Payment companies like Visa and Mastercard can process transactions made in India outside of the country, but the related data must be returned for local storage within 24 hours, the Reserve Bank of India (RBI) said Wednesday.
Following the RBI’s announcement in April of last year that payment system operators should store payment data in India, the US government and American companies lobbied to have the rules diluted, saying the directive would result in higher infrastructure costs and be detrimental to investment plans. Reuters reports that the request to have the rules watered down was rejected last year.
Wednesday’s announcement was made to clarify the directive, which was not clear before regarding whether data can still be processed abroad or must be done locally.
“The entire payment data shall be stored in systems located only in India,” the RBI said.
“In case the processing is done abroad, the data should be deleted from the systems abroad and brought back to India not later than the one business day or 24 hours from payment processing, whichever is earlier. The same should be stored only in India.”
The central bank justified the measure, saying local storage of data will provide “unfettered supervisory access” and help the authorities conduct investigations.
The RBI added: “For cross border transaction data, consisting of a foreign component and a domestic component, a copy of the domestic component may also be stored abroad, if required.”
The government said a week ago that the RBI would look into concerns regarding their strict guidelines. Despite pressure from payment providers, which have lobbied for the free flow of data across borders, as well as the government, which has sought softer guidelines, the RBI has held firm that payment data can only be stored in the country.
While international payment companies may continue to find this problematic, they can breathe a sigh of relief over the clarification on data processing outside the country.