A number of major Indian banks are taking safety measures amid fears that the security of over 6.5 million debit cards has been compromised. Some of the affected banks have been asking their customers to change security codes. They are also blocking and replacing debit cards. The breach is thought to have been caused by malware on an ATM network.
How big is the problem?
This is one of the biggest data breaches in the country — about 6.5 million cards issued by Indian banks could be potentially replaced, or their holders asked to change their PINs to avoid fraud. The National Payments Corporation of India (NPCI), which controls all retail payments systems in India, confirmed in a statement that there was a “possible compromise at one of the payment switch provider’s systems”. The probe by NPCI also found a malware-induced security breach in the systems of Hitachi Payment Services, which provides ATMs, point of sale and other services in India. According to NPCI, around 90 ATMs have been compromised, and at least 641 customers across 19 banks have lost Rs 1.3 crore as a result of fraudulent transactions on their debit cards.
Following this, India’s largest bank, State Bank of India (SBI), reportedly blocked approximately 6 lakh debit cards following a malware-related security breach in a non-SBI ATM network. Several other banks, such as Axis Bank, HDFC Bank and ICICI Bank, too have admitted being hit by similar cyber attacks — forcing Indian banks to either replace or request users to change the security codes.
The Indian government went into damage control mode
To curtail the risks emerging from a possible data breach, the Indian government asked regulator Reserve Bank of India (RBI) as well as banks to provide details of the data breach and also preparedness to deal with cyber crimes. The Indian finance ministry is reportedly in constant touch with SBI chairman, and has also instructed the Indian Banks’ Association to direct lenders to replace debit cards wherever required. “Have sought a report in the debit card issue. The idea is to contain the damage”, said India’s Finance Minister Mr. Arun Jaitley. Reportedly, a preliminary input “sort of report” is already with the government and the government is awaiting further details from the final report.
However as per the latest details, emerging the Visa and MasterCard, have confirmed that their own networks had not been compromised, however the Hitachi subsidiary Hitachi Payment Services, which manages some of the ATM network processing, is still investigating the matter, including whether there was a malware problem.
As per RBI data, there were about 697.22 million debit cards till July-end.
by Ashwani Srivastava