30 lakh debit cards under threat: What we know about India's biggest ATM security breach yet

The problem

About 30-32 lakh debit cards are learnt to have come under threat of potential fraud after a ATM security breach through malware infestation. According to media reports, the payment systems of Hitachi Payment Services were infested with malware that helped miscreants to steal personal information and do fraudulent transactions.

Banks, cards affected

A report in The Economic Times says citing sources that cards issued by State Bank of India, HDFC Bank, ICICI Bank, YES Bank and Axis Bank as "worst affected". The cards, as per the report, include 2.6 million of Visa and MasterCard and 6 lakh of RuPay cards.

How the breach happened

The breach might have happened at YES Bank as Hitachi manages the bank's ATMs, says a report in The Times of India. The reason why other banks became vulnerable is because YES Bank ATMs see many third party transactions, says the report. What is worrisome is that the breach was effected in such a way that anyone using the bank's ATMs in the region would risk having data compromised, a PTI report said citing bankers.

"Data processes of one private bank was compromised which affected other banks' customers well. Customers who used that bank's ATM stand to get potentially affected," the PTI report quoted a banker as saying without naming the bank. Though the bankers claim the breach has not led to any monetary losses to anyone, the ET report says some customers have complained of unauthorized usage from China.

YES Bank on its part has "proactively undertaken a comprehensive audit of ATMs". "There is no evidence of a breach or compromise on ATMs. We continue to work with relevant stakeholders, including other public sector and private banks, and NPCI, to ensure utmost safety and security of ATM network and payment services which are completely safe to use," a bank spokesperson told the PTI.

Hitachi too has denied that its systems have been compromised. "I do not think it is necessary for any bank to reissue cards," Loney Antony, MD, Hitachi Payment Services, has been quoted as saying in the ToI report.

Steps taken by banks

The breach happened sometime between May and July. Banks have been alerting customers to change the security PIN or even replacing the cards. Bankers have told PTI that all measures being taken are to safeguard the system against any potential threat.

RBI steps

The PTI quotes an RBI official as saying that the central bank is seized of the matter and is looking into the issue. According to the Times of India, the infested systems have been quarantined and inspected, the affected cards have been spotted. The RBI has also asked banks to inform it about any suspected fraud immediately, the report said.

Source Updated: Oct 20, 2016 08:44 IST in www.firstpost.com Business section