After cracking down on cryptocurrency-related services, the RBI has now asked all payment system operators in the country to store data – pertaining to their customers – within India. The move is geared towards ensuring that user details remain secure against privacy breaches.
As per reports, the payment system companies have been given six months to comply with the newly-released norms.
On the latest guidelines, the central bank said in a statement, “Ensuring the safety and security of payment systems data by adoption of the best global standards and their continuous monitoring and surveillance is essential to reduce the risks from data breaches while maintaining a healthy pace of growth in digital payments.”
According to the RBI, currently, only a certain percentage of payment system operators and their outsourcing partners store the user data within the country, either partially or completely.
“In order to have unfettered access to all payment data for supervisory purposes, it has been decided that all payment system operators will ensure that data related to payment systems operated by them are stored only inside the country within a period of six months,” the bank added.
As per sources in the know, the RBI will be issuing detailed guidelines on the same within the next week.
The latest development comes at a time when data privacy is garnering much attention in the country, after news of one of Facebook’s biggest data breaches perpetrated by British big data analytics startup Cambridge Analytica surfaced last month.
In light of the reports claiming Cambridge Analytica harvested the profiles of up to 50 Mn Facebook users without their approval during the last US elections, privacy advocates in India, as well as the government itself, have raised concerns that a similar breach could happen here to target voter opinion.
Later, it was revealed that data of over 87 Mn users was shared with Cambridge Analytica (37 Mn more than the previous estimates). Recently, Facebook Chief Mark Zuckerberg made the revelation that 562K people in India were ‘potentially affected’ by this global data leak crisis.
The Ongoing Upheaval In The Digital Payments Sector
Ever since the RBI issued stricter KYC guidelines for digital payment users last October, the sector has seen some major upheavals. As earlier reported by Inc42, the Reserve Bank of India (RBI) had refused to extend the deadline for KYC (Know Your Customer) beyond February 28, 2018, stating that enough time has already been granted to adhere the prescribed guidelines.”
Notably, the completion of the KYC involves linking of Aadhaar card and PAN card to the e-wallet mobile applications. The RBI had stated that the customers, who are not willing to follow the KYC process, could close their PPI accounts and get the balance money transferred into their respective bank accounts.
However, adding to the confusion, the country’s Supreme Court, on March 13, 2018, extended the deadline for mandatory linking of Aadhaar Card to avail various government services and welfare schemes. As per reports, more than 50% of the PPIs are still not KYC compliant.
Earlier last month, sources announced that the Reserve Bank of India (RBI) was likely to adhere to its target of achieving interoperability of digital wallets by April 2018.
The RBI’s latest directives come at a time when digital transactions in India are at a peek. According to the RBI, in January 2018, transactions worth $2 Tn (INR 131.95 Tn) were carried out on mobile wallets. This is in sharp contrast to the $1.9 Tn (INR 125.51 Tn) clocked in December 2017.
As per the latest data, UPI-enabled app BHIM recorded 1 Bn transactions in FY 2017-18, crossing the value worth $15.36 Bn (INR 1 Tn).
The digital payments sector is projected to reach $500 Bn by 2020, contributing 15% of India’s GDP, as per a recent report by Google and Boston Consulting Group. A report by Credit Suisse predicts that the market, which is currently worth around $200 Bn, is expected to grow five-fold to reach $1 Tn by 2023.
While the new RBI norms mandating payment system operators to store data within the country could create some temporary confusion, in the long-run, especially in light of the recent data breaches and privacy attacks, it will likely be a positive step.
(The development was reported by ET)