A few leading payment providers are actively engaging with the Reserve Bank of India (RBI) for allowing free flow of data across borders. However, other payment providers believe that the RBI regulations only ask for “storage” and there is no restriction on “movement” of data.
Payments providers had earlier opposed the RBI’s data localisation norms stating that the movement of data across borders is crucial for providing the utmost convenience and security to customers. While most of these payment players continue to run Indian data through global processes of data analysis and fraud detection, the industry seems divided as to whether the regulator would allow this to continue.
“We will work with RBI to make sure what they want and work really hard to ensure that in doing so, it doesn’t diminish the protection that we can provide our customers from a security and convenience standpoint,” said Ed Mclaughlin, president, operations and technology, Mastercard.
Mastercard said that it has complied with RBI's local data storage norms and has data centres in Pune and Delhi. However, it is still in conversation with the regulator regarding the movement of data across borders as well as the issue of exclusive storage.
“We are talking to the regulator now about the amount of time that data can transit through our networks and processes to do all the things we do before it finally comes to rest here in India,” said Mclaughlin adding that storing data only in India is an ongoing conversation with the RBI.
The representative of a leading international payments provider, on condition of anonymity, said that the company continues to run Indian payments data through its global networks and processes before the data is finally stored in India. “We need to change some of our global processes in order to ensure that none of the payments data of Indian customers is stored elsewhere while processing globally. This is a work-in-progress,” added the person mentioned above.
The RBI had released data localisation guidelines on April 6 and gave payments providers six months for complying with the norms. Despite excessive lobbying by these players, RBI remained firm on its guidelines and nearly all of the payments providers submitted a compliance plan and report to the regulator when the deadline approached.
Some players are actively engaging with the RBI to allow free flow of data across borders
Others believe the RBI rules only ask for “storage” and there’s no restriction on data “movement”
On April 6, the RBI released data localisation guidelines after which nearly all players submitted a compliance plan