Hitachi Payments Services accepted that its systems were compromised in mid-2016 due to a sophisticated malware.
It led to one of the biggest security breaches in the country, affecting 3.2 million cards and spreading fright over security of card-based transactions.
The company made the acknowledgement after receiving an assessed report from SISA Information Security, a payments and information security audit firm.
Debit card serves as a payment card that facilitates the user to help initiate payments for purchases.
Used as an alternative to cash, the money transacted comes from the user's bank account.
The cards also help the customer withdraw money from ATMs, using a personal identification number (PIN) for authentication.
Most payment cards are supported by Visa and MasterCard which serve as payment processors.
Risks and fraud
The myriad of risks associated with debit cards
Debit cards, with the massive amount of sensitive bank information, could pose a security threat to the user.
One of the most recent cases in Kerala highlights the dangers of payment card skimming, wherein a user's card and PIN information is stolen by installing cameras at ATMs.
In August this year, nearly 4.5 lakh was skimmed from 20 people at an ATM in Thiruvananthapuram.
12 Aug 2016
RBI sets norms for online banking frauds
In August, the RBI issued a notice that set norms for a customer's liability to make payments in case of fraudulent activities.
The central bank stated that if the customer informs the lender of an unauthorized transaction by a third party within three working days, the customer will not be held liable.
This will happen if the bank is held responsible for the fraud.
20 Oct 2016
Over 3.2 million debit cards face security breach
In one of the biggest financial security breaches in India, nearly 3.2 million debit cards' information and details were compromised, according to reports.
Reports stated that several unauthorized transactions were initiated from various regions in China.
The Indian banks that faced the security threat were the State Bank of India, HDFC Bank, ICICI Bank, YES Bank and Axis Bank.
Which payment platforms are the worst hit?
Nearly 2.6 million of the compromised bank information was reported to be on the Visa and MasterCard platform, while around 60,000 was pitched to be on the RuPay platform.
How did the breach arise?
The security threat arose from a malware that had been introduced into Hitachi's payment services systems.
The malware enabled the fraudsters to obtain bank account information that helped them steal the funds.
The Payments Council of India has initiated a forensic audit across bank servers to trace the origin of these frauds.
Banks have also requested their users to change their PINs.
Banks to replace 17.5 lakh debit cards
"Besides advising those customers who we know have used a non-HDFC Bank ATM in the recent past to change (their) ATM PIN, we are advising our customers to use only HDFC Bank ATMs," HDFC said. RBI also directed banks to replace all compromised debit cards.
21 Oct 2016
Finance Ministry reassures that 99.5% debit cards safe
The Finance Ministry has reassured the public that 99.5% of debit cards are safe and only a few were compromised in the recent security breach.
However, in an alarming development officials admitted that the fraud was not detected for over 3 months.
The NPCIL is working with investigators; however, the RBI has yet to comment on the matter.
23 Oct 2016
RBI to issue debit card security guidelines
The Reserve Bank of India is set to issue a set of stringent security guidelines for the use of debit cards.
The government has also sought a detailed report on the recent massive security breach that affected over 3.2 million debit cards in the country.
Experts assessed that the state of cyber security in Indian banks needs to be revamped.
25 Oct 2016
Security breach: RBI to take action against bank of origin
The RBI stated that it will initiate action against the bank where the recently disclosed debit card security breach originated; RBI is currently conducting an investigation into the breach.
It also lambasted banks for advising customers to use only in-house ATMs, saying the advisory was misleading.
It asked all banks to immediately comply with the cyber-security requirements issued on 2 June this year.