3.2 mn Debit Cards Compromised, SBI and Others Badly Hit

Indian Banks shall either replace or ask users to change security codes of as many as ’3.2 million’ debit cards in what is emerging as one of the largest-ever breaches of financial data in the nation, people holding cognizance of the matter stated. Numerous victims have registered unauthorized usage from locations in China. Out of the cards, 2.6 million are said to be on the Master-Card and Visa platform and 6 lacs on the RuPay platform. The worst-hit of the banks are State Bank of India (SBI),HDFC Bank, YES Bank, ICICI Bank, and Axis Bank, the people added.

The breach is said to have emerged in malware introduced in systems of the Hitachi Payment Services, enabling the fraudsters to steal information allowing and thereby them to steal funds. Hitachi, which provides ATM, PoS – point of sale and other services, could not be reached for a single comment late Wednesday.

A forensic audit has been ordered by the Payments Council of India on Indian bank servers and systems to identify the origin of frauds which might have hit customer accounts. AP Hota – NPCI Managing Director (MD) said that they had received complaints from the banks about debit cards being utilized in China that aroused suspicion. He added that though maximum suspected fraudulent transactions happened in MasterCard and Visa network, they thought a whole forensic audit of the entire network would help them find out where the compromise occurred.

HDFC Bank said that it had already taken action a few weeks back by advising their customers to use only HDFC Bank ATMs as they believe security controls at other bank ATMs might not be at par with HDFC Bank ATMs.

On Wednesday, The Times of India had reported that the SBI would reissue 6 lac debit cards following a malware-related security breach. The SBI has asked their customers to change their PIN numbers as well.

Visa, MasterCard, ICICI Bank, Axis Bank and YES Bank didn’t respond to queries which were sent late on Wednesday. Banks had been constantly receiving multiple complaints from the customers about cards being swiped in China at numerous ATMs and point of sale terminals. They in turn changed Visa and MasterCard. A forensic audit is being conducted by SISA – Bengaluru-based payment security specialist.

Some sources said that the malware infection took about 6 weeks to detect, compromising transactions which took place during this period. A massive figure of 3.2 million cards were utilized on the Hitachi network during this period.