MasterCard Warns India’s Data Storage Law Could Impact Online Payments, Security

mastercard
Courtesy: Barron’s

From October 16, the Reserve Bank of India has mandated all companies facilitating financial transactions to store user data in India. As a result, credit giant MasterCard will be deleting the data related to Indian users from its data centers that are located outside the country.

MasterCard has already starting to store all transaction-related data of Indian users at its data center in Pune. Following RBI’s directives, the company will start deleting all data including users’ card number and transaction details.

A Threat to Security

MasterCard said that out of the 200 countries where it operates, none has asked it to delete data from its global servers. It has also informed the RBI about the potential demerits of this localization.

Deleting data from global servers and concentrating all the information in a centralized database would weaken the “security of this data over a period of time“.

MasterCard Waiting for RBI’s Response

The date for this deletion of data from global servers is yet to be decided. MasterCard has proposed a date to the RBI and is waiting for a confirmation from the central bank. The creditor has initiated the process of copying the data and will start deleting the data once RBI acknowledges and responds to the request.

Since the deletion of data is not like “pressing a button“, it is not a simple process and requires proper scrutiny at multiple checkpoints. In the process of deletion of data, users might be charged again for a past transaction, and thus, it has to be taken about carefully.

Higher Operational Cost

MasterCard has also informed Press Trust of India that with the localization of data, there will be an “incremental cost“. This is because any data that has to be sent internationally will be processed in India first and stored indigenously.

Not only does this increase operational costs, but can also result in delayed or failed transactions if the recipient country’s data protection or privacy laws are not strong enough.

Comments 0
Leave a Reply

Loading comments...