RBI’s ban on new Mastercard cards could boost local data security in India

A 2018 rule requiring that customers’ payment data be stored in India was enforced against Mastercard, American Express, and Diners Club in 2021, as a strong signal India intends to keep customer data in local hands.

data security / padlock / binary code / digital display
Gremlin / Getty Images

In April 2018, the Indian central bank, RBI, issued the Storage of Payment System Data policy, which mandated that all system providers store data related to their payment systems only in India. Recently, RBI barred Mastercard from issuing new cards in India after finding out their customers’ data was located outside the country. Earlier, in April 2021, RBI barred American Express and Diners Club from adding new customers for six months due to their violation of the local data-storage rules.

Also, RBI will now regularly follow up on compliance and may impose similar bans or other penalties in case of lapses. For RBI, data security is nonnegotiable, and customer data is subject to the laws of the country in which it is collected or processed and must remain within its borders—India, in this case.

Implications for tech providers, IT organisations, and financial institutions

Mitali Nikore, an economist and founder of the analyst firm Nikore Associates, says, “In the medium term, setting up of local data centres can provide a fillip to the IT sector.” The need for local data centres is a consequence of the Storage of Payment System Data policy. “The draft Data Centre Policy is a welcome step in this direction. If implemented correctly, this policy and the data localisation regulation, the Storage of Payment System Data policy, can help India become a leading data storage and processing country,” she tells CSO India. Nikore advises advises public and private sector entities including the World Bank, Asian Development Bank, and UN Women.

With the development of local data centres, India can attain competitive advantage over others in terms of data management, Nikore says. This would further facilitate the development of data centre economic zones, promote IT R&D, and encourage adoption of global standards while also boosting local manufacturing for IT and non-IT related materials.

To continue reading this article register now

How to choose a SIEM solution: 11 key features and considerations