3.2 Million debit cards compromised

Site Administrator

Editorial Team

26 Oct, 2016

347 Times Read.


RSS Feeds RSS Feed for this Article

One of the biggest data security breaches in Indian banking.


In what has been termed one of the biggest data breaches in the banking industry in India so far, 3.2 million debit card details have been stolen. These debit cards are understood to have been used at ATMs that are suspected to have exposed card and PIN details to malware at the back end. There are also new reports linking these hackings to cyberattacks from Pakistan post Indian Army’s surgical attacks across LoC.


Exercise for the readers:

Please the following article on the above subject and give your points and suggestions for discussion,

Q1. what should be done to stop such breach in future.

Q2. Who should be made liable for such frauds, and why?

Q3. How we can control such actions, so that such breach does not happen in future.

Top 12 points to know about debit card breach


1. Payments Council of India orders audit

A forensic audit has been ordered by Payments Council of India on Indian bank servers and systems to detect the origin of frauds that might have hit customer accounts.

2. CERT-In had warned banks of cyberattacks from Pakistan

On October 7, CERT-In had issued a warning about ‘expected targeted attacks from Pakistan’, in the wake of India’s counterstrike across the border following terror attacks in Jammu and Kashmir.

3. Who’ll foot the bill? Banks or payment providers?

Indian banks stung by the biggest financial data breach to hit the industry are scampering to contain the damage and compensate the affected account holders.

4. 90 ATMs hacked

According to National Payment Corporation of India (NPCI), 90 ATMs have been compromised, and at least 641 customers across 19 banks have been hit. NPCI is the nodal agency that connects the country’s ATMs and runs the RuPay gateway.

5. Total amount lost Rs 1.3 crore

As per NPCI, total amount lost due to fraudulent transactions on hacked debit cards is Rs 1.3 crore.

6. How exactly does the malware work?

Malware is malicious software in the form of viruses, worms, trojans, ransomware, spyware and other programmes. It is likely that computer systems at ATMs or bank servers were affected by malware and allowed fraudsters to access confidential debit card data.

7. RBI asks banks to submit report

RBI has directed banks trying to plug India’s biggest such data theft to submit a report on the magnitude of the security breach at their ATMs, pending a forensic report that’s expected by the end of the month, said two people familiar with the development.

8. Banks to face penalties

According to reports, banks that failed to act in time may face penalties.

9. About 7,000 websites attacked

After the strikes across the border, there have been a number of attacks on various Indian websites, some reports put the number to as high as 7,000 by Pakistani hackers.

10. The worst-affected banks

The worst-hit of the card-issuing banks are State Bank of India, HDFC Bank, ICICI Bank, YES Bank and Axis Bank.

11. Hitachi denies its systems hacked

The breach is said to have originated in malware introduced in systems of Hitachi Payment Services, enabling fraudsters to steal information and allowing them to steal funds. Hitachi provides ATM, point of sale (PoS) and other services to several banks in India.

Hitachi Payment Systems, which provides ATM and point of sale services, has, however, denied that the malware infection stemmed from its servers. The company, which serves more than 50,000 ATMs in the country, cited an internal audit in its defence.

12. Card platforms hit

Of the debit cards hit by the breach, 2.6 million are said to be on Visa and Master Card platform, while 600,000 on RuPay platform. The banks, Visa and Master Card all reportedly said that their systems weren’t breached. Some said that information may have been compromised when customers used ATMs that didn’t belong to the respective banks.

How did the crisis begin and unfold?

National Payments Corporation of India (NPCI), which has oversight over retail payments systems in India; probed and found a malware-induced security breach in the systems of Hitachi Payment Services, which provides ATMs, point of sale and other services in India. The investigation alleged that the security breach occurred in the ATMs of a particular private bank.


How big is the problem? How many debit cards have been impacted?

This is one of the biggest data breaches in the country — about 3.2 million cards issued by Indian banks could be potentially replaced, or their holders asked to change their PINs to avoid fraud. According to NPCI, 90 ATMs have been compromised, and at least 641 customers across 19 banks have lost Rs 1.3 crore as a result of fraudulent transactions on their debit cards.


How exactly does the malware work?

Malware is malicious software including viruses, worms, trojans, ransomware, spyware and other programmes that damages computer systems at ATMs or bank servers, and allows fraudsters to access confidential debit card data. In this case, swiping a card at an allegedly compromised ATM allowed the data on the card to be transmitted to the fraudsters, who then misused it for fraudulent transactions.


What are banks doing to protect cardholders?

Since most of the cards at risk are not chip-based, banks are planning to replace them with chip-based ones. The council of Payment Card Industry Data Security Standard (PCIDSS), an international body that sets data security standards, has ordered a forensic audit of the data breach in India, which will be concluded by the end of this month.


Who is liable if a card is subject to fraud orchestrated by a third party?

According to the RBI’s draft circular on customer protection, a customer is not liable for a third-party breach, or where negligence or fraud is on the part of the bank, if the customer informs the bank of the fraud within 3 working days of receiving a communication from the bank on any unauthorised transaction.


What is RBI doing to mitigate cyber attacks on financial institutions?

In June 2016, RBI issued instructions on a cyber security framework in banks, asking them to put in place a board-approved cyber security policy, prepare a cyber crisis management plan, and make arrangement for continuous surveillance. The circular also asked banks to share unusual cyber security incidents with RBI.

The Swedish newspaper was recently asked it to delete the reference made by President Pranab Mukherjee to the Bofors scam in an interview to it, as a claim protested by the Indian Government on 27 May 2015. India has expressed disappointment over the disrespect shown to the President, the newspaper has defended its right to publish what was said during the interview.

Know, who is Vijay Kelkar and what is PPP !

Vijay Kelkar is a renowned economist and a former Finance Secretary. He was appointed head of newly constituted committee to give recommendations to recast the model of Public-Private-Partnership (PPP) model in India. India is one of the largest PPP market with over 900 projects. The Kelkar committee will review the PPP policy, suggest a better risk-sharing mechanism between private developers and the government after analysing such projects.

Know, who is Yaduveer Krishnadatta Chamaraja Wadiyar !

Yaduveer Krishnadatta Chamaraja Wadiyar was crowned as the new Maharaja of of Mysuru (Mysore) royal family. He is the 23-year old grandson of Princess Gayathri Devi, who was the eldest daughter of the last Maharaja of Mysore, Sri Jayachamarajendra Wadiyar. The coronation was held at Mysuru’s famous Amba Vilas Palace, which was decked up for the occasion.

Know about Sepp Blatter!

Swpp Blatter, was re-elected as FIFA president for a fifth term at the 65th Annual Congress of FIFA held at Zurich for four year term.

Prince Ali bin al-Hussein of Jordan stood against Blatter in this election. It is worth mentioning that FIFA is going through a major controversy regarding corruption in the organisation with two FIFA vice presidents and a recently elected FIFA executive committee member still in custody.


Responses on This Article

Template Design © VibeThemes. All rights reserved.