Stung by the biggest ever cyber security breach that hit 32 lakh debit cards, Indian banks will take a complete set of corrective measures after a global information security standard agency tasked with the forensic audit of the fraud submits its report by the month-end, a senior finance ministry official told FE.
The National Payments Corporation of India (NPCI) has estimated that R1.3 crore had been lost by Indian customers. Data across cards are believed to have been stolen from the ATM of an Indian private sector bank that is serviced by Hitachi Payment Services. Of the debit cards affected, 26.5 lakh are on Visa and Mastercard platforms, while 6 lakh are on RuPay. A public sector bank was also using the Hitachi Payment Services in a limited way.
The US-based Payment Card Industry Data Security Standard (PCI DSS) is conducting the investigation on the request of the NPCI. “We will come to know how it happened and what precaution measures are needed to be taken after the agency submits the findings,” the official said. The actions could include replacing the particular payment switches that are at the centre of the security breach.
Finance minister Arun Jaitley on Friday said that the government has sought a detailed report on the extent of data compromise and steps being taken to contain the damage.
With complaints of fraudulent withdrawals spread across debit cards of 19 banks and 641 customers, a host of lenders rushed to either replace cards or ask customers to change their ATM PIN codes. Customers of State Bank of India, the country’s largest lender by assets, are believed to have lost around R10 lakh in 18 transactions traced to China, sources told FE. According to a senior banker, the breach may have occurred between mid-May and the first week of July. Suspicious transactions were reported on September 5 and October 14, when 15 transactions were noticed from China while some more were reported from the US.
