AWS Says Technology Helps Firms Meet Changing Data Localization Regulations

AWS Head of Payments Mark Smith

Technology can help banks and payment companies stay in conformance with local data regulations, AWS Head of Payments Mark Smith writes in a new PYMNTS eBook, “Beyond the Horizon: How to Identify Unexpected Threats That Could Impact Your Business.”

Payment transactions are processed through multiple parties with data passed along to each party to ensure the transaction’s legitimacy and facilitate approval and the flow of funds. With factors ranging from geopolitics to global pandemics to provinciality, the potential for countries, government agencies and central banks to focus on localization continues to increase. As countries enact data localization and local payment data processing regulations, banks and payment companies will need to find ways to stay in conformance with applicable laws and regulations. Leveraging cloud infrastructure and modern data analytics can help them do this, enabling them to approve only legitimate transactions, reduce fraud and create a frictionless customer experience.

At AWS, we’ve been helping payment customers in countries like India, Indonesia and Switzerland ensure that they are retaining and processing the necessary data in-country (within AWS regions) without having to support their own data centers and staff, drastically reducing time to conform with regulations from years to months. Our payments customers are also using AWS Local Zones and AWS Outposts to ensure they can utilize the AWS services they require for things like data analytics, personalization, credit worthiness and fraud prevention in countries where AWS doesn’t yet have a region but customers want to keep data close to their data centers. AWS launched Amazon Payment Cryptography, a cloud-native Payment HSM managed service, in 2023 and our customers are excited to be able to have a PCI-compliant service for card payment cryptography in the cloud without having to maintain dedicated data centers or co-location facilities, reducing overhead and latency. As more payments companies move core processing to the cloud, the availability of this service enables them to be where their customers need them without incurring large fixed costs to deploy physical HSMs. We expect that as this service expands to more AWS regions, and as more countries enact data processing localization, banks and payments companies will find more and more value from this service.

From a fraud prevention standpoint, we expect payments companies to turn to evolving machine learning techniques like federated learning, where they can retain the data and train models locally while sharing the model updates globally to maintain data privacy and security.  Organizations are enhancing their federated learning approach with privacy-enhancing technologies (PETs) in the cloud to enable collaboration while meeting local requirements such as Europe’s General Data Protection Regulation (GDPR) and India’s Personal Data Protection Bill (PDPB).

As efforts to require localized data and payment data processing increase, we see a lot of opportunities to help payments companies conform to these requirements. And a byproduct of leveraging the cloud to help adhere to these regulations will be faster time to market and better customer experiences. The ability to spin up IT resources in the cloud to test out ideas and then scale the successful ones is one of the biggest drivers of disruption in the payments industry.

PYMNTS eBook