Most payment cos fall in line with RBI’s data storage diktat

Mumbai: As many as 62 of the 78 payments service companies affected by the Reserve Bank of India’s (the RBI’s) directive on data localisation by October 15 have taken steps to move storage of customer information exclusively to India. The remaining 16 entities, including Visa and Mastercard, have sought more time and continue to make a pitch for mirroring data in Indian servers (or having a backup of the same data abroad).

Those who have taken steps to move payments data exclusively to India include Alibaba Group, Amazon and WhatsApp who have confirmed that they have activated data servers here. In April this year, the RBI had asked all payments system providers to ensure that they store their data only in India. This applied to details of end-to-end transactions and information that is either collected, carried or processed as part of a payment instruction. The only relaxation is that, in the case of cross-border transaction, the data pertaining to the foreign leg can be stored overseas if required. Industry body Payments Council of India is understood to have made a representation to the finance ministry, asking for relaxation of the norms. While the government has said that it will look into their concerns, sources said that the RBI is holding its ground.

Earlier, card companies had told TOI that they get only limited data — the card number with personal identifier masked, the transaction time and amount, and the merchant name. Sources said that the RBI has taken the stance that it will not accept mirroring as this is seen as an issue of sovereignty over citizen’s data. The RBI is understood to have had a meeting with payments service providers this week, where it said that there are enough technology solutions available to store data locally and they should have already started the process since the circular was issued in April. With the deadline only four days away, sources said that the RBI would be looking at how far companies are from achieving compliance before determining further course of action.

The development was reported by

, , ,

Leave a Reply

Your email address will not be published. Required fields are marked *