In a move that will likely irk all international payment firms operating in India, Paytm wants the central government to push for storage of payment system data within the country and not allow mirroring of the data overseas, reports the Economic Times citing a top executive of the company.
“On the data storage bit, obviously we believe that it should be stored locally,” said Kiran Vasireddy, the chief operating officer at Paytm to ET. “The moment data leaves the country, it falls under various jurisdictions, which in many cases, are beyond our control. It is important to keep all the data here so that the laws of the land can be made applicable to them.” Vasireddy cited an instance of Google rejecting 55% of the government’s requests for data as a strong point of proof for the government to push for storage of data locally, the report added.
RBI norms – a concern for foreign firms
The Reserve Bank Of India, in April, has mandated all payments system operators working in India to ensure that data related to payment systems operated by them is stored in the country. “In order to have unfettered access to all payment data for supervisory purposes, it has been decided that all payment system operators will ensure that data related to payment systems operated by them are stored only inside the country within a period of six months,” the RBI said in a report during its Monetary Policy meeting in April. The move would have come into effect from October 15 this year, according to a report by the Economic Times.
Implementing this would have come as a strong blow for foreign companies operating in India including Visa, Mastercard and American Express because, not only would it cost exponentially for these companies to set up local data centres, but regulations in their home countries would have not permitted them to do so. They also feared that the central bank’s move could also set a precedent for other countries to implement similar rules at a time when there is heightened scrutiny of how companies globally handle their customers’ data. Industry representatives cited that storing the data only in India would also be a security risk, as in the event of a natural disaster, no one would have access to it if it was all stored in one place. Further, experts claimed that there was little clarity on the type of data that needed to be stored and therefore, on the time needed to implement the said rules
Mastercard division president (South Asia) Porush Singh said that by having user data located only in India, measures to contain cross-border fraud will be diluted as the analytical software which identifies suspect transactions will not be able to match fraudulent incidents in one part of the world with transactions elsewhere.
As such, many of these companies have made multiple representations to the central government as well as the banking regulator through the US-India Business Council, a lobby group for US businesses in India. Furthermore, The Payments Council of India (PCI), which has around 100 payments firms as its members, has sought a meeting with the RBI to suggest “alternative solutions which can meet the RBI requirements of unfettered access”, according to a report.
It is widely believed that Indian payment players like Paytm and PhonePe are in support of the central bank’s regulation, while foreign firms like MasterCard and Visa are against it as they store transactions data outside of India.
Mirroring of data
A possible solution to the problem was letting the international companies store data at their home base as well as in India. Most of these foreign payment companies took a sigh of relief when reports said that the country’s finance ministry has proposed to ease the Reserve Bank of India’s guidelines on storage of payment system data earlier this month. “Mirroring of data in India along with the country where the data is being currently stored could be a possible solution,” the finance ministry said in a note sent to the central bank and other entities, according to ET.
However, Paytm said that mirroring of data is not the solution and many countries have disallowed companies from doing so, the ET reports. “The ideal thing is to see whether data can be stored in India itself,” said Vasireddy to ET. “It is not majorly a cost issue and for all these large players, the cost will be negligible. It is more to do with intent.”
On a related development, Paytm also said that it supports TRAI’s recent move to identify the user as the ultimate owner of their data while every other player in the ecosystem is only a custodian, according to ET. “We will have to wait for the Srikrishna Committee recommendations to see what happens, but the fact that the government has started taking steps towards strict implementation of data protection is a commendable move,” Vasireddy said.