Skip to main content

Indian banks hit by massive cyber security breach, 3.2 million debit cards reportedly compromised

Breaches like this tend to go viral. If a?card-holder of a non-affected bank swipes his card at an?ATM of an?affected bank, then the non-affected bank also becomes a target. Photograph: (Getty)

WION New Delhi, Delhi, India Oct 20, 2016, 10.30 AM (IST) Vrinda Aggarwal

The Indian banking industry has been hit by a major cyber security breach with almost 3.2 million debit cards reportedly compromised. The banks affected by the breach include bigwigs like HDFC, ICICI, Yes Bank, Axis and SBI.

The banks have been sending messages to their customers asking them to change their four-digit security PIN (personal information number) codes.

Even payment gateway companies Visa, MasterCard, and RuPay have raised the issue with the banks concerned. (A payment gateway company authorises payments made by a customer to a merchant like an e-tailer or a brick and mortar store.)  

According to a report by the Economic Times, the security breach took place at the Hitachi Payment Services end which provides payment services such as ATMs and point-of-sale terminals.

Loney Antony, MD of Hitachi Payment Services, told Zee Business that according to an interim report there has been no breach. He added that the final report will be out in the first week of November. And that the banks need not panic nor re-issue cards -- just changing the PIN on the debit card of an affected bank is enough.

Security breaches of this sort usually happen when a card gets cloned or skimmed -- the details of the card are copied -- during a transaction at a point-of-sale terminal or an ATM.

Breaches like this tend to go viral. If a card-holder of a non-affected bank swipes his card at an ATM of an affected bank, then the non-affected bank also becomes a target.

A breach like this is difficult to contain.

The National Payment Council has directed the Bengaluru-based payments and security specialist company SISA to investigate and conduct a forensic audit.

Customers however need not worry. According to an earlier Reserve Bank of India circular on debit cards: “In case of any monetary loss on account of breach of security or failure of the security, the bank is liable to bear the loss.”

Thus, if money is wrongful debited from a customer’s account, he or she need only inform his or her bank and the bank will be liable to reimburse them.

Rajnish Kumar, managing director of State Bank of India, told Zee Business that they expect the breach to cause them a loss of Rs 10 to 12 lakh -- SBI has a total of 20 crore debit card holders -- but their customers will be protected.


Show Comments
  • delete