India data rules may hinder fraud detection

SINGAPORE • Mastercard Inc is concerned that India’s strict data localisation rules could compromise its ability to detect frauds and money laundering in the domestic payments system.

Storing customer data exclusively in India without creating mirror sites overseas is risky because “it takes away the capability to see the broader world”, said Mastercard’s chief product officer Michael Miebach.

However, he said the US firm intends to comply with the new rules despite missing last year’s deadline to localise all its Indian data.

“As an industry, we need to respect the reality, and the reality is that’s where the country is going,” he said in an interview in Singapore.

In April, the Reserve Bank of India (RBI) asked payment firms to ensure their data are stored exclusively on local servers, setting a tight six month deadline for compliance. Mastercard and its larger rival Visa Inc were among those that requested an extension after missing the RBI’s October deadline.

Miebach said Mastercard is still working on how to ensure the Indian data is protected once it moves all the information to storage inside the country. A mirror site overseas would help detect frauds and spot money laundering patterns because they often take place across borders, Miebach added.

“Over time, we have learned to adapt, we can make it work in the local context,” he said. “The market is way too important to take any risks on that. We will deliver.” — Bloomberg