Foreign Card Payment Network Companies Barred: RBI
The Reserve Bank of India (RBI) has barred three foreign card payment network firms – Mastercard, American Express and Diners Club — from taking new customers on board over the issue of storing data in India.
- As many as five private sector banks, including Axis Bank, Yes Bank, and IndusInd Bank, are to be impacted by the RBI’s decision.
- The Personal Data Protection Bill also has provisions pertaining to ‘data localisation’
RBI’s Circular on Data Storage-April 2018:
- All system providers were directed to ensure that within six months the entire data (full end-to-end transaction details, information collected or carried or processed as part of the message or payment instruction) relating to payment systems operated by them is stored in a system only in India.
- They were also required to report compliance to the RBI and submit a board-approved system audit report conducted by a Computer Emergency Response Team – India (CERT-IN) empanelled auditor within the timelines specified.
- Payment firms like Visa and Mastercard, which currently store and process Indian transactions outside the country, have said their systems are centralised and expressed the fear that transferring the data storage to India will cost them millions of dollars.
- Once it happens in India, there could be similar demands from other countries, upsetting their plans.
- While the Finance Ministry had suggested some easing of norms in transferring the data, the RBI has refused to change, stating that the payment systems need closer monitoring in the wake of the rising use of digital transactions.