Amid concern around data security, the Reserve Bank of India is learnt to have asked payment services firms to provide an update on action taken by them to store transaction data in the country in every fortnight. “You are hereby advised to inform the status of ensuring compliance…The same shall be submitted by June 8, 2018, followed by an update on progress at fortnightly intervals thereafter,” the RBI said in the letter referring to its order dated April 6, 2018.
A payment bank official on the condition of anonymity confirmed receipt of the RBI letter. According to the order issued on April 6, all payment system providers including payments bank, payment gateways are required to ensure that full end-to-end transaction details relating to payment systems operated by them are stored in a system only in India within a period of six months from the date the order was issued.
The RBI has said that ensuring the safety and security of payment systems data by adoption of the best global standards and their continuous monitoring and surveillance is essential to reduce the risks from data breaches while maintaining a healthy pace of growth in digital payments.
The banking regulator had further said that at present “only certain” payment system operators and their outsourcing partners store the payment system data either partly or completely in the country. The order was issued at the time social media major Facebook faced a global backlash over breach of user data.