The Reserve Bank of India (RBI) issued a new regulation in April, which came into effect from October 16, requiring payments companies to store all information about transactions involving Indians solely on computers in the country. Mastercard said all new Indian transaction data is being stored at its technology centre in Pune as of October 6, as required by the RBI directive on data localization.
Informing about the move, including disputes over transactions, Porush Singh, India and Division President, South Asia, MasterCard said that the proposal is given to RBI to delete back data from certain date but is attentive of consequences of such a move, including disputes over transactions. "The data will be deleted from everywhere else except India, whether it is the card number, transaction details. The data will only be stored in India. No other country in the world has asked for the data to be deleted from the global server and the reason why it is a concern for MasterCard is because that would be weakening of the safety, and security over a period of time."
The company is planning to go with the dateline which it has submitted to the RBI, by which it has to comply with the RBI’s regulations.
Mastercard has started storing a copy of the data. The date of (data) deletion (from global servers) is something which is not yet decided as it is waiting for the RBI to confirm back.
Singh said that deletion of data is not a simple process like "pressing a button". "This is because people can charge you for the dispute of the transactions, that all in process and it needs multiple players, multiple stakeholders. We have given them (RBI) a proposal and we are waiting for them to confirm back. there will be 'incremental cost'. Also Data localization requires data about residents be collected, processed, and stored inside the country, often before being transferred internationally, and usually transferred only after meeting local privacy or data protection laws."
RBI in its April 6 circular said -
“All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India. This data should include the full end-to-end transaction details/information collected, carried or processed as part of the message and payment instruction.”
RBI gave global payments companies six months to abide and submit their compliance report by October 15. On October 9, WhatsApp also confirmed its compliance with RBI regulations. It said it has built a system that stores the data of its pilot WhatsApp payments project locally. On October 24, Alfred Kelly, CEO - Visa said that as of October 15, Visa is storing data locally. On October 30th, Amazon India said that it has started storing payments data locally without mirroring it in its overseas servers.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
