Interior minister suspends NADRA-MasterCard agreement

Says deal made without written govt permission and any consultation with stakeholders


Shahbaz Rana January 27, 2017
Says deal made without written govt permission and any consultation with stakeholders. PHOTO: FILE

ISLAMABAD: Interior Minister Chaudhry Nisar Ali Khan on Thursday suspended an agreement between MasterCard and the National Database and Registration Authority (NADRA) after issues regarding security of national database and violations of laid-down procedures were highlighted in a media report.

NADRA had entered into an agreement with MasterCard, an online payment processing company, to carry out financial transactions by using NADRA and MasterCard systems. The Express Tribune on Thursday reported that NADRA did not have a mandate to render financial services and its endeavour for the sake of earning money may compromise security of the national database.

Nisar’s decision to act swiftly suggests that the NADRA administration had not properly briefed the minister about the pros and cons of the agreement.

The minister said the agreement was made without a written permission by the government and without any consultation with the stakeholders. Sensitive security matters were not kept in view while signing the agreement, he added.

Nisar questioned as to under which rules a foreign company was being given access to the NADRA database. He also sought an explanation from NADRA on the agreement.

It was not immediately clear whether the interior minister took some NADRA officials to task. NADRA was eying a big pie of the fee that the sender of the money was supposed to pay on conducting the financial transaction.

The State Bank of Pakistan (SBP) had also decided to look into the agreement amid concerns over the mandate of NADRA and security of the national database. The central bank’s spokesman had told The Express Tribune that the SBP was looking into this agreement and getting more information from the two parties about the arrangement.

Background

On January 18, MasterCard announced a strategic collaboration with Pakistan’s NADRA Technologies. The announcement was made during MasterCard’s participation in the World Economic Forum Annual Meeting in Davos, Switzerland.

MasterCard said “the move will allow Pakistani citizens to carry out financial transactions and receive government disbursements by utilising the unique 13-digit identification number of their identity card.”

Citizens would also be able to use their CNIC to send and receive domestic and international remittances, it added.

However, NADRA does not have the mandate to render payment services and venturing into any such area would require prior approval of the central bank. The payment service falls under the Payment Service and Electronic Funds Transfer Act of 2007.

The third player

Unlike the MasterCard press release, it was a tripartite arrangement among NADRA, MasterCard and Faysal Bank, a NADRA official had said.

He said the purpose of involving Faysal Bank was to meet the regulatory requirements of the SBP.

NADRA had also not obtained the necessary authorisation from the Pakistan Remittance Initiative and without its authorisation it was illegal to receive remittances from abroad. The payment processing centres or the servers of MasterCard are in foreign jurisdictions, some not friendly to Pakistan, which could have created issues like replication of the users’ data.

NADRA hosts sensitive data on the total population and according to insiders there are roughly 10,000 attacks per month that attempt to crack its database, which have so far remained unsuccessful due to its arrangements.

NADRA officials had insisted that MasterCard would not have access to its secure database. They said the sender of the money would log in to the NADRA website and feed the receiver’s CNIC number. Then NADRA would send this information to MasterCard for verification.

In 2014, Russia had also raised concerns about the security of the Russian banking system due to locations of the processing centres of MasterCard and Visa outside its territory. After that, MasterCard had announced to shift its servers to Russia.

Published in The Express Tribune, January 27th, 2017.

Like Business on Facebook, follow @TribuneBiz on Twitter to stay informed and join in the conversation.

 

COMMENTS (1)

Striver | 7 years ago | Reply NADRA officials would have compromised personal data of all PKs in one stroke. Somebody put some sense in them and I think it must have been the "agency". Do we have any competent people left in these government organisations or are they all "in for the money"?
Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ