India Today - - CONTENTS - By Prasanto K. Roy The writer is a tech pol­icy and me­dia con­sul­tant

Did you make a card trans­ac­tion to­day? If that card has a Visa, Master­card or Amer­i­can Ex­press logo, the com­pa­nies be­hind those lo­gos now fall afoul of a new law. That’s be­cause a six-month dead­line, given through a Re­serve Bank of In­dia (RBI) cir­cu­lar is­sued abruptly last April to force all pay­ment com­pa­nies to store all fi­nan­cial data of In­dian cit­i­zens only in In­dia, ex­pired on Oc­to­ber 15.

There’s irony in the huge amount of Amer­i­can fi­nan­cial data that is pro­cessed in In­dia. Of our tech ser­vices ex­ports in 201718, 62 per cent was to the US and 41 per cent of the to­tal was in the fi­nan­cial ser­vices area. (Nass­com calls all this IT-BPM—in­for­ma­tion tech­nol­ogy and busi­ness process man­age­ment.)

Re­cip­ro­cal US ac­tion could dis­rupt our IT-BPM ex­ports, worth $126 bil­lion and count­ing. On Oc­to­ber 12, two US sen­a­tors, who co-chair the In­dia cau­cus, wrote to Naren­dra Modi warn­ing that data lo­cal­i­sa­tion would have a “neg­a­tive im­pact on the abil­ity of com­pa­nies to do busi­ness in In­dia”. The Trump ad­min­is­tra­tion is also con­sid­er­ing pro­hi­bi­tions on data lo­cal­i­sa­tion.

In­dia’s bank­ing reg­u­la­tor and law en­force­ment agen­cies want ac­cess to fi­nan­cial data. But wait. This is the in­ter­net age. Ac­cess to data is de­pen­dent on ju­ris­dic­tion, agree­ments, le­gal process. Not on ‘where a box is stored’. The big­ger irony is that your card data is likely al­ready stored in In­dia, by card is­suers such as the SBI, ICICI or HDFC, which lo­cally store your name, ad­dress, KYC (iden­tity) proof, and trans­ac­tions. Visa and Master­card do not even get your name and ad­dress. (This doesn’t ap­ply to AmEx.)

Let’s come to data lo­cal­i­sa­tion. Why is Amer­i­can fi­nan­cial data pro­cessed off­shore in In­dia? Ex­per­tise, and cost, where In­dia scores, es­pe­cially when thou­sands of peo­ple are needed—such as for helplines for bank ac­counts or credit cards.

Why is your card data pro­cessed out­side In­dia? Well, when you swipe a card, and get an ap­proval, there’s an enor­mous global plat­form be­hind that one-sec­ond ap­proval, check­ing for fraud, for in­stance.

“Move that global plat­form to In­dia,” says the RBI. Not so sim­ple. En­tire plat­forms, in­clud­ing third-party pro­ces­sors, can’t sim­ply set up in In­dia in months. Stolen card data, hacks and breaches—all this is shared glob­ally. Cut In­dia off and card trans­ac­tions be­come less, not more, se­cure.

The plat­forms use ma­chine learn­ing. An odd trans­ac­tion in Prague is found to be fraud, and the global plat­form learns. A sim­i­lar trans­ac­tion in Gu­ru­gram the next day will be blocked (a higher fraud score will cause the trans­ac­tion to be de­clined). This needs ac­cess to the global plat­form and data sets.

Back to that un­usual RBI April 2018 cir­cu­lar, is­sued with­out ex­ter­nal con­sul­ta­tion. It should have gone through the Pay­ments Reg­u­la­tory Board, an­nounced by the fi­nance min­is­ter as part of his Union bud­get speech on Fe­bru­ary 1, 2017. But oddly, the RBI didn’t con­sti­tute that board. The bank­ing reg­u­la­tor did lis­ten to and read sub­mis­sions from trade bod­ies and dozens of com­pa­nies. Many in the min­istry of fi­nance, and even Fi­nance Min­is­ter Arun Jait­ley, met and lis­tened to the in­dus­try. It ap­peared that the RBI would at least re­lax the dead­line and al­low mir­ror­ing of data, agree­ing to a copy of data be­ing stored in In­dia.

And so the RBI’s ex­treme, hard­ened stance in the fifth of the six-month pe­riod is rare. It hap­pened af­ter the en­try into its board of a right-wing, anti-glob­al­i­sa­tion ide­o­logue who has in­flu­enced Modi’s key eco­nomic poli­cies, in­clud­ing de­mon­eti­sa­tion: S. Gu­ru­murthy of the Swadeshi Ja­gran Manch. A co­in­ci­dence, I am sure, and noth­ing to do with 2019.

In a round ta­ble last week, when I men­tioned the crit­i­cal­ity of global free flow of data, a top gov­ern­ment of­fi­cial asked me why In­dia should bear the dis­pro­por­tion­ate bur­den of that free flow and why not China or Europe. Good ques­tion. But of the world’s to­tal IT-BPM global sourc­ing rev­enues, a whop­ping 55 per cent comes to In­dia. So, yes, In­dia has a dis­pro­por­tion­ate in­ter­est in main­tain­ing the free cross-bor­der flow of data, and pre­vent­ing the balka­ni­sa­tion of the global in­ter­net.

En­forced ‘data lo­cal­i­sa­tion’ could hurt In­dia’s $126 bil­lion ser­vices ex­ports and make trans­ac­tions less se­cure

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.