Over 3.2 million debit cards face security breach

20 Oct 2016 | Written by Sneha Johny; Edited by Gaurav
Security breaches across Indian banks

In one of the biggest financial security breaches in India, nearly 3.2 million debit cards' information and details were compromised, according to reports.

Reports stated that several unauthorized transactions were initiated from various regions in China.

The Indian banks that faced the security threat were the State Bank of India, HDFC Bank, ICICI Bank, YES Bank and Axis Bank.

In context: Security breaches across Indian banks

AboutDebit cards

Debit card serves as a payment card that facilitates the user to help initiate payments for purchases.

Used as an alternative to cash, the money transacted comes from the user's bank account.

The cards also help the customer withdraw money from ATMs, using a personal identification number (PIN) for authentication.

Most payment cards are supported by Visa and MasterCard which serve as payment processors.

Risks and fraudThe myriad of risks associated with debit cards

Debit cards, with the massive amount of sensitive bank information, could pose a security threat to the user.

One of the most recent cases in Kerala highlights the dangers of payment card skimming, wherein a user's card and PIN information is stolen by installing cameras at ATMs.

In August this year, nearly 4.5 lakh was skimmed from 20 people at an ATM in Thiruvananthapuram.

Love Business news?
Stay updated with the latest happenings.
RBI sets norms for online banking frauds

12 Aug 2016RBI sets norms for online banking frauds

In August, the RBI issued a notice that set norms for a customer's liability to make payments in case of fraudulent activities.

The central bank stated that if the customer informs the lender of an unauthorized transaction by a third party within three working days, the customer will not be held liable.

This will happen if the bank is held responsible for the fraud.

20 Oct 2016Over 3.2 million debit cards face security breach

Which payment platforms are the worst hit?

Nearly 2.6 million of the compromised bank information was reported to be on the Visa and MasterCard platform, while around 60,000 was pitched to be on the RuPay platform.

SpecificsHow did the breach arise?

The security threat arose from a malware that had been introduced into Hitachi's payment services systems.

The malware enabled the fraudsters to obtain bank account information that helped them steal the funds.

The Payments Council of India has initiated a forensic audit across bank servers to trace the origin of these frauds.

Banks have also requested their users to change their PINs.

Love Business news?
Stay updated with the latest happenings.

Banks to replace 17.5 lakh debit cards

"Besides advising those customers who we know have used a non-HDFC Bank ATM in the recent past to change (their) ATM PIN, we are advising our customers to use only HDFC Bank ATMs," HDFC said. RBI also directed banks to replace all compromised debit cards.

21 Oct 2016Finance Ministry reassures that 99.5% debit cards safe

The Finance Ministry has reassured the public that 99.5% of debit cards are safe and only a few were compromised in the recent security breach.

However, in an alarming development officials admitted that the fraud was not detected for over 3 months.

The NPCIL is working with investigators; however, the RBI has yet to comment on the matter.

23 Oct 2016RBI to issue debit card security guidelines

The Reserve Bank of India is set to issue a set of stringent security guidelines for the use of debit cards.

The government has also sought a detailed report on the recent massive security breach that affected over 3.2 million debit cards in the country.

Experts assessed that the state of cyber security in Indian banks needs to be revamped.

25 Oct 2016Security breach: RBI to take action against bank of origin

The RBI stated that it will initiate action against the bank where the recently disclosed debit card security breach originated; RBI is currently conducting an investigation into the breach.

It also lambasted banks for advising customers to use only in-house ATMs, saying the advisory was misleading.

It asked all banks to immediately comply with the cyber-security requirements issued on 2 June this year.

11 Feb 2017Banking security breach: Hitachi Payments Services accepts mistake

Hitachi Payments Services accepted that its systems were compromised in mid-2016 due to a sophisticated malware.

It led to one of the biggest security breaches in the country, affecting 3.2 million cards and spreading fright over security of card-based transactions.

The company made the acknowledgement after receiving an assessed report from SISA Information Security, a payments and information security audit firm.