The RBI has issued FAQs clarifying, among other things, that all payments data needs to be stored in systems located in India. The regulator issued the FAQs in response to implementation issues raised by payments companies. Data processed outside: The RBI also clarified that while there is no bar on overseas processing of strictly domestic transactions, the data shall be brought back to India within one business day or 24 hours of payment processing and be stored locally here. The regulator also said that should companies need access to data for payment processing activities, they can access it, at any time. Data to be mandatorily stored in India includes i) customer data - name, mobile number, email, Aadhaar number, PAN number, etc. as applicable; ii) payment sensitive data - customer and beneficiary account details; iii) payment credentials - OTP, PIN, passwords, etc.; and iv) transaction data - originating & destination system information, transaction reference, timestamp, amount, etc. It said data stored in India should include end-to-end transaction details and information pertaining to payment or settlement transactions. These norms are applicable to transactions made through system participants, service providers, intermediaries, payment gateways, third-party vendors and other entities in the payments ecosystem apart from all payment system providers authorised by the RBI. We would like to thank the @RBI for issuing an FAQ document on Storage of Payment System Data, and Hon'ble Minister, @PiyushGoyal for enabling this initiative: https://t.co/1GD4V8yMyu@PiyushGoyalOffc @CimGOI @debjani_ghosh_ — NASSCOM (@nasscom) June 26, 2019 In a closed door meeting between…
