Mastercard to delete Indian customers’ data from servers

Porush Singh, India and Division President, South Asia, MasterCard, said it is operating in over 200 countries, and nowhere else has it been asked to delete data from global servers.

The RBI in April issued a new regulation, which came into effect from October 16, requiring payments companies to store all information about transactions involving Indians solely on computers in the country.

Mastercard said all new Indian transaction data is being stored at its technology centre in Pune as of October 6, as required by the RBI directive on data localisation. It has given a proposal to the RBI to delete back data from certain date but is wary of consequences of such a move, including disputes over transactions.

“The proposal we have given (to RBI) is that we will delete it (data) from everywhere else, whether it is the card number, transaction details. The data will only be stored in India ... we will start deleting that...,” Singh said. He further said Mastercard has proposed to the RBI that Indian data would be stored locally and nowhere else.

The senior Mastercard official, however, added that the company has also informed the central bank about the impact of data deletion.

“But we have also said that it does have an impact. No other country has asked us like that. “No other country in the world has asked us the data to be deleted from the global server and the reason why it is a concern for us because that would be weakening of the safety, security over a period of time,” Singh said. On if the company is seeking any reprieve in complying with the regulations, Singh said “I do not want to wait. As far as we are concerned, we have said this is the date earliest we can do... And this is going to be impact in the longer term which you need to consider.”

When asked if the payments gateway was complying with the RBI directives, Singh said from October it has started storing a copy of the data. “...the date of (data) deletion (from global servers) is something which is not yet decided as we are waiting for the RBI to confirm back to us,” he said and added “we have proposed a certain date on which we will start deleting the data on a running/regular basis”.

Singh said deletion of data is not a simple process like “pressing a button” as it could raise disputes  in transactions and also involves many stakeholders.