Technology vendors across the world, including Microsoft, Amazon, and Oracle, are stepping up efforts in the recent years to enable companies to store data, applications, platforms and infrastructure virtually – affirming how safe and secure data is in the cloud. But several data breaches and scandals in the past year portray an entirely different picture – the Facebook scandal where data of over 87 million users were misused or the ATM malware attack aka “jackpotting” in the US where cyber criminals were able to steal more than $ 1 million – the list is actually endless. In the wake of such privacy-related events, the Reserve Bank of India (RBI) has announced a mandate that requires all payment system operators in the country to store all their data domestically.
Post the demonetization drive; the digital payments industry has witnessed a massive surge, with a growing number of foreign players looking to foray into India and cash-in on the growing opportunity. According to Credit Suisse, Digital payments in India is expected to reach $1 trillion by 2023. Such dramatic increase in digital transactions also means that the financial and personal data of millions of Indian users is being stored outside the country, which is a cause of concern for payment regulators. With such uproar in the industry, RBI announced the mandate for domestic storage of all data that must be met by 15th October 2018. RBI mentions “In recent times, the payment ecosystem in India has expanded considerably with the emergence of new payment systems, players and platforms. Ensuring the safety and security of payment systems data by adoption of the best global standards and their continuous monitoring and surveillance is essential to reduce the risks from data breaches while maintaining a healthy pace of growth in digital payments.”
With only certain payment system operators storing payment data in the country, supervision of data has been a tough task. In order to have seamless access to all payment data – including “full end-to-end transaction details / information collected / carried / processed as part of the message / payment instruction”, for supervisory purposes, the new mandate will require all payment data to be stored only inside the country. This will ensure better monitoring and enable “unfettered supervisory access to data stored with these system providers as also with their service providers / intermediaries/ third party vendors and other entities in the payment ecosystem”.
Although the mandate has come as a surprise to many operators – especially foreign players who store all their data overseas – it is only going to benefit them in myriad ways.
With India emerging as a huge digital economy, opening doors for global players to operate on domestic soil, the RBI mandate comes at the right time to protect consumer interests. PM Narendra Modi has also “expressed serious concern over data leaks and alleged manipulation of user information by global internet and social media giants”. The new mandate will ensure that data of millions of users is located within India for improved visibility, accessibility, transparency and security and faster resolution of security incidents.