Reserve Bank of India clarified that all Payment System Operators (PSOs) shall store entire payment data in systems located only in India. This follows a clarification sought by PSOs on issue of data localization.
Background: In April 2018 RBI had issued a directive on ‘Storage of Payment System Data‘ by which it had advised all system providers to ensure that within a 6 months period, entire data relating to payment systems operated by them is stored in a system only in India.
No Limit on Payment processing outside India: In Frequently Asked Questions (FAQs) on certain implementation issues raised by Payment System Operators (PSOs), RBI had mentioned that there is no bar on processing of payment transactions outside India (if PSOs desires so) but after processing data shall be stored only in India and complete end-to-end transaction details should be part of data.
Sharing of Data: Depending upon nature or origin of transaction and with prior approval of RBI, data can be shared with overseas regulator, if required.
Transaction Details: Data should include end-to-end transaction details and information pertaining to transaction related to payment or settlement that is either gathered or processed or transmitted, as part of a payment message/instruction.
Data Type: The data could be relating to customer data such as name, mobile number, PAN details, Aadhaar number or even Payment-sensitive data like customer and beneficiary account details, payment credential- PIN, OTP and transaction data like originating and destination system information amount etc.
Data Processed Abroad: In case the data processing is done abroad, then data should be brought back from systems abroad to India not later than 1 business day or 24 hours from payment processing, whichever is earlier.