Relief for Visa, Mastercard! RBI's data storage rule likely to be relaxed for payments firms
Weeks after intense discussions with the foreign payment companies and trade bodies, the Ministry of Finance has suggested it could allow payment firms to store data in India as well as in the country where it is being stored currently. The decision provides a relief to foreign payment companies like MasterCard, Visa, American Express, etc, following the RBI directive making it mandatory for payment companies to store customer data locally for better supervision. The ministry has said the RBI will decide about the kind of data that will be stored in India and the six-month timeline given to implement the directive too. At present, only certain payment companies and their outsourcing partners store customer data either partly or completely in the country.
The decision was taken after a crucial meeting between the Finance Ministry's Department of Economic Affairs with payment companies like MasterCard, Visa, American Express, and other industry participants like Paytm, US India Business Council, and RBI last month. The easing of norms could save foreign companies from losing millions of dollars on setting up of infrastructure for data processing. Experts say along with the storage of data, the current decision also means payment firms would continue to do processing and data analytics outside India. It also addresses their concern about the destruction of data in the event of any disaster and having no access to it in case it is stored at one place only.
"Mirroring of data in India along with the country where the data is being currently stored could be a possible solution. The RBI may consider the issues connected with the kind of data that needs to be within India and the timeline it has given to players while issuing a clarificatory circular," the finance ministry, in a note shared with participant companies, has said, reported ET. With this note, the ministry has tried to address all three main concerns of payment companies, including restriction on data storage, no clarity over type of data, and deadline on compliance.
Payment companies believe this is a big step. "This shows India has a progressive outlook towards businesses," an executive with one of the payment companies told Reuters.
The RBI in its April-5 circular had said that payment companies of all shades operating in India will have to locate their servers in the country in six months. "To have unfettered access to all payment data for supervisory purposes, it has been decided that all payment system operators will ensure that data related to payment systems operated by them are stored only inside the country within a period of 6 months," the RBI said.
The development would have impacted every company dealing in payments data -- from fintech firms that offer peer-to-peer money transfers and international transactions to gateway operators. For instance WhatsApp or any global company that maintains its servers outside India. However, Indian fin-tech companies such as Paytm or PayU have little to worry about as their data is mostly in servers within the country.
"In recent times, the payment ecosystem in India has expanded considerably with the emergence of new payment systems, players and platforms. Ensuring the safety and security of payment systems data by adoption of the best global standards and their continuous monitoring and surveillance is essential to reduce the risks from data breaches while maintaining a healthy pace of growth in digital payments," the RBI circular had said.