After reports of a breach in a private bank’s ATM security portal, around 30 lakh Debit cards are currently under a risk of potential fraud. Termed as the biggest security breach in Indian Banking History, this breach puts around 0.5% of the total debit cards issued in the country in a fear of possible Bank phishing, online identity theft and unnecessary payments for transactions that the users never agreed to.
The breach was triggered by an infestation of Hitachi Payment Services with a malware that transmits personal data of these cardholders back to the miscreants. According to The Economic Times, cards issued by State Bank of India, HDFC Bank, ICICI Bank, YES Bank and Axis Bank are “worst affected”. In the same report, it stated, 26 lakhs of the total cards use Visa’s payment gateway and the remaining cards use government’s RuPay payment clearing gateway.
In a report by The Times Of India, such large numbers of debit cards are affected because the Hitachi Payment Services, which manages the security and clearance of Yes Bank’s ATMs all across the country is also responsible for clearing all payments and transactions of third party banks through Yes Bank ATMs. “Data processes of one private bank was compromised which affected other banks’ customers well. Customers who used that bank’s ATM stand to get potentially affected,” an undisclosed banker told PTI.
Till date no bank has officially claimed any sort of loss to any customer, but the vulnerability is too high to ignore. It is being claimed by few experts that this is such a large scale risk that it might even bring the entire Indian Banking Industry on its knees. An ET report also says that some customers are complaining of unauthorised access from China.
A spokesperson from Yes Bank was quoted by PTI saying that “There is no evidence of a breach or compromise on ATMs. We continue to work with relevant stakeholders, including other public sector and private banks, and NPCI, to ensure utmost safety and security of ATM network and payment services which are completely safe to use.” Also, he added that as a proactive step the bank has started a comprehensive audit of its ATMs.
Hitachi too has denied any sort of breach in their payment clearance system. “I do not think it is necessary for any bank to reissue cards,” Loney Antony, MD, Hitachi Payment Services was quoted in a TOI news.
For the banks, the safety of their customers is their primary responsibility, and as soon as the breach was discovered, banks have asked their customers to change their ATM security PIN or to consider replacing their ATM cards with a new one. RBI too has stepped into the matter and in a report by PTI, a RBI official has said that the malware has been inspected and quarantined and the infected debit cards to have been identified and the Banks are in process to change these vulnerable cards.