In what is emerging as one of the biggest data breaches in the history of Indian Banking Industry, over 3.2 million cards’ data has been compromised as unauthorized usage has been reported from locations in China.
Of the compromised cards, 2.6 million are Visa and Mastercards, while 600,000 belong to the RuPay platform. The main banks that have ben affected are SBI, HDFC, ICICI, Axis and Yes Bank.
The breach has been originated by malware present in the systems of Hitachi Payment Services. It provides ATM, point of sale (PoS) and other services .
Actions by Banks
SBI has reissued new cards to the holders in lieu of their compromised cards and also some banks are looking to refund the amount which has been fraudulently deducted from their accounts.
Banks have not yet publicly said how much they are liable to customers.
Delay In Detection
According to the sources, malware infection took 6 weeks to detect, affecting transactions in that period.
Private Banks had sent reminders to their customers, urging them to change their security codes, passwords, and PINs. This measure was taken before the information regarding the breach got public.
The reason it took 6 weeks is because the malware was so advanced that it deleted itself after compromising the data and hence has till now not been traced back to its origin.
Hitachi has denied that the malware infection originated from its systems. They have conducted a forensic audit of their systems and the audit report backs their statement.
Hence to summarise, no one has taken up the responsibility yet.
As per the reports, customers of banks have lost over INR 1.3 crores owing to the fraudulent transactions. Though the amount seems small, there is still speculation that there still might be various transactions that have not been discovered under this breach. 641 customers of 19 banks have been affected, as per the reports of National Payments Corporation of India (NPCI)
- Change all of your PINs and passcodes.
- Check your account statement for any unauthorized deduction.
- Report any suspicious deduction or unexpected OTPs to bank.
- Do not panic as banks are liable to pay for any loss due to security failure on their part within 90 days.
- Stick to using your bank’s ATM for a while.
- Do not use a public network for making banking transactions.
Please subscribe if you found the report informative/helpful. Comments and suggestions are always welcome.
Source: The Economic Times