Mastercard says storing India payments data locally in face of new rules

NEW DELHI (Reuters) - Global card payments giant Mastercard is storing its new Indian transaction data locally, the company said on Tuesday, as it starts to comply with a regulatory directive which U.S. companies unsuccessfully lobbied hard to dilute.

Mastercard Inc. credit cards are displayed in this picture illustration taken December 8, 2017. REUTERS/Benoit Tessier/Illustration

The Indian central bank in April said companies such as Mastercard, Visa and American Express will from October need to store their payments data “only in India” so that the regulator could have “unfettered supervisory access”.

The directive sparked an aggressive lobbying effort from U.S. companies who said the rules would increase their infrastructure costs, hit their global fraud detection platforms and affect planned investments in India where more and more people are using digital modes of payments.

The companies had sought dilution of the central bank directive, requesting they be allowed to store data both locally and at their offshore offices, a practice widely known as “data mirroring”. But their requests were declined.

Mastercard has started storing all its new payments transaction data in India at its technology center in the western city of Pune, the company said in a statement to Reuters on Tuesday. It did not specify whether a copy of that data was still being stored abroad.

The company said it has submitted a proposal with the Reserve Bank of India (RBI) for “storage of data only in India within a specified timeframe”. It did not give a timeline.

Visa too has started storing a copy of its new transaction data locally and had sought time from the RBI to comply with the requirement to store Indian data only within the country, two industry sources said.

Visa and American Express did not immediately respond to a request for comment.

The RBI directive was part of a wider push by India to ask companies to store more of their data locally at a time when governments globally are enforcing more stringent rules to protect user data.

Government sources have previously told Reuters that stringent data localization measures were essential for gaining easier access to data during criminal and other investigations.

Two U.S. senators this month called on Indian Prime Minister Narendra Modi to soften India’s stance on data localization, warning that measures requiring it represent “key trade barriers” between the two nations.

Other than the RBI proposal, India is working on an overarching data protection law that calls for the storing of all critical personal data in India. E-commerce and cloud computing policies are also being developed.

Additional reporting by Aditi Shah, Edited by Martin Howell, William Maclean