0.1699
766 776 6266
x

RBI Curbs on Foreign Card Firms - Data Localisation

iasparliament Logo
July 19, 2021

Why in news?

The RBI has so far barred three foreign card payment network companies [Mastercard, American Express and Diners Club] from taking new customers on board, over the issue of storing data in India.

What is the recent decision?

  • Recently, the RBI imposed restrictions on Mastercard Asia Pacific Pte Ltd.
  • It is kept from onboarding new domestic customers (debit, credit or prepaid) in India.
  • The RBI cited as reason the non-compliance with guidelines for storage of data in India.
  • It said it had given almost 3 years for Mastercard to comply with the regulatory directions.
  • But the firm was unable to complete the process.
  • Earlier, the RBI had imposed restrictions on American Express Banking Corp and Diners Club International Ltd, over the same issue.
  • Impact - Existing customers using credit or debit cards of these firms can continue using the same.
  • However, banks and non-banking finance companies that were planning to use these payment networks will now not be able to use these platforms to enrol new customers.
  • This leaves only Visa Inc and homegrown NPCI’s RuPay as payment providers under no restrictions currently.

What are the RBI guidelines in this regard?

  • Funds transferred using debit or credit cards are routed through platforms such as Mastercard, Visa and NPCI.
  • These operate under the Payment and Settlement Systems (PSS) Act, 2007.
  • Under the Act, the RBI is the authority for the regulation and supervision of payment systems in India.
  • As part of this came the RBI circular on Storage of Payment System Data, dated April 6, 2018.
  • These guidelines on data storage were to be adhered to within 6 months.
  • As per this, all system providers are to ensure that the entire data relating to payment systems operated by them is stored in a system only in India.
  • It applies to full end-to-end transaction details, information collected or carried or processed as part of the message or payment instruction.
  • They were also required to report on their compliance to the RBI.
  • They should also submit a board-approved system audit report conducted by a CERT-In empanelled auditor within the timelines specified.
  • [CERT-In - Indian Computer Emergency Response Team.
  • CERT-In is a government-mandated information technology (IT) security organization.]

What is the rationale?

  • Data access for law enforcement purposes has for long been a challenge.
  • So, the idea behind the move is to carry out effective law enforcement requirements.
  • In the wake of the rising use of digital transactions, the RBI is particular that the payment systems need closer monitoring.

What are the challenges to compliance?

  • Credit and card firms with global operations have been resisting the RBI move.
  • They cite as reasons the costs, security risk, lack of clarity, and timeline.
  • The RBI had stipulated that data should be stored only in India.
  • Also, no copy [or mirroring] should be stored in other countries.
  • But payment firms like Visa and Mastercard currently store and process Indian transactions outside the country.
  • Their systems are centralised.
  • So, they expressed the fear that transferring the data storage to India will cost them millions of dollars.
  • Besides, once it happens in India, there is a possibility of similar demand from other countries also.

What is the alternative?

  • Possibly, hard localisation may impact India’s payments ecosystem.
  • For a more effective mechanism for law enforcement, India needs to move beyond the slow and ineffective MLAT (Mutual Legal Assistance Treaty).
  • It should move to a system based on bilateral treaties on data transfers with the EU, UK and the US.
  • This will ensure that Indian law enforcement requirements of access to data are met in a timely manner.
  • It will also allow data flows to foster innovation and trade in the tech ecosystem.
  • However, the RBI is against the suggestion that a copy of data stored outside be brought to India.

 

Source: The Indian Express

Login or Register to Post Comments
There are no reviews yet. Be the first one to review.

ARCHIVES

MONTH/YEARWISE ARCHIVES

Upsc Mains 2022