Indians are finally facing the unfortunate reality of cyberattack, and that too in its worst form — financial hack. According to numerous reports, over 30 lakh(approx 3.2 million) bank debit cards have come under threat due to a recent security breach at a private bank’s ATM.
The data breach of these debit cards has caused mass panic among countrymen, who are now under threat of potential financial fraud. Though the banks claim that there haven’t been any monetary losses but several victims have reported unauthorised usage of their cards from multiple locations in China. The breach is reported to have occured sometime between May and June.
This massive security breach seems to have originated from private bank ATMs that were infested with a malware infection. This malware is suspected of being introduced in systems of Hitachi Payment Services, enabled hackers to secure info about cards that will allow them to steal funds, reports TOI. Hitachi not only provides ATM services but also point-of-sale(POS) and other payment services to its merchants.
Digging a little deep, it has been been discovered that there is a possibility of the breach being introduced at a YES Bank ATM managed by Hitachi. But the biggest trouble surrounding this breach is that it effected the systems in such a way that anyone using the bank’s ATM could face the risk of having their data compromised.
All debit card info breached via this malware attacks includes 2.6 million of Visa and MasterCard cards and 6 lakh of RuPay cards. Sources privy to the matter also suggest that cards issued by State Bank of India, HDFC Bank, ICICI Bank, YES Bank and Axis Bank are “worst affected” by this breach.
But why were other bank debit cards were affected in this breach, you ask? Well, you all must be well aware of the fact that acocunt/debit card holders now have access to ATMs of any bank. So, users who’ve used YES Bank ATMs for third-party transactions would have been affected in this breach.
Data processes of one private bank was compromised which affected other banks’ customers well. Customers who used that bank’s ATM stand to get potentially affected,
says anonymous bankers aware of the matter.
In wake of these events, the Payments Council of India has ordered a forensic audit on Indian bank servers and systems to detect the origin of frauds. The same is being pursued aggressively due to suspision around increasing number of complaints of transactions in China. Commenting on the same, NPCI Managing Director AP Hota says,
Though most of the suspected fraudulent transactions happened in the Visa and MasterCard network, we thought a whole a forensic audit of the entire network will help us find out where the compromise happened.
Though the number of debit cards affected by the security breach are a mere half per cent of the total number of cards issued in the country, but this is being termed as the biggest-ever breach of financial data in India. Though the specifics mentioned above might seem a bit alluring, but banks have advised customers to not panic. They are taking immediate steps to mitigate any financial loss for their customers.
HDFC Bank and SBI are the first and foremost runners who’ve already intimated their customers of the breach and advised those who regularly use third-party non-HDFC ATMs to change their debit card PINs as soon as possible. They’ve also advised customers to use only HDFC Bank ATMs as they believe security controls at other bank ATMs may not be at par with their standards. SBI, on the other hand, has reported that it would block and re-issue 600,000 debit cards following the security breach.
Whereas Loney Antony, MD of Hitachi Payment Systems, whose cash-dispensers have come under question in this breach says,
I do not think it is necessary for any bank to reissue cards.
The Reserve Bank of India(RBI) is currently also working with major Indian banks to look into the breach, and has also suggested all customers to immediately change their ATM debit card’s PIN to secure themselves from any menotary losses in the near future.