Mastercard Inc. is concerned that India’s strict data localisation rules could compromise its ability to detect frauds and money laundering in the domestic payments system. Storing customer data exclusively in India without creating mirror sites overseas is risky because “it takes away the capability to see the broader world,” said Mastercard’s Chief Product Officer Michael Miebach. However, he said the firm intends to comply with the new rules despite missing last year’s deadline. “As an industry, we need to respect the reality, and the reality is that’s where the country is going,” Miebach said in a recent interview.
In April, the Reserve Bank of India asked payment firms to ensure their data are stored exclusively on local servers, setting a tight six month deadline for compliance. India, China and Russia have some of the strictest data localisation rules.Mastercard and its larger rival Visa were among those that requested an extension after missing the RBI’s October deadline. Because international companies tend to store their data on global servers, countries that require data localisation force them to make additional investment in expensive domestic infrastructure and storage systems.
Miebach said that Mastercard is still working on how to ensure data is protected once it moves inside the country. A mirror site overseas would help detect frauds and spot money laundering patterns, he added.