A number of Indian banks are adopting extraordinary measures fearing a security breach that could have exposed as many as 3.25 million debit cards (0.5 percent of the nearly 700 million debit cards issued by banks in India).
“A slew of banks in India are replacing or asking their customers to change security codes of as many as 3.25 million debit cards due to fears that the card data may have been stolen in one of the country’s largest-ever cyber security incidents.” reported the Reuters.
In September, several banks’ customers reported to Visa, Mastercard, and RuPay (National Payments Corp of India (NPCI)) fraudulent activities involving their debit cards. According to the chief of NPCI, the fraudulent transactions spotted by the clients were prevalently observed in China and the United States.
A.P. Hota, NPCI Chief Executive, explained that one of the payment switch provider’s systems might have been compromised. Giving a close look at the numbers behind this security breach that involved some 90 ATMs, 2.65 million are on Visa and MasterCard platforms.
Both Visa and Mastercard issued a statement to confirm that their networks had not been hacked and confirmed their support to the ongoing investigation.
The switches are crucial components of the back-end network of a bank and are involved in ordinary ATM operations.
The card network providers already reported the issue to the affected banks that decided as a preventive measure to replace customers’ cards.
“Necessary corrective actions already have been taken and hence there is no reason for bank customers to panic.” said Hota downgrading the problem.
According to the Reuters, the NPCI did not disclose the name of the payment switch provider who was compromised, however, banking industry sources revealed that the financial institution is the Hitachi Ltd subsidiary Hitachi Payment Services, which manages ATM network processing for Yes Bank Ltd.
Yes Bank issued a statement to confirm it is reviewing the security, but its experts haven’t found any anomaly.
The State Bank of India promptly blocked debit cards of some customers after and now it was replacing those cards to prevent fraudulent activities.
The Reuters provided further details about a possible impact on the Indian bank customers:
“Complaints of fraudulent cash withdrawals affected a total 641 customers of 19 banks, and the money involved was 13 million rupees ($194,612), according to NPCI.” reported the Reuters.
“ICICI Bank (ICBK.NS), HDFC Bank (HDBK.NS) and Axis Bank (AXBK.NS) – the top three private sector lenders – confirmed in separate statements some of their customers’ card accounts had been possibly breached after use at outside ATMs. The banks said they had advised the clients to change their PINs.”
“Standard Chartered’s (STAN.L) Indian unit has also begun to re-issue debit cards for some customers”
(Security Affairs – Indian banks, security breach)