Payments facilitators as diverse as Visa, MasterCard, Google or Whatsapp now face the regulatory heat locally, with the central bank asking the global behemoths to host India-relevant data within the country and bringing oversight rules on a par with what is prevalent in Asia’s richer neighbourhoods.
“It is observed that at present only certain payment system operators and their outsourcing partners store the payment system data either partly or completely in the country,” the Reserve Bank of India (RBI) said in a report during Thursday’s policy review announcement.
“In order to have unfettered access to all payment data for supervisory purposes, it has been decided that all payment system operators will ensure that data related to payment systems operated by them are stored only inside the country within a period of six months,” the RBI said.
In recent times, the payments ecosystem in India has expanded considerably with the emergence of new payment platforms and operators.
According to RBI data, the value of card transactions, including credit and debit instruments, has gone to Rs 3.5 lakh crore a month from Rs 2.5 lakh crore before the demonetisation.
“China adopted this early and other countries like Japan, Thailand and Malaysia have got strict conditions around data protection,” said Loney Antony , managing director, Hitachi Payment Services Pvt Ltd. “For the volume of transaction that we are generating in India, it is only prudent to store data in the country.”
After the ban on high denomination notes of Rs 500 and Rs 1,000, the payments business, which was traditionally dominated by banks, has witnessed the entry of many new players such as technology companies and startups. Digital transactions, which include payments conducted by credit and debit cards, have been on a rise after the demonetisation.
“It has got serious implications for Visa and MasterCard as they will have to set up infrastructure to store data within India,” said A P Hota, former CEO of NPCI.
“There is a cost involved. Now, they will have to create infrastructure and people to expand. It is on expected lines and globally companies are required to store data only within country.”
Ensuring the safety and security of payment systems data by adoption of the best global standards and their continuous monitoring and surveillance would be essential to reduce the risks from data breaches while maintaining a healthy pace of growth in digital payments, said RBI.