rebuild or retool operational models.

This episode may lead to a reframing of how much data fintechs can access, and expectancies around transparency and consent will likely increase. Banks may reconsider ease of partnerships in favor of tighter control over customer data and regulatory risk.

No new OneCard applications via partner banks are being approved until compliance gaps are addressed. Those applying will likely see “application in reserve” status or “not eligible” messages.
Existing OneCard holders will still retain their cards and receive services such as billing, transactions, and customer support. RBI’s order does not affect the servicing of issued cards.
Resumption of new issuance is likely once partner banks provide clarity to the RBI and update their compliance frameworks, especially regarding how customer data is handled, stored, shared, and consent obtained.

In short, if you were eyeing OneCard, this regulatory pause means you'll have to wait. Anyone applying (or who has already applied) now may not get approval until compliance issues are resolved.

Existing users should monitor communications from their banks or OneCard for updates. In the larger picture, this might reset how co-branded card partnerships are structured in India: possibly limiting fintech access to cardholder data and putting banks in tighter operational control.

For those considering co-branded cards, it is wise to check the issuer bank’s name and to understand how data consents are structured in the application process.

news

About the Author

Anmol

Anmol writes detailed blogs and content about credit cards available in India and how to take full advantage of credit cards while avoiding marketing noise.