The RBI today asked all payment system operators in the country to store all data, including full end-to-end transaction details and information collected, within India to ensure security of users' information.
The RBI today asked all payment system operators in the country to store all data, including full end-to-end transaction details and information collected, within India to ensure security of users’ information. The operators have been asked to comply with the instructions within six months, the central bank said in a notification. RBI noted that “not all system providers” store the payments data in India. In order to ensure better monitoring, it is important to have unfettered supervisory access to data stored with these system providers as also with their service providers/ intermediaries/third party vendors and other entities in the payment ecosystem, it said in the notification.
“All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India,” it said. It further said that data should include the full end-to-end transaction details, information collected/carried/ processed as part of the message/payment instruction.
For the foreign leg of the transaction, if any, the data can also be stored in the foreign country, if required, the RBI said. Commenting on RBI’s move, Mobikwik Founder Bipin Preet Singh said all of the company’s data is in India itself.
PayU India MD Jitendra Gupta said RBI’s new directive “will make entry bit tougher for a foreign player who generally has unified systems and works across the globe with same application servers”. The spotlight on data security comes at a time when social media giant Facebook has faced a global backlash over breach of user data.