BENGALURU: Global digital payment companies operating in India anticipate a sharp increase in operating costs and heightened threat perception to their stored data from having to store all their domestic transaction information only within the country.
The biggest challenge to these companies, according to two top executives at global payment companies, lies in managing cyber-attacks in a decentralised data storage mechanism.
“Oversight is easier when data systems are centralised. More dispersed the data, bigger is the threat of a security lapse,” said one of them. “The weakest link can be a source of a huge risk to our entire database.”
The executives declined to be identified since their companies’ data localisation plans are with the central bank.
The Reserve Bank of India mandated payment companies in April to store data in India only and give it unfettered access to the data, a move local payment companies have supported. With RBI not budging from its stand, payment networks like Visa, Mastercard and PayPal are identifying ways of adhering to the regulator’s diktat.
These companies have submitted their localisation plans to RBI, offering to completely store data in India only in 9-12 months, according to sources. The deadline for data localisation ended on October 15.
“We have submitted a roadmap to RBI. But if we have to completely localise data, it could cause a major risk for platforms like us,” said the second senior executive mentioned earlier.
Explaining what could go wrong technically, one of the executives said a big worry is about transactions being timed out, especially crossborder ones. Payment companies conduct several checks and track multiple parameters before clearing a transaction. If one leg of the transaction originates in India, companies would have to make those checks across multiple data centres, which could cause a time lag and eventually even result in the transaction failing, he said.
“We check for a thousand parameters and still process transactions within milliseconds. That efficiency is achieved because of our centralised database,” the executive said. “Now, if we look through our fraud database across multiple data centres across the globe, it could cause problems for the smooth flow of transactions.”
Another major impact would be on innovation within the space, because of costs being diverted into building local data storage capacities in India, according to the executives.
A case in hand could be the fact that multiple global entities are facing trouble launching UPI-based payments.
ET has reported earlier that RBI’s data localisation rule has caused WhatsApp Payments to be stuck in pilot mode, as well as scuttled Amazon’s plans to launch UPI payments in India.
“It would end up causing a competitive disadvantage for global players. And in India, we are also competing with domestic payment entities, which is a huge challenge in itself,” he said.
While experts agree that costs will rise, they disagree that systems in India would be more unsafe than elsewhere. “There is a cost to localising the data here. Not just the technological cost of servers, but companies will have to relook at processes, especially in the case of cross-border transactions,” said an executive with one of the Big 4 consultancies. “But I don’t think you can say it will be unsafe. There will be a cost to make it as safe as in their main data storage locations.” This executive, who declined to be identified as his firm is working with some payment firms on data localisation, added that RBI is unlikely to pay attention to complaints about increased costs.
The development was reported by retail.economictimes.indiatimes.com