Mastercard Says Will Delete Data of Indian Cardholders from Global Servers

American card payments major Mastercard has told Reserve Bank of India, India’s banking regulator, about a “certain” date from which it will start deleting data of Indian cardholders from global servers but warned that it would also mean a weakening of “safety and security” over a period of time.

Porush Singh, India and Division President, South Asia, MasterCard, told Indian news agency PTI that the company is operating in over 200 countries, and nowhere else it has been asked to delete data from global servers.

According to the Indian press agency, the RBI had issued a new regulation in April, which came into effect from Oct 16, requiring payments companies to store all information about transactions involving Indians completely on servers in India.

Mastercard told PTI that all Indian transaction data is being stored at its technology center in Pune as of Oct. 6, as required by the RBI directive on data localization.

Mastercard, which is one of the world’s largest card issuer, said it has given a proposal to the RBI to delete back data from a certain date but is wary of consequences of such a move, including disputes over transactions.

“The proposal we have given (to RBI) is that we will delete it (data) from everywhere else, whether it is the card number, transaction details. The data will only be stored in India … we will start deleting that…,” the PTI quoted Singh as saying.

He also told the PTI that the company has proposed to the RBI that Indian data would be stored locally and not elsewhere.

The company has informed the Indian banking regulator about the impact of data deletion from its global server.

“But we have also said that it does have an impact. No other country has asked us like that. No other country in the world has asked us the data to be deleted from the global server and the reason why it is a concern for us because that would be weakening of the safety, security over a period of time,” PTI quoted Singh as saying.

When the news agency asked the company if it was complying with the RBI directives, Singh said from October Mastercard has started storing a copy of the data it is deleting or has deleted.

“…the date of (data) deletion (from global servers) is something which is not yet decided as we are waiting for the RBI to confirm back to us,” he said and added “we have proposed a certain date on which we will start deleting the data on a running/regular basis.”