India’s data localisation rules may hinder fraud detection, warns Mastercard
MUMBAI: Mastercard Inc is concerned that India’s strict data localisation rules could compromise its ability to detect frauds and money laundering in the domestic payments system.
Storing customer data exclusively in India without creating mirror sites overseas is risky because “it takes away the capability to see the broader world”, said Mastercard’s chief product officer Michael Miebach.
However, he said the United States firm intended to comply with the new rules despite missing last year’s deadline to localise all its Indian data.
“As an industry, we need to respect the reality, and the reality was that’s where the country was going,” said Miebach in an interview, here, recently.
In April last year, the Reserve Bank of India (RBI) asked payment firms to ensure their data are stored exclusively on local servers, setting a tight six month deadline for compliance.
Mastercard and rival Visa Inc were among those that requested an extension after missing the RBI’s October deadline.
Because international companies tend to store their data on global servers, countries that require data localisation force them to make additional investment in expensive domestic infrastructure and storage systems.
Miebach said Mastercard was working on how to ensure the Indian data was protected once it moved all the information to storage inside the country.
A mirror site overseas would help detect frauds and spot money-laundering patterns because they often take place across borders, he said.
“Over time we have learned to adapt, we can make it work,” he said. “The market was way too important to take any risks on that. We will deliver.”