Despite opposition from multinational financial services players including those from the United States, the Reserve Bank of India has reiterated that the entire payment data shall be stored in systems located only in India.

The data should include end-to-end transaction details and information pertaining to payment or settlement transactions that is gathered as part of payment instructions.

“There is no bar on processing of payment transactions outside India if so desired by the Payment System Operators (PSOs). However, the data shall be stored only in India after the processing. The complete end-to-end transaction details should be part of the data,” the RBI said in an FAQ document released on Wednesday.

The data may be shared with the overseas regulator, if so required, with due approval of RBI.

Data to be stored include — customer data (name, mobile number, email, Aadhaar number, PAN number, etc as applicable); payment sensitive data (customer and beneficiary account details); payment credentials (OTP, PIN, passwords, etc); and transaction data (originating and destination system information, transaction reference, timestamp, amount, etc).

Clarifying on its April 2018 circular, the central bank also said: “In case the processing is done abroad, the data should be deleted from the systems abroad and brought back to India not later than one business day or 24 hours from payment processing, whichever is earlier. The same should be stored only in India.”