ISLAMABAD: Interior Minister Chaudhry Nisar Ali Khan on Thursday suspended an agreement between MasterCard and the National Database and Registration Authority (NADRA) after issues regarding security of national database and violations of laid-down procedures were highlighted in a media report.
NADRA had entered into an agreement with MasterCard, an online payment processing company, to carry out financial transactions by using NADRA and MasterCard systems. The Banker Pakistan on Thursday reported that NADRA did not have a mandate to render financial services and its endeavour for the sake of earning money may compromise security of the national database.
Nisar’s decision to act swiftly suggests that the NADRA administration had not properly briefed the minister about the pros and cons of the agreement.
The minister said the agreement was made without a written permission by the government and without any consultation with the stakeholders. Sensitive security matters were not kept in view while signing the agreement, he added.
Nisar questioned as to under which rules a foreign company was being given access to the NADRA database. He also sought an explanation from NADRA on the agreement.
It was not immediately clear whether the interior minister took some NADRA officials to task. NADRA was eying a big pie of the fee that the sender of the money was supposed to pay on conducting the financial transaction.
The State Bank of Pakistan (SBP) had also decided to look into the agreement amid concerns over the mandate of NADRA and security of the national database. The central bank’s spokesman had told The Banker Pakistan that the SBP was looking into this agreement and getting more information from the two parties about the arrangement.
On January 18, MasterCard announced a strategic collaboration with Pakistan’s NADRA Technologies. The announcement was made during MasterCard’s participation in the World Economic Forum Annual Meeting in Davos, Switzerland.
MasterCard said “the move will allow Pakistani citizens to carry out financial transactions and receive government disbursements by utilising the unique 13-digit identification number of their identity card.”
Citizens would also be able to use their CNIC to send and receive domestic and international remittances, it added.
However, NADRA does not have the mandate to render payment services and venturing into any such area would require prior approval of the central bank. The payment service falls under the Payment Service and Electronic Funds Transfer Act of 2007.
The third player
Unlike the MasterCard press release, it was a tripartite arrangement among NADRA, MasterCard and Faysal Bank, a NADRA official had said.
He said the purpose of involving Faysal Bank was to meet the regulatory requirements of the SBP.
NADRA had also not obtained the necessary authorisation from the Pakistan Remittance Initiative and without its authorisation it was illegal to receive remittances from abroad. The payment processing centres or the servers of MasterCard are in foreign jurisdictions, some not friendly to Pakistan, which could have created issues like replication of the users’ data.
NADRA hosts sensitive data on the total population and according to insiders there are roughly 10,000 attacks per month that attempt to crack its database, which have so far remained unsuccessful due to its arrangements.
NADRA officials had insisted that MasterCard would not have access to its secure database. They said the sender of the money would log in to the NADRA website and feed the receiver’s CNIC number. Then NADRA would send this information to MasterCard for verification.
In 2014, Russia had also raised concerns about the security of the Russian banking system due to locations of the processing centres of MasterCard and Visa outside its territory. After that, MasterCard had announced to shift its servers to Russia.