• The Reserve Bank of India (RBI) has clarified that payment system providers need to store entire payments data in a system only in India.
• The issue has come to the forefront because a global push for data free flow across national boundaries. Japanese Prime Minister Shinzo Abe has been a torch bearer for such a system.
• The risk of data going abroad is that it may fall into the hands of misuse that could lead to manipulations in the life of common man in India. Moreover, India being the second largest populated countries in the world, such data could lead to manipulations by big corporates.
• The data should include end-to-end transaction details and information pertaining to payment or settlement transaction that is gathered/transmitted/processed as part of a payment message/instruction.
• The data could be pertaining to customer data like name, mobile number, Aadhaar number, PAN; Payment-sensitive data like customer and beneficiary account details; payment credentials like OTP, PIN and, transaction data such as originating and destination system information amount, among others.
• The processing is done abroad, the data should be deleted from the systems abroad and brought back to India within one business day or 24 hours from the payment processing, whichever is earlier.