Internal Security
Storage of Payment System Data
- 27 Jun 2019
- 2 min read
The Reserve Bank of India in its directive on 'Storage of Payment System Data' has made it clear that entire payment data shall be stored in systems located only in India.
- All system providers need to ensure that within a period of six months, the entire data relating to payment systems operated by them is stored in a system only in India.
- Data stored in India should include end-to-end transaction details and info about payment transactions. The data could be pertaining to:
- Customer data like name, mobile number, Aadhaar number, PAN.
- Payment-sensitive data like customer and beneficiary account details.
- Payment credentials like OTP, PIN.
- Transaction data such as originating and destination system information amount.
- All data related to payments must be stored only in India and data processed (in case the processing is done abroad) will have to be brought back to the country within 24 hours.
- There is no bar on the processing of payment transactions outside India if so desired by the Payment System Operators (PSO).
- Data stored in India can be accessed or fetched whenever required for handling customer disputes as well as for any other related processing activity, such as chargeback.
- The data may be shared with the overseas regulator, if so required, depending upon the nature/origin of a transaction with prior approval of the RBI.
- For cross border transaction data, (consisting of a foreign component and a domestic component) a copy of the domestic component may also be stored abroad.