Mastercard Inc. is concerned that India’s strict data localization rules could compromise its ability to detect frauds and money laundering in the domestic payments system.
Storing customer data exclusively in India without creating mirror sites overseas is risky because “it takes away the capability to see the broader world,” said Mastercard’s Chief Product Officer Michael Miebach. However, he said the U.S. firm intends to comply with the new rules despite missing last year’s deadline to localize all its Indian data.
“As an industry, we need to respect the reality, and the reality is that’s where the country is going,” Miebach said in a recent interview in Singapore.
In April, the Reserve Bank of India asked payment firms to ensure their data are stored exclusively on local servers, setting a tight six month deadline for compliance. India, China and Russia have some of the strictest data localization rules.
Mastercard and its larger rival Visa Inc. were among those that requested an extension after missing the RBI’s October deadline.
Because international companies tend to store their data on global servers, countries that require data localization force them to make additional investment in expensive domestic infrastructure and storage systems.
Miebach said that Mastercard is still working on how to ensure the Indian data is protected once it moves all the information to storage inside the country. A mirror site overseas would help detect frauds and spot money laundering patterns because they often take place across borders, Miebach added.
“Over time we have learned to adapt, we can make it work in the local context,” he said. “The market is way too important to take any risks on that. We will deliver.”