India’s top banks investigate security breaches affecting 3.2 million debit cards

 Several Indian banks are issuing an advisory to their customers, asking them to change their security code (more popularly known as ATM pin) or better replace the card.

As many as 3.2 million Indian debit cards could be impacted, the paper added. Of this, 2.6 million are powered by Visa or Mastercard, while rest 600,000 cards work on top of country’s own RuPay platform. It’s not clear who is behind this, but report adds that some customers have observed activity in their cards from China.

Customers of SBI, HDFC Bank, ICICI, Yes Bank, and Axis are among the “worst-hit”, according to the same report. HDFC Bank reportedly asked some of its customers, including a Mashable India colleague, to change their PIN and avoid using ATMs of other banks. HDFC Bank also offered issuing a new debit card for free.

Earlier this week, country’s top public sector banking and financial services company State Bank of India said it had blocked cards of certain customers. The bank said that it had been warned by card network providers about risk to some cards, and it was blocking those cards as a precautionary measure. Though it has not disclosed how many cards were blocked, reports suggest that as many as 625,000 cards were affected.

“Card network companies NPCI, Mastercard and Visa had informed various banks about a potential risk to some cards owing to a data breach. Accordingly, we have taken precautionary measures and have blocked cards of certain customers identified by the networks,” SBI said in a statement.
Banks were alerted about this attack by Kaspersky Lab, the Economic Times reports. The engineer from the security firm noted that an offshore hacker had made an unauthorized access to Axis bank’s servers. The country’s third largest private sector lender told Reserve Bank of India (RBI) about the security attack, and hired the audit and advisory firm EY. The report claims that there is no suspicious fund transfer yet, but authorities are worried if the hacker planted a virus in their server.
Financial institutions aren’t having the best of the year. Earlier this year, hackers stole $81 million from the central bank of Bangladesh, uncovering poor firewalls the bank had in place. The bank’s system was connected to SWIFT global bank payment network.

UPDATE: Oct. 20, 2016, 2:20 p.m. IST Mastercard has issued the following statement. “We are aware of the data compromise event.  To  be clear, Mastercard’s own systems have not been breached.

At Mastercard, safety and security of payments is a top priority for us and  we are working on the investigations with the regulators,  issuers, acquirers, global and local law enforcement agencies and third  party payment networks to assess the current situation.”

“Mastercard is committed to implementing best  practices and technologies to protect its customers financial  institutions, consumers and merchants from fraud while ensuring their  privacy is respected.   Any concerned consumer should review their  account statements and activity.  If they suspect fraudulent or unusual  transactions, we encourage them to contact the bank that issues their  card for assistance and more information.”

Leave a Reply

Your email address will not be published. Required fields are marked *

*