US payment companies oppose data rules in India

Leading US payment companies are stuck with Indian regulators after the deadline for complying with the new stringent rules prohibiting the international transfer of data generated by e-commerce users in the United States. country.

Visa, Mastercard and American Express saw India as a fast-growing growth market, as authorities tried to move the country out of cash transactions.

But they lobbied hard against the rules announced by the Reserve Bank of India in April, forcing them to stop storing Indian user data off the coast before midnight on October 15th.

The location rules of the RBI are among the most severe ever observed in the authorities' emerging trend of asserting national data monitoring. Data sovereignty laws, sometimes including the obligation to keep data on the ground, are proposed throughout Asia.

US payment companies said the October 15 deadline was not feasible because they would require major changes to their systems, and requested an extension of up to one year.

The central bank refused to change the deadline, leaving companies in a vacuum Tuesday waiting to see if they would be punished for breaking the rules. Visa, Mastercard, American Express and the Reserve Bank of India all declined to comment.

A person close to one of the US companies said that she had made changes to his systems and was still waiting for the RBI to indicate if it was now considered to comply with the new rules. The person refused to give details of the changes, but confirmed that Indian payments were still being processed abroad.

"It's a global phenomenon and I think it's here to stay," said Jayanth Kolla, co-founder of Convergence Catalyst, a consulting firm. "Data will be the main tool for selling products and services for businesses, and governments believe it is their responsibility to protect the data generated around their citizens."

US payment companies complained that the rules would increase their costs without improving the security of Indian card users, who would no longer take full advantage of their global anti-fraud systems. They proposed a "mirror" approach, according to which the data would be stored in India and abroad, thus giving the local authorities full access.

A recent e-commerce policy project has imposed similar data localization rules on the industry, an initiative that would affect Amazon and Walmart, which announced the acquisition of the $ 16 billion Indian Flipkart e-commerce group. of dollars.

Data location measures need to be seen in terms of broader business relationships with the United States and other major economies, said Sivarama Krishnan, head of cybersecurity in India at PwC. Restrictions on the activities of foreign companies in the Indian market could be a useful "trade negotiation tool", he said.

Others cautioned against the risk of retaliation by the United States – a potential threat to India's large IT service sector, which relies heavily on data transfer to the United States. India from foreign countries.

Beyond the movement of data localization, the dominance of US payment companies in India is threatened by the fast-growing alternative developed inside the country, RuPay. It was launched in 2012 by the National Payments Corporation of India, an organization jointly owned by Indian banks, and was strongly supported by the government. It recorded 459 million point-of-sale transactions in the year ending March, a 135% increase over the previous year.

"If we use other cards, their revenues will go abroad, but in the case of RuPay, they will stay in India," Prime Minister Narendra Modi told local media in June.