The Reserve Bank of India (RBI) has doubled down on its decision to store the payments-related data in the country and the need to bring back the data processed outside the country in 24 hours.
“All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India. This data should include the full end-to-end transaction details / information collected / carried / processed as part of the message / payment instruction. For the foreign leg of the transaction, if any, the data can also be stored in the foreign country, if required,” said the statement put out by RBI in April 2018.
According to the directive companies like Mastercard, American Express, Amazon, Facebook, Microsoft, Visa and PayPal have to store the data locally.
The directives are applicable not only to payment entities but also to all banks operating in India, it further added.
“There is no bar on processing of payments transactions outside India if so desired by the payment system operators (PSOs). However, the data shall be stored only in India after the processing,” RBI said in a note released on Wednesday.
The central bank has mandated a 24-hour timline for data to be brought back to India in case the processing is done outside the country.
RBI has also made it clear that the foreign banks don’t come under their purview in terms of data storage. Foreign banks can continue to store banking data outside India, but their domestic payments data needs to be stored here, the note clarified.
For cross-border payments, the data related to the domestic component of the transaction may be stored abroad, but a copy of the data needs to stay in India.
Meanwhile, Economic Times has reported WhatsApp has set up data storage facilities within India for its payments business citing two people privy to the matter.
In a crucial meeting with 25 ecommerce companies on Monday, India’s commerce and industry minister Piyush Goyal has said the data localization will be handled by the Ministry of Electronics and Information technology and will not have a place in the final e-commerce policy.